.. _object_group:
object-group
============
Configure Object Group
object-group Specification
--------------------------
===================================== =====================================================
**Parameter** **Value**
===================================== =====================================================
**Type** *Intermediate Resource*
**Element Name** object-group
**Element URI** /axapi/v3/object-group
**Element Attributes** object-group_attributes
**Partition Visibility** shared
**Schema** :download:`object-group schema <object-group/object-group.txt>`
===================================== =====================================================
**Operations Allowed:**
.. raw:: html
<script type="text/javascript">
function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
</script>
<table width='90%' style='margin-left:5%'>
.. raw:: html
<tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Get Object
.. raw:: html
</td><td valign = 'top'>
GET
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/object-group
.. raw:: html
</td><td valign = 'top'>
object-group_attributes
.. raw:: html
</td><td></td></tr>
.. raw:: html
</table>
.. _2397_object-group_attributes:
object-group attributes
-----------------------
**application-list**
**Type:** List
**Reference Object:** :doc:`/axapi/v3/object-group/application/{app-name} <object_group_application>`
**network-list**
**Type:** List
**Reference Object:** :doc:`/axapi/v3/object-group/network/{net-name} <object_group_network>`
**service-list**
**Type:** List
**Reference Object:** :doc:`/axapi/v3/object-group/service/{svc-name} <object_group_service>`
.. _2397_network-list:
network-list
^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**description**
**Description** Description of the object-group instance
**Type:** string
**Format:** string-rlx
**Maximum Length:** 128 characters
**Maximum Length:** 1 characters
**ip-version**
**Description** 'v4': IPv4 rule; 'v6': IPv6 rule;
**Type:** string
**Supported Values:** v4, v6
**net-name**
**Description** Network Object Group Name
**Type:** string
**Format:** string-rlx
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**rules**
**Type:** List
**usage**
**Description** 'acl': Use for access-lists (default).; 'fw': Use for Firewall rule-set;
**Type:** string
**Supported Values:** acl, fw
**Default:** acl
**user-tag**
**Description** Customized tag
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**uuid**
**Description** uuid of the object
**Type:** string
**Maximum Length:** 64 characters
**Maximum Length:** 1 characters
.. _2397_network-list_rules:
network-list_rules
^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**any**
**Description** Any host
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**fw-ipv4-address**
**Description** IPv4 Network Address
**Type:** string
**Format:** ipv4-cidr
**fw-ipv6-subnet**
**Description** IPv6 Network Address
**Type:** string
**Format:** ipv6-address-plen
**host-v4**
**Description** IPv4 Host Address
**Type:** string
**Format:** ipv4-address
**host-v6**
**Description** IPv6 Host Address
**Type:** string
**Format:** ipv6-address
**ip-range-end**
**Description** IPV4 Host address end
**Type:** string
**Format:** ipv4-address
**ip-range-start**
**Description** IPv4 Host Address start
**Type:** string
**Format:** ipv4-address
**ipv6-range-end**
**Description** IPV6 Host address end
**Type:** string
**Format:** ipv6-address
**ipv6-range-start**
**Description** IPv6 Host Address start
**Type:** string
**Format:** ipv6-address
**ipv6-subnet**
**Description** IPv6 Network Address
**Type:** string
**Format:** ipv6-address-plen
**obj-network**
**Description** Network Object
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**Reference Object:** :doc:`/axapi/v3/object/network <object_network>`
**rev-subnet-mask**
**Description** Network Mask. 0=apply, 255=ignore
**Type:** string
**Format:** ipv4-rev-netmask
**seq-num**
**Description** Sequence number
**Type:** number
**Range:** 1-8192
**slb-server**
**Description** Server
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**Reference Object:** :doc:`/axapi/v3/slb/server <slb_server>`
**slb-vserver**
**Description** Virtual Server
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**Reference Object:** :doc:`/axapi/v3/slb/virtual-server <slb_virtual_server>`
**subnet**
**Description** IPv4 Network Address
**Type:** string
**Format:** ipv4-address
.. _2397_service-list:
service-list
^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**description**
**Description** Description of the object-group instance
**Type:** string
**Format:** string-rlx
**Maximum Length:** 128 characters
**Maximum Length:** 1 characters
**rules**
**Type:** List
**svc-name**
**Description** Service Object Group Name
**Type:** string
**Format:** string-rlx
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**user-tag**
