InlineBaseRule1
{
"destination_groups": [
"string"
],
"destinations_excluded": false,
"direction": "string",
"disabled": false,
"ip_protocol": "string",
"logged": false,
"notes": "string",
"profiles": [
"string"
],
"scope": [
"string"
],
"sequence_number": 0,
"services": [
"string"
],
"source_groups": [
"string"
],
"sources_excluded": false,
"tag": "string"
}
We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups
Define direction of traffic.
Flag to disable the rule. Default is enabled.
Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.
Flag to enable packet logging. Default is disabled.
Text for additional notes on changes.
Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs.
The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.
This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number
In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.
We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups
User level field which will be printed in CLI and packet logs.