VMware Developer Documentation
API Reference PowerCLI Reference
[{"label":"Latest (v1.0)","version":"latest"}]
nsx-vmc-policy
NSX VMC Policy Data Structures

InlineBaseRule1

Properties

array of string
destination_groups Optional

We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant “ANY”. This is case insensitive. If “ANY” is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
boolean
destinations_excluded Optional

If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups
string
direction Optional

Define direction of traffic.

Possible values are: INOUTIN_OUT

boolean
disabled Optional

Flag to disable the rule. Default is enabled.
string
ip_protocol Optional

Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.

Possible values are: IPV4IPV6IPV4_IPV6

boolean
logged Optional

Flag to enable packet logging. Default is disabled.
string
notes Optional

Text for additional notes on changes.
array of string
profiles Optional

Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs.
array of string
scope Optional

The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.
integer as int32
sequence_number Optional

This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number
array of string
services Optional

In order to specify all services, use the constant “ANY”. This is case insensitive. If “ANY” is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.
array of string
source_groups Optional

We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant “ANY”. This is case insensitive. If “ANY” is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
boolean
sources_excluded Optional

If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups
string
tag Optional

User level field which will be printed in CLI and packet logs.

JSON Example

{
	"destination_groups": [
		"string"
	],
	"destinations_excluded": false,
	"direction": "IN",
	"disabled": false,
	"ip_protocol": "IPV4",
	"logged": false,
	"notes": "string",
	"profiles": [
		"string"
	],
	"scope": [
		"string"
	],
	"sequence_number": 0,
	"services": [
		"string"
	],
	"source_groups": [
		"string"
	],
	"sources_excluded": false,
	"tag": "string"
}

Vendor Extensions

This class contains the following vendor extensions defined in the spec:
x-vmw-nsx-module: Policy
[{"label":"Latest (v1.0)","version":"latest"}]
nsx-vmc-policy
Used By

BaseRule

Generated on: 04 May 23 11:50 UTC
Feedback

Was this page helpful?

© 2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us