: Service Policy
Focus
Focus
Table of Contents

Service Policy

The service policy defines the traffic redirection rules and policy that point traffic passing between the left and right virtual machines to the VM-Series firewall service instance.
Service Policy (Policy Config)
policy_nameThe name of the service policy in Contrail that redirects traffic through the VM-Series firewall. For the L3 template, the default value is PAN_SVM_policy-L3. For the virtual wire template, the default value is PAN_SVM_policy-vw.
policy_fq_nameThe fully qualified name of the service policy.
simple_actionThe default action Contrail applies to traffic going to the VM-Series firewall service instance. The default value is pass because the VM-Series firewall will apply its own security policy to the traffic.
protocolThe protocols allowed by Contrail to pass to the VM-Series firewall. The default value is any.
src_port_end and src_port_start
Use this parameter to specify source port(s) that should be associated with the policy rule. You can enter a single port, a list of ports separated with commas, or a range of ports in the form of <port>-<port>.
The default value is -1 in the provided heat templates; meaning any source port.
directionThis parameter defines the direction of traffic that is allowed by Contrail to pass to the VM-Series firewall. The default value is <> or bidirectional traffic.
dst_port_end and dst_port_start
Use this parameter to specify destination port(s) that should be associated with the policy rule. You can enter a single port, a list of ports separated with commas, or a range of ports in the form of <port>-<port>.
The default value is -1 in the provided heat templates; meaning any destination port.