1. Packages
  2. Azure Classic
  3. API Docs
  4. paloalto
  5. NextGenerationFirewallVirtualNetworkLocalRulestack

We recommend using Azure Native.

Azure Classic v5.67.1 published on Tuesday, Feb 27, 2024 by Pulumi

azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestack

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.67.1 published on Tuesday, Feb 27, 2024 by Pulumi

    Manages a Palo Alto Next Generation Firewall Deployed in a Virtual Network and configured via a Local Rulestack.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resource-group",
            Location = "westeurope",
        });
    
        var examplePublicIp = new Azure.Network.PublicIp("example", new()
        {
            Name = "example-public-ip",
            Location = example.Location,
            ResourceGroupName = example.Name,
            AllocationMethod = "Static",
            Sku = "Standard",
        });
    
        var exampleNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("example", new()
        {
            Name = "example-nsg",
            Location = test.Location,
            ResourceGroupName = test.Name,
        });
    
        var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
        {
            Name = "example-vnet",
            AddressSpaces = new[]
            {
                "10.0.0.0/16",
            },
            Location = example.Location,
            ResourceGroupName = example.Name,
            Tags = 
            {
                { "environment", "Production" },
            },
        });
    
        var trust = new Azure.Network.Subnet("trust", new()
        {
            Name = "example-trust-subnet",
            ResourceGroupName = example.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.1.0/24",
            },
            Delegations = new[]
            {
                new Azure.Network.Inputs.SubnetDelegationArgs
                {
                    Name = "trusted",
                    ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs
                    {
                        Name = "PaloAltoNetworks.Cloudngfw/firewalls",
                        Actions = new[]
                        {
                            "Microsoft.Network/virtualNetworks/subnets/join/action",
                        },
                    },
                },
            },
        });
    
        var trustSubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("trust", new()
        {
            SubnetId = trust.Id,
            NetworkSecurityGroupId = exampleNetworkSecurityGroup.Id,
        });
    
        var untrust = new Azure.Network.Subnet("untrust", new()
        {
            Name = "example-untrust-subnet",
            ResourceGroupName = example.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.2.0/24",
            },
            Delegations = new[]
            {
                new Azure.Network.Inputs.SubnetDelegationArgs
                {
                    Name = "untrusted",
                    ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs
                    {
                        Name = "PaloAltoNetworks.Cloudngfw/firewalls",
                        Actions = new[]
                        {
                            "Microsoft.Network/virtualNetworks/subnets/join/action",
                        },
                    },
                },
            },
        });
    
        var untrustSubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("untrust", new()
        {
            SubnetId = untrust.Id,
            NetworkSecurityGroupId = exampleNetworkSecurityGroup.Id,
        });
    
        var exampleLocalRulestack = new Azure.PaloAlto.LocalRulestack("example", new()
        {
            Name = "example-rulestack",
            ResourceGroupName = example.Name,
            Location = example.Locatio,
        });
    
        var exampleLocalRulestackRule = new Azure.PaloAlto.LocalRulestackRule("example", new()
        {
            Name = "example-rulestack-rule",
            RulestackId = exampleLocalRulestack.Id,
            Priority = 1001,
            Action = "Allow",
            Applications = new[]
            {
                "any",
            },
            Destination = new Azure.PaloAlto.Inputs.LocalRulestackRuleDestinationArgs
            {
                Cidrs = new[]
                {
                    "any",
                },
            },
            Source = new Azure.PaloAlto.Inputs.LocalRulestackRuleSourceArgs
            {
                Cidrs = new[]
                {
                    "any",
                },
            },
        });
    