**Description** Customized tag
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**uuid**
**Description** uuid of the object
**Type:** string
**Maximum Length:** 64 characters
**Maximum Length:** 1 characters
.. _2397_service-list_rules:
service-list_rules
^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**alg**
**Description** 'FTP': Specify FTP ALG port range; 'TFTP': Specify TFTP ALG port range; 'SIP': Specify SIP ALG port range; 'DNS': Specify DNS ALG port range; 'PPTP': Specify PPTP ALG port range; 'RTSP': Specify RTSP ALG port range;
**Type:** string
**Supported Values:** FTP, TFTP, SIP, DNS, PPTP, RTSP
**any-code**
**Description** Any ICMP code
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** any-code, icmp-code, and special-code are mutually exclusive
**any-type**
**Description** Any ICMP type
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** any-type, icmp-type, and special-type are mutually exclusive
**eq-dst**
**Description** Match only packets on a given destination port (port number)
**Type:** number
**Range:** 1-65535
**eq-src**
**Description** Match only packets on a given source port (port number)
**Type:** number
**Range:** 1-65535
**gt-dst**
**Description** Match only packets with a greater destination port number
**Type:** number
**Range:** 1-65534
**gt-src**
**Description** Match only packets with a greater source port number
**Type:** number
**Range:** 1-65534
**icmp**
**Description** Internet Control Message Protocol
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**icmp-code**
**Description** ICMP code number
**Type:** number
**Range:** 0-254
**Mutual Exclusion:** icmp-code, any-code, and special-code are mutually exclusive
**icmp-type**
**Description** ICMP type number
**Type:** number
**Range:** 0-254
**Mutual Exclusion:** icmp-type, any-type, and special-type are mutually exclusive
**icmpv6**
**Description** Internet Control Message Protocol version 6
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**icmpv6-code**
**Description** ICMPv6 code number
**Type:** number
**Range:** 0-254
**Mutual Exclusion:** icmpv6-code, v6-any-code, and special-v6-code are mutually exclusive
**icmpv6-type**
**Description** ICMPv6 type number
**Type:** number
**Range:** 0-254
**Mutual Exclusion:** icmpv6-type, v6-any-type, and special-v6-type are mutually exclusive
**lt-dst**
**Description** Match only packets with a lesser destination port number
**Type:** number
**Range:** 2-65535
**lt-src**
**Description** Match only packets with a lower source port number
**Type:** number
**Range:** 2-65535
**port-num-end-dst**
**Description** Ending Destination Port Number
**Type:** number
**Range:** 1-65535
**port-num-end-src**
**Description** Ending Source Port Number
**Type:** number
**Range:** 1-65535
**protocol-id**
**Description** Protocol ID
**Type:** number
**Range:** 0-255
**range-dst**
**Description** Match only packets in the range of destination port numbers (Starting Destination Port Number)
**Type:** number
**Range:** 1-65535
**range-src**
**Description** match only packets in the range of source port numbers (Starting Port Number)
**Type:** number
**Range:** 1-65535
**seq-num**
**Description** Sequence number
**Type:** number
**Range:** 1-8192
**source**
**Description** Source Port Information
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**special-code**
**Description** 'frag-required': Code 4, fragmentation required; 'host-unreachable': Code 1, destination host unreachable; 'network-unreachable': Code 0, destination network unreachable; 'port-unreachable': Code 3, destination port unreachable; 'proto-unreachable': Code 2, destination protocol unreachable; 'route-failed': Code 5, source route failed;
**Type:** string
**Supported Values:** frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed
**Mutual Exclusion:** special-code, any-code, and icmp-code are mutually exclusive
**special-type**
**Description** 'echo-reply': Type 0, echo reply; 'echo-request': Type 8, echo request; 'info-reply': Type 16, information reply; 'info-request': Type 15, information request; 'mask-reply': Type 18, address mask reply; 'mask-request': Type 17, address mask request; 'parameter-problem': Type 12, parameter problem; 'redirect': Type 5, redirect message; 'source-quench': Type 4, source quench; 'time-exceeded': Type 11, time exceeded; 'timestamp': Type 13, timestamp; 'timestamp-reply': Type 14, timestamp reply; 'dest-unreachable': Type 3, destination unreachable;
**Type:** string
**Supported Values:** echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable
**Mutual Exclusion:** special-type, icmp-type, and any-type are mutually exclusive
**special-v6-code**
**Description** 'addr-unreachable': Code 3, address unreachable; 'admin-prohibited': Code 1, admin prohibited; 