/AWS1/CL_NWFSTATEFULRLGRREFE00¶

Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.

`CONSTRUCTOR`¶

IMPORTING¶

Required arguments:¶

`iv_resourcearn` `TYPE /AWS1/NWFRESOURCEARN` `/AWS1/NWFRESOURCEARN`¶

The Amazon Resource Name (ARN) of the stateful rule group.

Optional arguments:¶

`iv_priority` `TYPE /AWS1/NWFPRIORITY` `/AWS1/NWFPRIORITY`¶

An integer setting that indicates the order in which to run the stateful rule groups in a single FirewallPolicy. This setting only applies to firewall policies that specify the STRICT_ORDER rule order in the stateful engine options settings.

Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.

You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.

`io_override` `TYPE REF TO /AWS1/CL_NWFSTATEFULRLGROVER00` `/AWS1/CL_NWFSTATEFULRLGROVER00`¶

The action that allows the policy owner to override the behavior of the rule group within a policy.

`iv_deepthreatinspection` `TYPE /AWS1/NWFDEEPTHREATINSPECTION` `/AWS1/NWFDEEPTHREATINSPECTION`¶

Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, Amazon Web Services will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. Amazon Web Services will use these threat indicators to improve the active threat defense managed rule groups and protect the security of Amazon Web Services customers and services.

Customers can opt-out of deep threat inspection at any time through the Network Firewall console or API. When customers opt out, Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.

Queryable Attributes¶

ResourceArn¶

The Amazon Resource Name (ARN) of the stateful rule group.

Accessible with the following methods¶

Method	Description
`GET_RESOURCEARN()`	Getter for RESOURCEARN, with configurable default
`ASK_RESOURCEARN()`	Getter for RESOURCEARN w/ exceptions if field has no value
`HAS_RESOURCEARN()`	Determine if RESOURCEARN has a value

Priority¶

An integer setting that indicates the order in which to run the stateful rule groups in a single FirewallPolicy. This setting only applies to firewall policies that specify the STRICT_ORDER rule order in the stateful engine options settings.

Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.

You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.

Accessible with the following methods¶

Method	Description
`GET_PRIORITY()`	Getter for PRIORITY, with configurable default
`ASK_PRIORITY()`	Getter for PRIORITY w/ exceptions if field has no value
`HAS_PRIORITY()`	Determine if PRIORITY has a value

Override¶

The action that allows the policy owner to override the behavior of the rule group within a policy.

Accessible with the following methods¶

Method	Description
`GET_OVERRIDE()`	Getter for OVERRIDE

DeepThreatInspection¶

Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, Amazon Web Services will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. Amazon Web Services will use these threat indicators to improve the active threat defense managed rule groups and protect the security of Amazon Web Services customers and services.

Customers can opt-out of deep threat inspection at any time through the Network Firewall console or API. When customers opt out, Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.

Accessible with the following methods¶

Method	Description
`GET_DEEPTHREATINSPECTION()`	Getter for DEEPTHREATINSPECTION, with configurable default
`ASK_DEEPTHREATINSPECTION()`	Getter for DEEPTHREATINSPECTION w/ exceptions if field has n
`HAS_DEEPTHREATINSPECTION()`	Determine if DEEPTHREATINSPECTION has a value

Public Local Types In This Class¶

Internal table types, representing arrays and maps of this class, are defined as local types:

`TT_STATEFULRULEGROUPREFERENCES`¶

TYPES TT_STATEFULRULEGROUPREFERENCES TYPE STANDARD TABLE OF REF TO /AWS1/CL_NWFSTATEFULRLGRREFE00 WITH DEFAULT KEY
.

/AWS1/CL_NWFSTATEFULRLGRREFE00¶

CONSTRUCTOR¶

IMPORTING¶

Required arguments:¶

iv_resourcearn TYPE /AWS1/NWFRESOURCEARN /AWS1/NWFRESOURCEARN¶

Optional arguments:¶

iv_priority TYPE /AWS1/NWFPRIORITY /AWS1/NWFPRIORITY¶

io_override TYPE REF TO /AWS1/CL_NWFSTATEFULRLGROVER00 /AWS1/CL_NWFSTATEFULRLGROVER00¶

iv_deepthreatinspection TYPE /AWS1/NWFDEEPTHREATINSPECTION /AWS1/NWFDEEPTHREATINSPECTION¶

Queryable Attributes¶

ResourceArn¶

Accessible with the following methods¶

Priority¶

Accessible with the following methods¶

Override¶

Accessible with the following methods¶

DeepThreatInspection¶

Accessible with the following methods¶

Public Local Types In This Class¶

TT_STATEFULRULEGROUPREFERENCES¶

`CONSTRUCTOR`¶

`iv_resourcearn` `TYPE /AWS1/NWFRESOURCEARN` `/AWS1/NWFRESOURCEARN`¶

`iv_priority` `TYPE /AWS1/NWFPRIORITY` `/AWS1/NWFPRIORITY`¶

`io_override` `TYPE REF TO /AWS1/CL_NWFSTATEFULRLGROVER00` `/AWS1/CL_NWFSTATEFULRLGROVER00`¶

`iv_deepthreatinspection` `TYPE /AWS1/NWFDEEPTHREATINSPECTION` `/AWS1/NWFDEEPTHREATINSPECTION`¶

`TT_STATEFULRULEGROUPREFERENCES`¶