        var exampleNextGenerationFirewallVirtualNetworkLocalRulestack = new Azure.PaloAlto.NextGenerationFirewallVirtualNetworkLocalRulestack("example", new()
        {
            Name = "example-ngfwvn",
            ResourceGroupName = example.Name,
            RulestackId = exampleLocalRulestack.Id,
            NetworkProfile = new Azure.PaloAlto.Inputs.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs
            {
                PublicIpAddressIds = new[]
                {
                    examplePublicIp.Id,
                },
                VnetConfiguration = new Azure.PaloAlto.Inputs.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs
                {
                    VirtualNetworkId = exampleVirtualNetwork.Id,
                    TrustedSubnetId = trust.Id,
                    UntrustedSubnetId = untrust.Id,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/paloalto"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resource-group"),
    			Location: pulumi.String("westeurope"),
    		})
    		if err != nil {
    			return err
    		}
    		examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
    			Name:              pulumi.String("example-public-ip"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			AllocationMethod:  pulumi.String("Static"),
    			Sku:               pulumi.String("Standard"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "example", &network.NetworkSecurityGroupArgs{
    			Name:              pulumi.String("example-nsg"),
    			Location:          pulumi.Any(test.Location),
    			ResourceGroupName: pulumi.Any(test.Name),
    		})
    		if err != nil {
    			return err
    		}
    		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
    			Name: pulumi.String("example-vnet"),
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.0.0.0/16"),
    			},
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Tags: pulumi.StringMap{
    				"environment": pulumi.String("Production"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		trust, err := network.NewSubnet(ctx, "trust", &network.SubnetArgs{
    			Name:               pulumi.String("example-trust-subnet"),
    			ResourceGroupName:  example.Name,
    			VirtualNetworkName: exampleVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    			Delegations: network.SubnetDelegationArray{
    				&network.SubnetDelegationArgs{
    					Name: pulumi.String("trusted"),
    					ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{
    						Name: pulumi.String("PaloAltoNetworks.Cloudngfw/firewalls"),
    						Actions: pulumi.StringArray{
    							pulumi.String("Microsoft.Network/virtualNetworks/subnets/join/action"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewSubnetNetworkSecurityGroupAssociation(ctx, "trust", &network.SubnetNetworkSecurityGroupAssociationArgs{
    			SubnetId:               trust.ID(),
    			NetworkSecurityGroupId: exampleNetworkSecurityGroup.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		untrust, err := network.NewSubnet(ctx, "untrust", &network.SubnetArgs{
    			Name:               pulumi.String("example-untrust-subnet"),
    			ResourceGroupName:  example.Name,
    			VirtualNetworkName: exampleVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.2.0/24"),
    			},
    			Delegations: network.SubnetDelegationArray{
    				&network.SubnetDelegationArgs{
    					Name: pulumi.String("untrusted"),
    					ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{
    						Name: pulumi.String("PaloAltoNetworks.Cloudngfw/firewalls"),
    						Actions: pulumi.StringArray{
    							pulumi.String("Microsoft.Network/virtualNetworks/subnets/join/action"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewSubnetNetworkSecurityGroupAssociation(ctx, "untrust", &network.SubnetNetworkSecurityGroupAssociationArgs{
    			SubnetId:               untrust.ID(),
    			NetworkSecurityGroupId: exampleNetworkSecurityGroup.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		exampleLocalRulestack, err := paloalto.NewLocalRulestack(ctx, "example", &paloalto.LocalRulestackArgs{
    			Name:              pulumi.String("example-rulestack"),
    			ResourceGroupName: example.Name,
    			Location:          example.Locatio,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = paloalto.NewLocalRulestackRule(ctx, "example", &paloalto.LocalRulestackRuleArgs{
    			Name:        pulumi.String("example-rulestack-rule"),
    			RulestackId: exampleLocalRulestack.ID(),
    			Priority:    pulumi.Int(1001),
    			Action:      pulumi.String("Allow"),
    			Applications: pulumi.StringArray{
    				pulumi.String("any"),
    			},
    			Destination: &paloalto.LocalRulestackRuleDestinationArgs{
    				Cidrs: pulumi.StringArray{
    					pulumi.String("any"),
    				},
    			},
    			Source: &paloalto.LocalRulestackRuleSourceArgs{
    				Cidrs: pulumi.StringArray{
    					pulumi.String("any"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = paloalto.NewNextGenerationFirewallVirtualNetworkLocalRulestack(ctx, "example", &paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackArgs{
    			Name:              pulumi.String("example-ngfwvn"),
    			ResourceGroupName: example.Name,
    			RulestackId:       exampleLocalRulestack.ID(),
    			NetworkProfile: &paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs{
    				PublicIpAddressIds: pulumi.StringArray{
    					examplePublicIp.ID(),
    				},
    				VnetConfiguration: &paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs{
    					VirtualNetworkId:  exampleVirtualNetwork.ID(),
    					TrustedSubnetId:   trust.ID(),
    					UntrustedSubnetId: untrust.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.PublicIp;
    import com.pulumi.azure.network.PublicIpArgs;
    import com.pulumi.azure.network.NetworkSecurityGroup;
    import com.pulumi.azure.network.NetworkSecurityGroupArgs;
    import com.pulumi.azure.network.VirtualNetwork;
    import com.pulumi.azure.network.VirtualNetworkArgs;
    import com.pulumi.azure.network.Subnet;
    import com.pulumi.azure.network.SubnetArgs;
    import com.pulumi.azure.network.inputs.SubnetDelegationArgs;
    import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs;
    import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
    import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
    import com.pulumi.azure.paloalto.LocalRulestack;
    import com.pulumi.azure.paloalto.LocalRulestackArgs;
    import com.pulumi.azure.paloalto.LocalRulestackRule;
    import com.pulumi.azure.paloalto.LocalRulestackRuleArgs;
    import com.pulumi.azure.paloalto.inputs.LocalRulestackRuleDestinationArgs;
    import com.pulumi.azure.paloalto.inputs.LocalRulestackRuleSourceArgs;
    import com.pulumi.azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestack;
    import com.pulumi.azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackArgs;
    import com.pulumi.azure.paloalto.inputs.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs;
    import com.pulumi.azure.paloalto.inputs.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()        
                .name("example-resource-group")
                .location("westeurope")
                .build());
    
