object-group

A named set of IP addresses or protocol values used for extended IPv4 or IPv6 ACLs.

object-group Specification

Type Intermediate Resource
Element Name object-group
Element URI /axapi/v3/object-group
Element Attributes object-group_attributes
Schema object-group schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/object-group

object-group_attributes

object-group Attributes

network-list

Description: network-list is a JSON List . Please see below for network-list

Type: List

Reference Object: /axapi/v3/object-group/network/{net-name}

service-list

Description: service-list is a JSON List . Please see below for service-list

Type: List

Reference Object: /axapi/v3/object-group/service/{svc-name}

network-list

Specification
Type list
Block object keys

description

Description: Description of the object-group instance

Type: string

Format: string-rlx

ip-version

Description: ‘v4’: IPv4 rule; ‘v6’: IPv6 rule;

Type: string

Supported Values: v4, v6

net-name

Description: Network Object Name

Type: string

rules

Description: rules is a JSON List . Please see below for l292_rules

Type: List

usage

Description: ‘acl’: Use for access-lists (default).; ‘fw’: Use for Firewall rule-set;

Type: string

Supported Values: acl, fw

Default: acl

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

network-list.rules

Specification
Type list
Block object keys

any

Description: Any host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fw-ipv4-address

Description: IPv4 Network Address

Type: string

Format: ipv4-cidr

host-v4

Description: IPv4 Host Address

Type: string

Format: ipv4-address

host-v6

Description: IPv6 Host Address

Type: string

Format: ipv6-address

ip-range-end

Description: IPV4 Host address end

Type: string

Format: ipv4-address

ip-range-start

Description: IPv4 Host Address start

Type: string

Format: ipv4-address

ipv6-range-end

Description: IPV6 Host address end

Type: string

Format: ipv6-address

ipv6-range-start

Description: IPv6 Host Address start

Type: string

Format: ipv6-address

ipv6-subnet

Description: IPv6 Network Address

Type: string

Format: ipv6-address-plen

obj-network

Description: Network Object

Type: string

Reference Object: /axapi/v3/object/network

rev-subnet-mask

Description: Network Mask. 0=apply, 255=ignore

Type: string

Format: ipv4-rev-netmask

seq-num

Description: Sequence number

Type: number

Range: 1-8192

slb-server

Description: Server

Type: string

Reference Object: /axapi/v3/slb/server

slb-vserver

Description: Virtual Server

Type: string

Reference Object: /axapi/v3/slb/virtual-server

subnet

Description: IPv4 Network Address

Type: string

Format: ipv4-address

service-list

Specification
Type list
Block object keys

description

Description: Description of the object-group instance

Type: string

Format: string-rlx

rules

Description: rules is a JSON List . Please see below for l292_rules

Type: List

svc-name

Description: Service Object Name

Type: string

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

service-list.rules

Specification
Type list
Block object keys

alg

Description: ‘FTP’: Spcify FTP ALG port range; ‘TFTP’: Spcify TFTP ALG port range; ‘SIP’: Spcify SIP ALG port range; ‘DNS’: Spcify DNS ALG port range;

Type: string

Supported Values: FTP, TFTP, SIP, DNS

any-code

Description: Any ICMP code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-code icmp-code and special-code are mutually exclusive

any-type

Description: Any ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-type icmp-type and special-type are mutually exclusive

eq-dst

Description: Match only packets on a given destination port (port number)

Type: number

Range: 1-65535

eq-src

Description: Match only packets on a given source port (port number)

