FirewallRule

FirewallRule
FirewallRule

Describes a Firewall rule.

JSON Example 
{
    "id": "string",
    "name": "string",
    "description": "string",
    "sourceFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "destinationFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "applicationPortProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "actionValue": "string",
    "logging": false,
    "networkContextProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "enabled": false,
    "version": {
        "version": 0
    },
    "comments": "string"
}
string
id
Optional

The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.

string
name
Required

Name for the rule.

string
description
Optional

description

array of EntityReference
sourceFirewallGroups
Optional

List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null value or an empty list will be treated as "ANY" which means traffic from any source. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of EntityReference
destinationFirewallGroups
Optional

List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null value or an empty list will be treated as "ANY" which means traffic to any destination. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of EntityReference
applicationPortProfiles
Optional

The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all ports.

FirewallRuleIpProtocol
ipProtocol
Optional

ipProtocol

FirewallRuleAction
action
Optional

action

string
actionValue
Optional

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.

  • ALLOW permits traffic to go through the firewall.
  • DROP blocks the traffic at the firewall. No response is sent back to the source.
  • REJECT blocks the traffic at the firewall. A response is sent back to the source.
FirewallRuleDirection
direction
Optional

direction

boolean
logging
Optional

Whether packet logging is enabled for firewall rule.

array of EntityReference
networkContextProfiles
Optional

The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all applications and domains.

boolean
enabled
Optional

Whether the firewall rule is enabled.

ObjectVersion
version
Optional

version

string
comments
Optional

Text for user entered comments on the firewall rule. Length cannot exceed 2048 characters.

Availability
Added in 34.0
Used By