'no-route': Code 0, no route to destination; 'not-neighbour': Code 2, not neighbor; 'port-unreachable': Code 4, destination port unreachable;
**Type:** string
**Supported Values:** addr-unreachable, admin-prohibited, no-route, not-neighbour, port-unreachable
**Mutual Exclusion:** special-v6-code, v6-any-code, and icmpv6-code are mutually exclusive
**special-v6-type**
**Description** 'dest-unreachable': Type 1, destination unreachable; 'echo-reply': Type 129, echo reply; 'echo-request': Type 128, echo request; 'packet-too-big': Type 2, packet too big; 'param-prob': Type 4, parameter problem; 'time-exceeded': Type 3, time exceeded;
**Type:** string
**Supported Values:** dest-unreachable, echo-reply, echo-request, packet-too-big, param-prob, time-exceeded
**Mutual Exclusion:** special-v6-type, icmpv6-type, and v6-any-type are mutually exclusive
**tcp-udp**
**Description** 'tcp': Protocol TCP; 'udp': Protocol UDP;
**Type:** string
**Supported Values:** tcp, udp
**v6-any-code**
**Description** Any ICMPv6 code
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** v6-any-code, icmpv6-code, and special-v6-code are mutually exclusive
**v6-any-type**
**Description** Any ICMP type
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** v6-any-type, icmpv6-type, and special-v6-type are mutually exclusive
.. _2397_application-list:
application-list
^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**app-list**
**Type:** List
**app-name**
**Description** Application Object Group Name
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**user-tag**
**Description** Customized tag
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**uuid**
**Description** uuid of the object
**Type:** string
**Maximum Length:** 64 characters
**Maximum Length:** 1 characters
.. _2397_application-list_app-list:
application-list_app-list
^^^^^^^^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**protocol**
**Description** Specify application
**Type:** string
**Format:** string-rlx
**Maximum Length:** 31 characters
**Maximum Length:** 1 characters
**protocol-tag**
**Description** 'aaa': Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; 'adult-content': Adult content protocol/application.; 'advertising': Advertising networks and applications.; 'application-enforcing-tls': Application known to enforce HSTS and thus use of TLS.; 'analytics-and-statistics': User analytics and statistics protocol/application.; 'anonymizers-and-proxies': Traffic-anonymization protocol/application.; 'audio-chat': Protocol/application used for Audio Chat.; 'basic': Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; 'blog': Blogging platform protocol/application.; 'cdn': Protocol/application used for Content-Delivery Networks.; 'certification-authority': Certification Authority for SSL/TLS certificate.; 'chat': Protocol/application used for Text Chat.; 'classified-ads': Protocol/application used for Classified Advertisements.; 'cloud-based-services': SaaS and/or PaaS cloud based services.; 'crowdfunding': Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; 'cryptocurrency': Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; 'database': Database-specific protocols.; 'disposable-email': Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; 'ebook-reader': Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; 'education': Protocols offering education services and online courses.; 'email': Native email protocol.; 'enterprise': Protocol/application used in an enterprise network.; 'file-management': Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; 'file-transfer': Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; 'forum': Online forum protocol/application.; 'gaming': Protocol/application used by games.; 'healthcare': Protocols offering medical services, i.e protocols used in medical environment.; 'instant-messaging-and-multimedia-conferencing': Protocol/application used for Instant Messaging or Multi-Conferencing.; 'internet-of-things': Internet Of Things protocol/application.; 'map-service': Digital Maps service (web site and their related API).; 'mobile': Mobile-specific protocol/application.; 'multimedia-streaming': Protocol/application used for multimedia streaming.; 'networking': Protocol used for (inter) networking purpose.; 'news-portal': Protocol/application used for News Portals.; 'payment-service': Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; 'peer-to-peer': Protocol/application used for Peer-to-peer purposes.; 'remote-access': Protocol/application used for remote access.; 'scada': SCADA (Supervisory control and data acquisition) protocols, all generations.; 'social-networks': Social networking application.; 'software-update': Auto-update protocol.; 'speedtest': Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; 'standards-based': Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; 