aviatrix logo
Aviatrix v0.0.10, Jan 21 23

aviatrix.AviatrixFirenet

Explore with Pulumi AI

The aviatrix_firenet resource allows the creation and management of Aviatrix Firewall Networks.

NOTE: This resource is used in conjunction with multiple other resources that may include, and are not limited to: firewall_instance, firewall_instance_association, aws_tgw, and transit_gateway resources or even aviatrix_fqdn, under the Aviatrix FireNet solution. Explicit dependencies may be set using depends_on. For more information on proper FireNet configuration, please see the workflow here.

Create AviatrixFirenet Resource

new AviatrixFirenet(name: string, args: AviatrixFirenetArgs, opts?: CustomResourceOptions);
@overload
def AviatrixFirenet(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    east_west_inspection_excluded_cidrs: Optional[Sequence[str]] = None,
                    egress_enabled: Optional[bool] = None,
                    egress_static_cidrs: Optional[Sequence[str]] = None,
                    firewall_instance_associations: Optional[Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]] = None,
                    hashing_algorithm: Optional[str] = None,
                    inspection_enabled: Optional[bool] = None,
                    keep_alive_via_lan_interface_enabled: Optional[bool] = None,
                    manage_firewall_instance_association: Optional[bool] = None,
                    tgw_segmentation_for_egress_enabled: Optional[bool] = None,
                    vpc_id: Optional[str] = None)
@overload
def AviatrixFirenet(resource_name: str,
                    args: AviatrixFirenetArgs,
                    opts: Optional[ResourceOptions] = None)
func NewAviatrixFirenet(ctx *Context, name string, args AviatrixFirenetArgs, opts ...ResourceOption) (*AviatrixFirenet, error)
public AviatrixFirenet(string name, AviatrixFirenetArgs args, CustomResourceOptions? opts = null)
public AviatrixFirenet(String name, AviatrixFirenetArgs args)
public AviatrixFirenet(String name, AviatrixFirenetArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirenet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixFirenetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixFirenetArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixFirenetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixFirenetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixFirenetArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixFirenet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixFirenet resource accepts the following input properties:

VpcId string

VPC ID of the Security VPC.

EastWestInspectionExcludedCidrs List<string>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

EgressEnabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

EgressStaticCidrs List<string>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

FirewallInstanceAssociations List<AviatrixFirenetFirewallInstanceAssociationArgs>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

HashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

InspectionEnabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

KeepAliveViaLanInterfaceEnabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

ManageFirewallInstanceAssociation bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

TgwSegmentationForEgressEnabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

VpcId string

VPC ID of the Security VPC.

EastWestInspectionExcludedCidrs []string

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

EgressEnabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

EgressStaticCidrs []string

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

FirewallInstanceAssociations []AviatrixFirenetFirewallInstanceAssociationArgs

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

HashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

InspectionEnabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

KeepAliveViaLanInterfaceEnabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

ManageFirewallInstanceAssociation bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

TgwSegmentationForEgressEnabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId String

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs List<String>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled Boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs List<String>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations List<AviatrixFirenetFirewallInstanceAssociationArgs>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm String

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled Boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled Boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation Boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled Boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId string

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs string[]

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs string[]

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations AviatrixFirenetFirewallInstanceAssociationArgs[]

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpc_id str

VPC ID of the Security VPC.

east_west_inspection_excluded_cidrs Sequence[str]

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egress_enabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egress_static_cidrs Sequence[str]

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewall_instance_associations Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashing_algorithm str

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspection_enabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keep_alive_via_lan_interface_enabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manage_firewall_instance_association bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgw_segmentation_for_egress_enabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId String

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs List<String>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled Boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs List<String>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations List<Property Map>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm String

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled Boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled Boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation Boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled Boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixFirenet resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AviatrixFirenet Resource

Get an existing AviatrixFirenet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixFirenetState, opts?: CustomResourceOptions): AviatrixFirenet
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        east_west_inspection_excluded_cidrs: Optional[Sequence[str]] = None,
        egress_enabled: Optional[bool] = None,
        egress_static_cidrs: Optional[Sequence[str]] = None,
        firewall_instance_associations: Optional[Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]] = None,
        hashing_algorithm: Optional[str] = None,
        inspection_enabled: Optional[bool] = None,
        keep_alive_via_lan_interface_enabled: Optional[bool] = None,
        manage_firewall_instance_association: Optional[bool] = None,
        tgw_segmentation_for_egress_enabled: Optional[bool] = None,
        vpc_id: Optional[str] = None) -> AviatrixFirenet
func GetAviatrixFirenet(ctx *Context, name string, id IDInput, state *AviatrixFirenetState, opts ...ResourceOption) (*AviatrixFirenet, error)
public static AviatrixFirenet Get(string name, Input<string> id, AviatrixFirenetState? state, CustomResourceOptions? opts = null)
public static AviatrixFirenet get(String name, Output<String> id, AviatrixFirenetState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
EastWestInspectionExcludedCidrs List<string>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

EgressEnabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

EgressStaticCidrs List<string>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

FirewallInstanceAssociations List<AviatrixFirenetFirewallInstanceAssociationArgs>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

HashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

InspectionEnabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

KeepAliveViaLanInterfaceEnabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

ManageFirewallInstanceAssociation bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

TgwSegmentationForEgressEnabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

VpcId string

VPC ID of the Security VPC.