            var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()        
                .name("example-public-ip")
                .location(example.location())
                .resourceGroupName(example.name())
                .allocationMethod("Static")
                .sku("Standard")
                .build());
    
            var exampleNetworkSecurityGroup = new NetworkSecurityGroup("exampleNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()        
                .name("example-nsg")
                .location(test.location())
                .resourceGroupName(test.name())
                .build());
    
            var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()        
                .name("example-vnet")
                .addressSpaces("10.0.0.0/16")
                .location(example.location())
                .resourceGroupName(example.name())
                .tags(Map.of("environment", "Production"))
                .build());
    
            var trust = new Subnet("trust", SubnetArgs.builder()        
                .name("example-trust-subnet")
                .resourceGroupName(example.name())
                .virtualNetworkName(exampleVirtualNetwork.name())
                .addressPrefixes("10.0.1.0/24")
                .delegations(SubnetDelegationArgs.builder()
                    .name("trusted")
                    .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder()
                        .name("PaloAltoNetworks.Cloudngfw/firewalls")
                        .actions("Microsoft.Network/virtualNetworks/subnets/join/action")
                        .build())
                    .build())
                .build());
    
            var trustSubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("trustSubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()        
                .subnetId(trust.id())
                .networkSecurityGroupId(exampleNetworkSecurityGroup.id())
                .build());
    
            var untrust = new Subnet("untrust", SubnetArgs.builder()        
                .name("example-untrust-subnet")
                .resourceGroupName(example.name())
                .virtualNetworkName(exampleVirtualNetwork.name())
                .addressPrefixes("10.0.2.0/24")
                .delegations(SubnetDelegationArgs.builder()
                    .name("untrusted")
                    .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder()
                        .name("PaloAltoNetworks.Cloudngfw/firewalls")
                        .actions("Microsoft.Network/virtualNetworks/subnets/join/action")
                        .build())
                    .build())
                .build());
    
            var untrustSubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("untrustSubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()        
                .subnetId(untrust.id())
                .networkSecurityGroupId(exampleNetworkSecurityGroup.id())
                .build());
    
            var exampleLocalRulestack = new LocalRulestack("exampleLocalRulestack", LocalRulestackArgs.builder()        
                .name("example-rulestack")
                .resourceGroupName(example.name())
                .location(example.locatio())
                .build());
    
            var exampleLocalRulestackRule = new LocalRulestackRule("exampleLocalRulestackRule", LocalRulestackRuleArgs.builder()        
                .name("example-rulestack-rule")
                .rulestackId(exampleLocalRulestack.id())
                .priority(1001)
                .action("Allow")
                .applications("any")
                .destination(LocalRulestackRuleDestinationArgs.builder()
                    .cidrs("any")
                    .build())
                .source(LocalRulestackRuleSourceArgs.builder()
                    .cidrs("any")
                    .build())
                .build());
    
