InlineDSRule1

JSON Example

{
    "action": "string",
    "applied_tos": [
        {
            "is_valid": false,
            "target_display_name": "string",
            "target_id": "string",
            "target_type": "string"
        }
    ],
    "destinations": [
        "ResourceReference Object"
    ],
    "destinations_excluded": false,
    "direction": "string",
    "disabled": false,
    "ip_protocol": "string",
    "is_default": false,
    "logged": false,
    "notes": "string",
    "priority": 0,
    "rule_tag": "string",
    "sources": [
        "ResourceReference Object"
    ],
    "sources_excluded": false
}

string

action

Required

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. ALLOW_CONTINUE - Allows rules to jump from this rule. Action on matching rules in the destination category will decide next step. Application is default destination until new categories are supported to jump to. DETECT_PREVENT - Detect and Prevent IDS Signatures.

Possible values are : ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT, ALLOW_CONTINUE, DETECT_PREVENT,

array of ResourceReference

applied_tos

Optional

Constraints: maxItems: 128

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.

array of ResourceReference

destinations

Optional

Constraints: maxItems: 128

List of the destinations. Null will be treated as any.

boolean

destinations_excluded

Optional

Negation of the destination.

string

direction

Optional

Constraints: default: IN_OUT

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.

Possible values are : IN, OUT, IN_OUT,

boolean

disabled

Optional

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.

string

ip_protocol

Optional

Constraints: default: IPV4_IPV6

Type of IP packet that should be matched while enforcing the rule.

Possible values are : IPV4, IPV6, IPV4_IPV6,

boolean

is_default

Optional

Flag to indicate whether rule is default.

boolean

logged

Optional

Flag to enable packet logging. Default is disabled.

string

notes

Optional

Constraints: maxLength: 2048

User notes specific to the rule.

integer As int64 As int64

priority

Optional

Priority of the rule.

string

rule_tag

Optional

Constraints: maxLength: 32

User level field which will be printed in CLI and packet logs.

array of ResourceReference

sources

Optional

Constraints: maxItems: 128

List of sources. Null will be treated as any.

boolean

sources_excluded

Optional

Negation of the source.

Used By

DSRule