TunnelRule
Description
An object that enforces traffic rules in a TunnelPolicy object. (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | A String object containing the name of the FTDRulebase object. The string can be upto a maximum of 128 characters | |||
| ruleId | False | integer | A non editable Long object which holds the rule ID number of the FTDRulebase object. It is created by the system in the POST request, and the same value must be included in the PUT request. | |||
| sourceZones | False | [object] | A Set of ZoneBase objects considered as a source zone. Allowed types are: [SecurityZone, TunnelZone] |
|||
| destinationZones | False | [object] | A Set of ZoneBase objects considered considered as a destination zone. Allowed types are: [SecurityZone, TunnelZone] |
|||
| sourceNetworks | False | [object] | A Set of Network objects considered as a source network. Allowed types are: [Continent, Country, GeoLocation, NetworkObject, NetworkObjectGroup] |
|||
| destinationNetworks | False | [object] | A Set of Network objects considered as a destination network. Allowed types are: [Continent, Country, GeoLocation, NetworkObject, NetworkObjectGroup] |
|||
| sourcePorts | False | [object] | A Set of PortObjectBase objects considered as a source port. Allowed types are: [ICMPv4PortObject, ICMPv6PortObject, PortObjectGroup, ProtocolObject, TCPPortObject, UDPPortObject] |
|||
| destinationPorts | False | [object] | A Set of PortObjectBase objects considered as a destination port. Allowed types are: [ICMPv4PortObject, ICMPv6PortObject, PortObjectGroup, ProtocolObject, TCPPortObject, UDPPortObject] |
|||
| rulePosition | False | integer | Transient field holding the index position for the rule | |||
| ruleAction | False | string | A mandatory AcRuleAction object that defines the Access Control Rule action. Possible values are: PERMIT TRUST DENY |
|||
| eventLogAction | False | string | A mandatory EventLogAction object that defines the logging options for the rule. Possible values are: LOG_FLOW_START: (Not supported) LOG_FLOW_END: Log at the end of connection LOG_BOTH: Log at the beginning and end of connection LOG_NONE: Do not log connection |
|||
| bidirectional | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the rule should work for traffic that matches the criteria but with the direction reversed. That is, the rule should work in both directions. | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||