            var exampleNextGenerationFirewallVirtualNetworkLocalRulestack = new NextGenerationFirewallVirtualNetworkLocalRulestack("exampleNextGenerationFirewallVirtualNetworkLocalRulestack", NextGenerationFirewallVirtualNetworkLocalRulestackArgs.builder()        
                .name("example-ngfwvn")
                .resourceGroupName(example.name())
                .rulestackId(exampleLocalRulestack.id())
                .networkProfile(NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs.builder()
                    .publicIpAddressIds(examplePublicIp.id())
                    .vnetConfiguration(NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs.builder()
                        .virtualNetworkId(exampleVirtualNetwork.id())
                        .trustedSubnetId(trust.id())
                        .untrustedSubnetId(untrust.id())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="example-resource-group",
        location="westeurope")
    example_public_ip = azure.network.PublicIp("example",
        name="example-public-ip",
        location=example.location,
        resource_group_name=example.name,
        allocation_method="Static",
        sku="Standard")
    example_network_security_group = azure.network.NetworkSecurityGroup("example",
        name="example-nsg",
        location=test["location"],
        resource_group_name=test["name"])
    example_virtual_network = azure.network.VirtualNetwork("example",
        name="example-vnet",
        address_spaces=["10.0.0.0/16"],
        location=example.location,
        resource_group_name=example.name,
        tags={
            "environment": "Production",
        })
    trust = azure.network.Subnet("trust",
        name="example-trust-subnet",
        resource_group_name=example.name,
        virtual_network_name=example_virtual_network.name,
        address_prefixes=["10.0.1.0/24"],
        delegations=[azure.network.SubnetDelegationArgs(
            name="trusted",
            service_delegation=azure.network.SubnetDelegationServiceDelegationArgs(
                name="PaloAltoNetworks.Cloudngfw/firewalls",
                actions=["Microsoft.Network/virtualNetworks/subnets/join/action"],
            ),
        )])
    trust_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("trust",
        subnet_id=trust.id,
        network_security_group_id=example_network_security_group.id)
    untrust = azure.network.Subnet("untrust",
        name="example-untrust-subnet",
        resource_group_name=example.name,
        virtual_network_name=example_virtual_network.name,
        address_prefixes=["10.0.2.0/24"],
        delegations=[azure.network.SubnetDelegationArgs(
            name="untrusted",
            service_delegation=azure.network.SubnetDelegationServiceDelegationArgs(
                name="PaloAltoNetworks.Cloudngfw/firewalls",
                actions=["Microsoft.Network/virtualNetworks/subnets/join/action"],
            ),
        )])
    untrust_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("untrust",
        subnet_id=untrust.id,
        network_security_group_id=example_network_security_group.id)
    example_local_rulestack = azure.paloalto.LocalRulestack("example",
        name="example-rulestack",
        resource_group_name=example.name,
        location=example.locatio)
    example_local_rulestack_rule = azure.paloalto.LocalRulestackRule("example",
        name="example-rulestack-rule",
        rulestack_id=example_local_rulestack.id,
        priority=1001,
        action="Allow",
        applications=["any"],
        destination=azure.paloalto.LocalRulestackRuleDestinationArgs(
            cidrs=["any"],
        ),
        source=azure.paloalto.LocalRulestackRuleSourceArgs(
            cidrs=["any"],
        ))
    example_next_generation_firewall_virtual_network_local_rulestack = azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestack("example",
        name="example-ngfwvn",
        resource_group_name=example.name,
        rulestack_id=example_local_rulestack.id,
        network_profile=azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs(
            public_ip_address_ids=[example_public_ip.id],
            vnet_configuration=azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs(
                virtual_network_id=example_virtual_network.id,
                trusted_subnet_id=trust.id,
                untrusted_subnet_id=untrust.id,
            ),
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resource-group",
        location: "westeurope",
    });
    const examplePublicIp = new azure.network.PublicIp("example", {
        name: "example-public-ip",
        location: example.location,
        resourceGroupName: example.name,
        allocationMethod: "Static",
        sku: "Standard",
    });
    const exampleNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("example", {
        name: "example-nsg",
        location: test.location,
        resourceGroupName: test.name,
    });
    const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
        name: "example-vnet",
        addressSpaces: ["10.0.0.0/16"],
        location: example.location,
        resourceGroupName: example.name,
        tags: {
            environment: "Production",
        },
    });
    const trust = new azure.network.Subnet("trust", {
        name: "example-trust-subnet",
        resourceGroupName: example.name,
        virtualNetworkName: exampleVirtualNetwork.name,
        addressPrefixes: ["10.0.1.0/24"],
        delegations: [{
            name: "trusted",
            serviceDelegation: {
                name: "PaloAltoNetworks.Cloudngfw/firewalls",
                actions: ["Microsoft.Network/virtualNetworks/subnets/join/action"],
            },
        }],