Type: number

Range: 1-65535

gt-dst

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

gt-src

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

icmp

Description: Internet Control Message Protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

icmp-code

Description: ICMP code number

Type: number

Range: 0-254

Mutual Exclusion: icmp-code any-code and special-code are mutually exclusive

icmp-type

Description: ICMP type number

Type: number

Range: 0-254

Mutual Exclusion: icmp-type any-type and special-type are mutually exclusive

icmpv6

Description: Internet Control Message Protocol version 6

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

icmpv6-code

Description: ICMPv6 code number

Type: number

Range: 0-254

Mutual Exclusion: icmpv6-code v6-any-code and special-v6-code are mutually exclusive

icmpv6-type

Description: ICMPv6 type number

Type: number

Range: 0-254

Mutual Exclusion: icmpv6-type v6-any-type and special-v6-type are mutually exclusive

lt-dst

Description: Match only packets with a lesser port number

Type: number

Range: 2-65535

lt-src

Description: Match only packets with a lower port number

Type: number

Range: 2-65535

port-num-end-dst

Description: Ending Destination Port Number

Type: number

Range: 1-65535

port-num-end-src

Description: Ending Port Number

Type: number

Range: 1-65535

protocol-id

Description: Protocol ID

Type: number

Range: 0-255

range-dst

Description: Match only packets in the range of port numbers (Starting Destination Port Number)

Type: number

Range: 1-65535

range-src

Description: match only packets in the range of port numbers (Starting Port Number)

Type: number

Range: 1-65535

seq-num

Description: Sequence number

Type: number

Range: 1-8192

source

Description: Source Port Information

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

special-code

Description: ‘frag-required’: Code 4, fragmentation required; ‘host-unreachable’: Code 1, destination host unreachable; ‘network-unreachable’: Code 0, destination network unreachable; ‘port-unreachable’: Code 3, destination port unreachable; ‘proto-unreachable’: Code 2, destination protocol unreachable; ‘route-failed’: Code 5, source route failed;

Type: string

Supported Values: frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed

Mutual Exclusion: special-code any-code and icmp-code are mutually exclusive

special-type

Description: ‘echo-reply’: Type 0, echo reply; ‘echo-request’: Type 8, echo request; ‘info-reply’: Type 16, information reply; ‘info-request’: Type 15, information request; ‘mask-reply’: Type 18, address mask reply; ‘mask-request’: Type 17, address mask request; ‘parameter-problem’: Type 12, parameter problem; ‘redirect’: Type 5, redirect message; ‘source-quench’: Type 4, source quench; ‘time-exceeded’: Type 11, time exceeded; ‘timestamp’: Type 13, timestamp; ‘timestamp-reply’: Type 14, timestamp reply; ‘dest-unreachable’: Type 3, destination unreachable;

Type: string

Supported Values: echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable

Mutual Exclusion: special-type icmp-type and any-type are mutually exclusive

special-v6-code

Description: ‘addr-unreachable’: Code 3, address unreachable; ‘admin-prohibited’: Code 1, admin prohibited; ‘no-route’: Code 0, no route to destination; ‘not-neighbour’: Code 2, not neighbor; ‘port-unreachable’: Code 4, destination port unreachable;

Type: string

Supported Values: addr-unreachable, admin-prohibited, no-route, not-neighbour, port-unreachable

Mutual Exclusion: special-v6-code v6-any-code and icmpv6-code are mutually exclusive

special-v6-type

Description: ‘dest-unreachable’: Type 1, destination unreachable; ‘echo-reply’: Type 129, echo reply; ‘echo-request’: Type 128, echo request; ‘packet-too-big’: Type 2, packet too big; ‘param-prob’: Type 4, parameter problem; ‘time-exceeded’: Type 3, time exceeded;

Type: string

Supported Values: dest-unreachable, echo-reply, echo-request, packet-too-big, param-prob, time-exceeded

Mutual Exclusion: special-v6-type icmpv6-type and v6-any-type are mutually exclusive

tcp-udp

Description: ‘tcp’: Protocol TCP; ‘udp’: Protocol UDP;

Type: string

Supported Values: tcp, udp

v6-any-code

Description: Any ICMPv6 code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: v6-any-code icmpv6-code and special-v6-code are mutually exclusive

v6-any-type

Description: Any ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: v6-any-type icmpv6-type and special-v6-type are mutually exclusive