EastWestInspectionExcludedCidrs []string

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

EgressEnabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

EgressStaticCidrs []string

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

FirewallInstanceAssociations []AviatrixFirenetFirewallInstanceAssociationArgs

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

HashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

InspectionEnabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

KeepAliveViaLanInterfaceEnabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

ManageFirewallInstanceAssociation bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

TgwSegmentationForEgressEnabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

VpcId string

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs List<String>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled Boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs List<String>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations List<AviatrixFirenetFirewallInstanceAssociationArgs>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm String

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled Boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled Boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation Boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled Boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId String

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs string[]

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs string[]

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations AviatrixFirenetFirewallInstanceAssociationArgs[]

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm string

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId string

VPC ID of the Security VPC.

east_west_inspection_excluded_cidrs Sequence[str]

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egress_enabled bool

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egress_static_cidrs Sequence[str]

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewall_instance_associations Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashing_algorithm str

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspection_enabled bool

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keep_alive_via_lan_interface_enabled bool

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manage_firewall_instance_association bool

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgw_segmentation_for_egress_enabled bool

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpc_id str

VPC ID of the Security VPC.

eastWestInspectionExcludedCidrs List<String>

Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.

egressEnabled Boolean

Enable/disable egress through firewall. Valid values: true, false. Default value: false.

egressStaticCidrs List<String>

List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.

firewallInstanceAssociations List<Property Map>

Dynamic block of firewall instance(s) to be associated with the FireNet.

Deprecated:

Please set manage_firewall_instance_association to false, and use the standalone aviatrix_firewall_instance_association resource instead.

hashingAlgorithm String

Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".

inspectionEnabled Boolean

Enable/disable traffic inspection. Valid values: true, false. Default value: true.

keepAliveViaLanInterfaceEnabled Boolean

Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.

manageFirewallInstanceAssociation Boolean

Enable this attribute to manage firewall associations in-line. If set to true, in-line firewall_instance_association blocks can be used. If set to false, all firewall associations must be managed via standalone aviatrix.AviatrixFirewallInstanceAssociation resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.

tgwSegmentationForEgressEnabled Boolean

Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.

vpcId String

VPC ID of the Security VPC.

Supporting Types

AviatrixFirenetFirewallInstanceAssociation

FirenetGwName string

Name of the primary FireNet gateway.

InstanceId string

ID of Firewall instance.

Attached bool

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

EgressInterface string

Egress interface ID. Required if it is a firewall instance.

FirewallName string

Firewall instance name. Required if it is a firewall instance.

LanInterface string

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

ManagementInterface string

Management interface ID. Required if it is a firewall instance.

VendorType string

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

FirenetGwName string

Name of the primary FireNet gateway.

InstanceId string

ID of Firewall instance.

Attached bool

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

EgressInterface string

Egress interface ID. Required if it is a firewall instance.

FirewallName string

Firewall instance name. Required if it is a firewall instance.

LanInterface string

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

ManagementInterface string

Management interface ID. Required if it is a firewall instance.

VendorType string

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

firenetGwName String

Name of the primary FireNet gateway.

instanceId String

ID of Firewall instance.

attached Boolean

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

egressInterface String

Egress interface ID. Required if it is a firewall instance.

firewallName String

Firewall instance name. Required if it is a firewall instance.

lanInterface String

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

managementInterface String

Management interface ID. Required if it is a firewall instance.

vendorType String

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

firenetGwName string

Name of the primary FireNet gateway.

instanceId string

ID of Firewall instance.

attached boolean

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

egressInterface string

Egress interface ID. Required if it is a firewall instance.

firewallName string

Firewall instance name. Required if it is a firewall instance.

lanInterface string

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

managementInterface string

Management interface ID. Required if it is a firewall instance.

vendorType string

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

firenet_gw_name str

Name of the primary FireNet gateway.

instance_id str

ID of Firewall instance.

attached bool

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

egress_interface str

Egress interface ID. Required if it is a firewall instance.

firewall_name str

Firewall instance name. Required if it is a firewall instance.

lan_interface str

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

management_interface str

Management interface ID. Required if it is a firewall instance.

vendor_type str

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

firenetGwName String

Name of the primary FireNet gateway.

instanceId String

ID of Firewall instance.

attached Boolean

Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.

egressInterface String

Egress interface ID. Required if it is a firewall instance.

firewallName String

Firewall instance name. Required if it is a firewall instance.

lanInterface String

Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.

managementInterface String

Management interface ID. Required if it is a firewall instance.

vendorType String

Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.

Import

firenet can be imported using the vpc_id, e.g.

 $ pulumi import aviatrix:index/aviatrixFirenet:AviatrixFirenet test vpc_id

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.