    });
    const trustSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("trust", {
        subnetId: trust.id,
        networkSecurityGroupId: exampleNetworkSecurityGroup.id,
    });
    const untrust = new azure.network.Subnet("untrust", {
        name: "example-untrust-subnet",
        resourceGroupName: example.name,
        virtualNetworkName: exampleVirtualNetwork.name,
        addressPrefixes: ["10.0.2.0/24"],
        delegations: [{
            name: "untrusted",
            serviceDelegation: {
                name: "PaloAltoNetworks.Cloudngfw/firewalls",
                actions: ["Microsoft.Network/virtualNetworks/subnets/join/action"],
            },
        }],
    });
    const untrustSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("untrust", {
        subnetId: untrust.id,
        networkSecurityGroupId: exampleNetworkSecurityGroup.id,
    });
    const exampleLocalRulestack = new azure.paloalto.LocalRulestack("example", {
        name: "example-rulestack",
        resourceGroupName: example.name,
        location: example.locatio,
    });
    const exampleLocalRulestackRule = new azure.paloalto.LocalRulestackRule("example", {
        name: "example-rulestack-rule",
        rulestackId: exampleLocalRulestack.id,
        priority: 1001,
        action: "Allow",
        applications: ["any"],
        destination: {
            cidrs: ["any"],
        },
        source: {
            cidrs: ["any"],
        },
    });
    const exampleNextGenerationFirewallVirtualNetworkLocalRulestack = new azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestack("example", {
        name: "example-ngfwvn",
        resourceGroupName: example.name,
        rulestackId: exampleLocalRulestack.id,
        networkProfile: {
            publicIpAddressIds: [examplePublicIp.id],
            vnetConfiguration: {
                virtualNetworkId: exampleVirtualNetwork.id,
                trustedSubnetId: trust.id,
                untrustedSubnetId: untrust.id,
            },
        },
    });
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resource-group
          location: westeurope
      examplePublicIp:
        type: azure:network:PublicIp
        name: example
        properties:
          name: example-public-ip
          location: ${example.location}
          resourceGroupName: ${example.name}
          allocationMethod: Static
          sku: Standard
      exampleNetworkSecurityGroup:
        type: azure:network:NetworkSecurityGroup
        name: example
        properties:
          name: example-nsg
          location: ${test.location}
          resourceGroupName: ${test.name}
      exampleVirtualNetwork:
        type: azure:network:VirtualNetwork
        name: example
        properties:
          name: example-vnet
          addressSpaces:
            - 10.0.0.0/16
          location: ${example.location}
          resourceGroupName: ${example.name}
          tags:
            environment: Production
      trust:
        type: azure:network:Subnet
        properties:
          name: example-trust-subnet
          resourceGroupName: ${example.name}
          virtualNetworkName: ${exampleVirtualNetwork.name}
          addressPrefixes:
            - 10.0.1.0/24
          delegations:
            - name: trusted
              serviceDelegation:
                name: PaloAltoNetworks.Cloudngfw/firewalls
                actions:
                  - Microsoft.Network/virtualNetworks/subnets/join/action
      trustSubnetNetworkSecurityGroupAssociation:
        type: azure:network:SubnetNetworkSecurityGroupAssociation
        name: trust
        properties:
          subnetId: ${trust.id}
          networkSecurityGroupId: ${exampleNetworkSecurityGroup.id}
      untrust:
        type: azure:network:Subnet
        properties:
          name: example-untrust-subnet
          resourceGroupName: ${example.name}
          virtualNetworkName: ${exampleVirtualNetwork.name}
          addressPrefixes:
            - 10.0.2.0/24
          delegations:
            - name: untrusted
              serviceDelegation:
                name: PaloAltoNetworks.Cloudngfw/firewalls
                actions:
                  - Microsoft.Network/virtualNetworks/subnets/join/action
      untrustSubnetNetworkSecurityGroupAssociation:
        type: azure:network:SubnetNetworkSecurityGroupAssociation
        name: untrust
        properties:
          subnetId: ${untrust.id}
          networkSecurityGroupId: ${exampleNetworkSecurityGroup.id}
      exampleLocalRulestack:
        type: azure:paloalto:LocalRulestack
        name: example
        properties:
          name: example-rulestack
          resourceGroupName: ${example.name}
          location: ${example.locatio}
      exampleLocalRulestackRule:
        type: azure:paloalto:LocalRulestackRule
        name: example
        properties:
          name: example-rulestack-rule
          rulestackId: ${exampleLocalRulestack.id}
          priority: 1001
          action: Allow
          applications:
            - any
          destination:
            cidrs:
              - any
          source:
            cidrs:
              - any
      exampleNextGenerationFirewallVirtualNetworkLocalRulestack:
        type: azure:paloalto:NextGenerationFirewallVirtualNetworkLocalRulestack
        name: example
        properties:
          name: example-ngfwvn
          resourceGroupName: ${example.name}
          rulestackId: ${exampleLocalRulestack.id}
          networkProfile:
            publicIpAddressIds:
              - ${examplePublicIp.id}
            vnetConfiguration:
              virtualNetworkId: ${exampleVirtualNetwork.id}
              trustedSubnetId: ${trust.id}
              untrustedSubnetId: ${untrust.id}
    