'transportation': Transportation services, for example smartphone applications that allow users to hail a taxi.; 'video-chat': Protocol/application used for Video Chat.; 'voip': Application used for Voice-Over-IP.; 'vpn-tunnels': Protocol/application used for VPN or tunneling purposes.; 'web': Application based on HTTP/HTTPS.; 'web-e-commerce': Protocol/application used for E-commerce websites.; 'web-search-engines': Protocol/application used for Web search portals.; 'web-websites': Protocol/application used for Company Websites.; 'webmails': Web-based e-mail application.; 'web-ext-adult': Web Extension Adult; 'web-ext-auctions': Web Extension Auctions; 'web-ext-blogs': Web Extension Blogs; 'web-ext-business-and-economy': Web Extension Business and Economy; 'web-ext-cdns': Web Extension CDNs; 'web-ext-collaboration': Web Extension Collaboration; 'web-ext-computer-and-internet-info': Web Extension Computer and Internet Info; 'web-ext-computer-and-internet-security': Web Extension Computer and Internet Security; 'web-ext-dating': Web Extension Dating; 'web-ext-educational-institutions': Web Extension Educational Institutions; 'web-ext-entertainment-and-arts': Web Extension Entertainment and Arts; 'web-ext-fashion-and-beauty': Web Extension Fashion and Beauty; 'web-ext-file-share': Web Extension File Share; 'web-ext-financial-services': Web Extension Financial Services; 'web-ext-gambling': Web Extension Gambling; 'web-ext-games': Web Extension Games; 'web-ext-government': Web Extension Government; 'web-ext-health-and-medicine': Web Extension Health and Medicine; 'web-ext-individual-stock-advice-and-tools': Web Extension Individual Stock Advice and Tools; 'web-ext-internet-portals': Web Extension Internet Portals; 'web-ext-job-search': Web Extension Job Search; 'web-ext-local-information': Web Extension Local Information; 'web-ext-malware': Web Extension Malware; 'web-ext-motor-vehicles': Web Extension Motor Vehicles; 'web-ext-music': Web Extension Music; 'web-ext-news': Web Extension News; 'web-ext-p2p': Web Extension P2P; 'web-ext-parked-sites': Web Extension Parked Sites; 'web-ext-proxy-avoid-and-anonymizers': Web Extension Proxy Avoid and Anonymizers; 'web-ext-real-estate': Web Extension Real Estate; 'web-ext-reference-and-research': Web Extension Reference and Research; 'web-ext-search-engines': Web Extension Search Engines; 'web-ext-shopping': Web Extension Shopping; 'web-ext-social-network': Web Extension Social Network; 'web-ext-society': Web Extension Society; 'web-ext-software': Web Extension Software; 'web-ext-sports': Web Extension Sports; 'web-ext-streaming-media': Web Extension Streaming Media; 'web-ext-training-and-tools': Web Extension Training and Tools; 'web-ext-translation': Web Extension Translation; 'web-ext-travel': Web Extension Travel; 'web-ext-web-advertisements': Web Extension Web Advertisements; 'web-ext-web-based-email': Web Extension Web based Email; 'web-ext-web-hosting': Web Extension Web Hosting; 'web-ext-web-service': Web Extension Web Service;
**Type:** string
**Supported Values:** aaa, adult-content, advertising, application-enforcing-tls, analytics-and-statistics, anonymizers-and-proxies, audio-chat, basic, blog, cdn, certification-authority, chat, classified-ads, cloud-based-services, crowdfunding, cryptocurrency, database, disposable-email, ebook-reader, education, email, enterprise, file-management, file-transfer, forum, gaming, healthcare, instant-messaging-and-multimedia-conferencing, internet-of-things, map-service, mobile, multimedia-streaming, networking, news-portal, payment-service, peer-to-peer, remote-access, scada, social-networks, software-update, speedtest, standards-based, transportation, video-chat, voip, vpn-tunnels, web, web-e-commerce, web-search-engines, web-websites, webmails, web-ext-adult, web-ext-auctions, web-ext-blogs, web-ext-business-and-economy, web-ext-cdns, web-ext-collaboration, web-ext-computer-and-internet-info, web-ext-computer-and-internet-security, web-ext-dating, web-ext-educational-institutions, web-ext-entertainment-and-arts, web-ext-fashion-and-beauty, web-ext-file-share, web-ext-financial-services, web-ext-gambling, web-ext-games, web-ext-government, web-ext-health-and-medicine, web-ext-individual-stock-advice-and-tools, web-ext-internet-portals, web-ext-job-search, web-ext-local-information, web-ext-malware, web-ext-motor-vehicles, web-ext-music, web-ext-news, web-ext-p2p, web-ext-parked-sites, web-ext-proxy-avoid-and-anonymizers, web-ext-real-estate, web-ext-reference-and-research, web-ext-search-engines, web-ext-shopping, web-ext-social-network, web-ext-society, web-ext-software, web-ext-sports, web-ext-streaming-media, web-ext-training-and-tools, web-ext-translation, web-ext-travel, web-ext-web-advertisements, web-ext-web-based-email, web-ext-web-hosting, web-ext-web-service