DNSRule
Description
An object that defines a single DNS rule, which you would reference in a Security Intelligence DNS policy. These rules let you define how to handle network traffic based on domain name. (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory string containing a name of a DNS Rule. Field level constraints: cannot be null, length must be between 0 and 128 (inclusive), must match pattern (^[a-zA-Z0-9_]$)|(^[a-zA-Z0-9_][ a-zA-Z0-9_.+-]*[a-zA-Z0-9_.+-]$). (Note: Additional constraints might exist) |
|||
| dnsObjects | False | [object] | A set of Domain Name Feeds, Categories or Groups that will be used for matching traffic. Allowed types are: [DomainNameFeed, DomainNameFeedCategory, DomainNameGroup] |
|||
| sourceZones | False | [object] | An optional set of security zone objects, which contain a list of interfaces. The rule is applied to traffic that enters the device on these interfaces only. If you do not specify a source zone, the rule applies to all ingress interfaces. Allowed types are: [SecurityZone, TunnelZone] |
|||
| sourceNetworks | False | [object] | An optional set of network objects or geographical locations that define the network addresses or locations to match against the source address in the traffic. If you leave this option empty, the rule applies to all source IP addresses or locations. Allowed types are: [Continent, Country, GeoLocation, NetworkObject, NetworkObjectGroup] |
|||
| ruleAction | True | string | An enum value that determines how the firewall handles matching traffic. Values can be one of the following. WHITELIST - traffic is allowed, subject to further access control inspection. DROP - traffic is dropped without further inspection. No response will be sent. DOMAIN_NOT_FOUND - traffic is dropped without further inspection. A Domain Not Found response will be sent. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| systemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that this object is a system defined object | |||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||