    Create NextGenerationFirewallVirtualNetworkLocalRulestack Resource

    new NextGenerationFirewallVirtualNetworkLocalRulestack(name: string, args: NextGenerationFirewallVirtualNetworkLocalRulestackArgs, opts?: CustomResourceOptions);
    @overload
    def NextGenerationFirewallVirtualNetworkLocalRulestack(resource_name: str,
                                                           opts: Optional[ResourceOptions] = None,
                                                           destination_nats: Optional[Sequence[NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs]] = None,
                                                           dns_settings: Optional[NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs] = None,
                                                           name: Optional[str] = None,
                                                           network_profile: Optional[NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs] = None,
                                                           resource_group_name: Optional[str] = None,
                                                           rulestack_id: Optional[str] = None,
                                                           tags: Optional[Mapping[str, str]] = None)
    @overload
    def NextGenerationFirewallVirtualNetworkLocalRulestack(resource_name: str,
                                                           args: NextGenerationFirewallVirtualNetworkLocalRulestackArgs,
                                                           opts: Optional[ResourceOptions] = None)
    func NewNextGenerationFirewallVirtualNetworkLocalRulestack(ctx *Context, name string, args NextGenerationFirewallVirtualNetworkLocalRulestackArgs, opts ...ResourceOption) (*NextGenerationFirewallVirtualNetworkLocalRulestack, error)
    public NextGenerationFirewallVirtualNetworkLocalRulestack(string name, NextGenerationFirewallVirtualNetworkLocalRulestackArgs args, CustomResourceOptions? opts = null)
    public NextGenerationFirewallVirtualNetworkLocalRulestack(String name, NextGenerationFirewallVirtualNetworkLocalRulestackArgs args)
    public NextGenerationFirewallVirtualNetworkLocalRulestack(String name, NextGenerationFirewallVirtualNetworkLocalRulestackArgs args, CustomResourceOptions options)
    
    type: azure:paloalto:NextGenerationFirewallVirtualNetworkLocalRulestack
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args NextGenerationFirewallVirtualNetworkLocalRulestackArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NextGenerationFirewallVirtualNetworkLocalRulestackArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NextGenerationFirewallVirtualNetworkLocalRulestackArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NextGenerationFirewallVirtualNetworkLocalRulestackArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NextGenerationFirewallVirtualNetworkLocalRulestackArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    NextGenerationFirewallVirtualNetworkLocalRulestack Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The NextGenerationFirewallVirtualNetworkLocalRulestack resource accepts the following input properties:

    NetworkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    ResourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    RulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    DestinationNats List<NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat>
    One or more destination_nat blocks as defined below.
    DnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    Name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    NetworkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs
    A network_profile block as defined below.
    ResourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    RulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    DestinationNats []NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs
    One or more destination_nat blocks as defined below.
    DnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs
    A dns_settings block as defined below.
    Name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    Tags map[string]string
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    networkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId String
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    destinationNats List<NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat>
    One or more destination_nat blocks as defined below.
    dnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    name String
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    networkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    resourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    destinationNats NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat[]
    One or more destination_nat blocks as defined below.
    dnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    network_profile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs
    A network_profile block as defined below.
    resource_group_name str
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestack_id str
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    destination_nats Sequence[NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs]
    One or more destination_nat blocks as defined below.
    dns_settings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs
    A dns_settings block as defined below.
    name str
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    networkProfile Property Map
    A network_profile block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId String
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    destinationNats List<Property Map>
    One or more destination_nat blocks as defined below.
    dnsSettings Property Map
    A dns_settings block as defined below.
    name String
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    tags Map<String>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NextGenerationFirewallVirtualNetworkLocalRulestack resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing NextGenerationFirewallVirtualNetworkLocalRulestack Resource

    Get an existing NextGenerationFirewallVirtualNetworkLocalRulestack resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NextGenerationFirewallVirtualNetworkLocalRulestackState, opts?: CustomResourceOptions): NextGenerationFirewallVirtualNetworkLocalRulestack
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            destination_nats: Optional[Sequence[NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs]] = None,
            dns_settings: Optional[NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs] = None,
            name: Optional[str] = None,
            network_profile: Optional[NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs] = None,
            resource_group_name: Optional[str] = None,
            rulestack_id: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None) -> NextGenerationFirewallVirtualNetworkLocalRulestack
    func GetNextGenerationFirewallVirtualNetworkLocalRulestack(ctx *Context, name string, id IDInput, state *NextGenerationFirewallVirtualNetworkLocalRulestackState, opts ...ResourceOption) (*NextGenerationFirewallVirtualNetworkLocalRulestack, error)
    public static NextGenerationFirewallVirtualNetworkLocalRulestack Get(string name, Input<string> id, NextGenerationFirewallVirtualNetworkLocalRulestackState? state, CustomResourceOptions? opts = null)
    public static NextGenerationFirewallVirtualNetworkLocalRulestack get(String name, Output<String> id, NextGenerationFirewallVirtualNetworkLocalRulestackState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DestinationNats List<NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat>
    One or more destination_nat blocks as defined below.
    DnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    Name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    NetworkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    ResourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    RulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    DestinationNats []NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs
    One or more destination_nat blocks as defined below.
    DnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs
    A dns_settings block as defined below.
    Name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    NetworkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs
    A network_profile block as defined below.
    ResourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    RulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    Tags map[string]string
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    destinationNats List<NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat>
    One or more destination_nat blocks as defined below.
    dnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    name String
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    networkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId String
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    destinationNats NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat[]
    One or more destination_nat blocks as defined below.
    dnsSettings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings
    A dns_settings block as defined below.
    name string
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    networkProfile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile
    A network_profile block as defined below.
    resourceGroupName string
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId string
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    destination_nats Sequence[NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs]
    One or more destination_nat blocks as defined below.
    dns_settings NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs
    A dns_settings block as defined below.
    name str
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    network_profile NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs
    A network_profile block as defined below.
    resource_group_name str
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestack_id str
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.
    destinationNats List<Property Map>
    One or more destination_nat blocks as defined below.
    dnsSettings Property Map
    A dns_settings block as defined below.
    name String
    The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    networkProfile Property Map
    A network_profile block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created.
    rulestackId String
    The ID of the Local Rulestack which will be used to configure this Firewall Resource.
    tags Map<String>
    A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack.

    Supporting Types

    NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat, NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatArgs

    Name string
    The name which should be used for this Destination NAT.
    Protocol string
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    BackendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig
    A backend_config block as defined above.
    FrontendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig
    A frontend_config block as defined below.
    Name string
    The name which should be used for this Destination NAT.
    Protocol string
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    BackendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig
    A backend_config block as defined above.
    FrontendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig
    A frontend_config block as defined below.
    name String
    The name which should be used for this Destination NAT.
    protocol String
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    backendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig
    A backend_config block as defined above.
    frontendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig
    A frontend_config block as defined below.
    name string
    The name which should be used for this Destination NAT.
    protocol string
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    backendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig
    A backend_config block as defined above.
    frontendConfig NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig
    A frontend_config block as defined below.
    name str
    The name which should be used for this Destination NAT.
    protocol str
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    backend_config NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig
    A backend_config block as defined above.
    frontend_config NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig
    A frontend_config block as defined below.
    name String
    The name which should be used for this Destination NAT.
    protocol String
    The Protocol for this Destination NAT configuration. Possible values include TCP and UDP.
    backendConfig Property Map
    A backend_config block as defined above.
    frontendConfig Property Map
    A frontend_config block as defined below.

    NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig, NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfigArgs

    Port int
    The port number to send traffic to.
    PublicIpAddress string
    The IP Address to send the traffic to.
    Port int
    The port number to send traffic to.
    PublicIpAddress string
    The IP Address to send the traffic to.
    port Integer
    The port number to send traffic to.
    publicIpAddress String
    The IP Address to send the traffic to.
    port number
    The port number to send traffic to.
    publicIpAddress string
    The IP Address to send the traffic to.
    port int
    The port number to send traffic to.
    public_ip_address str
    The IP Address to send the traffic to.
    port Number
    The port number to send traffic to.
    publicIpAddress String
    The IP Address to send the traffic to.

    NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig, NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfigArgs

    Port int
    The port on which to receive traffic.
    PublicIpAddressId string

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    Port int
    The port on which to receive traffic.
    PublicIpAddressId string

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    port Integer
    The port on which to receive traffic.
    publicIpAddressId String

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    port number
    The port on which to receive traffic.
    publicIpAddressId string

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    port int
    The port on which to receive traffic.
    public_ip_address_id str

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    port Number
    The port on which to receive traffic.
    publicIpAddressId String

    The ID of the Public IP Address on which to receive traffic.

    Note: This must be an Azure Public IP address ID also specified in the public_ip_address_ids list.

    NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings, NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettingsArgs

    AzureDnsServers List<string>
    DnsServers List<string>
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    UseAzureDns bool
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.
    AzureDnsServers []string
    DnsServers []string
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    UseAzureDns bool
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.
    azureDnsServers List<String>
    dnsServers List<String>
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    useAzureDns Boolean
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.
    azureDnsServers string[]
    dnsServers string[]
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    useAzureDns boolean
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.
    azure_dns_servers Sequence[str]
    dns_servers Sequence[str]
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    use_azure_dns bool
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.
    azureDnsServers List<String>
    dnsServers List<String>
    Specifies a list of DNS servers to use. Conflicts with dns_settings.0.use_azure_dns.
    useAzureDns Boolean
    Should the Firewall use Azure Supplied DNS servers. Conflicts with dns_settings.0.dns_servers. Defaults to false.

    NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile, NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileArgs

    PublicIpAddressIds List<string>
    Specifies a list of Azure Public IP Address IDs.
    VnetConfiguration NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration
    A vnet_configuration block as defined below.
    EgressNatIpAddressIds List<string>
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    EgressNatIpAddresses List<string>
    PublicIpAddresses List<string>
    TrustedAddressRanges List<string>
    Specifies a list of trusted ranges to use for the Network.
    PublicIpAddressIds []string
    Specifies a list of Azure Public IP Address IDs.
    VnetConfiguration NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration
    A vnet_configuration block as defined below.
    EgressNatIpAddressIds []string
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    EgressNatIpAddresses []string
    PublicIpAddresses []string
    TrustedAddressRanges []string
    Specifies a list of trusted ranges to use for the Network.
    publicIpAddressIds List<String>
    Specifies a list of Azure Public IP Address IDs.
    vnetConfiguration NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration
    A vnet_configuration block as defined below.
    egressNatIpAddressIds List<String>
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    egressNatIpAddresses List<String>
    publicIpAddresses List<String>
    trustedAddressRanges List<String>
    Specifies a list of trusted ranges to use for the Network.
    publicIpAddressIds string[]
    Specifies a list of Azure Public IP Address IDs.
    vnetConfiguration NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration
    A vnet_configuration block as defined below.
    egressNatIpAddressIds string[]
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    egressNatIpAddresses string[]
    publicIpAddresses string[]
    trustedAddressRanges string[]
    Specifies a list of trusted ranges to use for the Network.
    public_ip_address_ids Sequence[str]
    Specifies a list of Azure Public IP Address IDs.
    vnet_configuration NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration
    A vnet_configuration block as defined below.
    egress_nat_ip_address_ids Sequence[str]
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    egress_nat_ip_addresses Sequence[str]
    public_ip_addresses Sequence[str]
    trusted_address_ranges Sequence[str]
    Specifies a list of trusted ranges to use for the Network.
    publicIpAddressIds List<String>
    Specifies a list of Azure Public IP Address IDs.
    vnetConfiguration Property Map
    A vnet_configuration block as defined below.
    egressNatIpAddressIds List<String>
    Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
    egressNatIpAddresses List<String>
    publicIpAddresses List<String>
    trustedAddressRanges List<String>
    Specifies a list of trusted ranges to use for the Network.

    NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration, NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfigurationArgs

    VirtualNetworkId string
    The ID of the Virtual Network.
    IpOfTrustForUserDefinedRoutes string
    TrustedSubnetId string
    The ID of the Trust subnet.
    UntrustedSubnetId string
    The ID of the UnTrust subnet.
    VirtualNetworkId string
    The ID of the Virtual Network.
    IpOfTrustForUserDefinedRoutes string
    TrustedSubnetId string
    The ID of the Trust subnet.
    UntrustedSubnetId string
    The ID of the UnTrust subnet.
    virtualNetworkId String
    The ID of the Virtual Network.
    ipOfTrustForUserDefinedRoutes String
    trustedSubnetId String
    The ID of the Trust subnet.
    untrustedSubnetId String
    The ID of the UnTrust subnet.
    virtualNetworkId string
    The ID of the Virtual Network.
    ipOfTrustForUserDefinedRoutes string
    trustedSubnetId string
    The ID of the Trust subnet.
    untrustedSubnetId string
    The ID of the UnTrust subnet.
    virtual_network_id str
    The ID of the Virtual Network.
    ip_of_trust_for_user_defined_routes str
    trusted_subnet_id str
    The ID of the Trust subnet.
    untrusted_subnet_id str
    The ID of the UnTrust subnet.
    virtualNetworkId String
    The ID of the Virtual Network.
    ipOfTrustForUserDefinedRoutes String
    trustedSubnetId String
    The ID of the Trust subnet.
    untrustedSubnetId String
    The ID of the UnTrust subnet.

    Import

    Palo Alto Next Generation Firewall Virtual Network Local Rulestacks can be imported using the resource id, e.g.

    $ pulumi import azure:paloalto/nextGenerationFirewallVirtualNetworkLocalRulestack:NextGenerationFirewallVirtualNetworkLocalRulestack example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/PaloAltoNetworks.Cloudngfw/firewalls/myVNetRulestackFW
    

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.67.1 published on Tuesday, Feb 27, 2024 by Pulumi