Docs Home
checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw
checkpoint.ManagementAccessRule
Explore with Pulumi AI
checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw
This resource allows you to add/update/delete Check Point Access Rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";
const rule1 = new checkpoint.ManagementAccessRule("rule1", {
layer: "Network",
position: {
top: "top",
},
sources: ["Any"],
destinations: ["Any"],
services: ["Any"],
contents: ["Any"],
times: ["Any"],
installOns: ["Policy Targets"],
track: {
type: "Log",
accounting: "false",
alert: "none",
enable_firewall_session: "false",
per_connection: "true",
per_session: "false",
},
actionSettings: {},
customFields: {},
vpn: "Any",
});
const rule2 = new checkpoint.ManagementAccessRule("rule2", {
layer: "Network",
position: {
below: rule1.name,
},
enabled: true,
sources: [
"DMZNet",
"DMZZone",
"WirelessZone",
],
destinations: [
"InternalNet",
"CPDShield",
],
destinationNegate: true,
services: ["Any"],
contents: ["Any"],
times: ["Any"],
installOns: ["Policy Targets"],
track: {
type: "Log",
accounting: "false",
alert: "none",
enable_firewall_session: "false",
per_connection: "true",
per_session: "false",
},
actionSettings: {},
customFields: {},
vpn: "All_GwToGw",
});
const rule3 = new checkpoint.ManagementAccessRule("rule3", {
layer: "Network",
position: {
below: rule2.name,
},
action: "Accept",
actionSettings: {
enable_identity_captive_portal: "true",
},
sources: ["DMZNet"],
enabled: true,
destinations: ["InternalNet"],
destinationNegate: true,
services: ["EDGE"],
contents: ["Any"],
times: ["Weekend"],
installOns: ["Policy Targets"],
track: {
type: "Log",
accounting: "false",
alert: "none",
enable_firewall_session: "false",
per_connection: "true",
per_session: "false",
},
customFields: {},
vpnCommunities: [
"StarCommunity",
"MeshedCommunity",
],
});
const rule4 = new checkpoint.ManagementAccessRule("rule4", {
layer: "Network",
position: {
below: rule3.name,
},
enabled: false,
sources: ["Any"],
destinations: ["Any"],
services: ["Any"],
contents: ["Any"],
times: ["Any"],
installOns: ["Policy Targets"],
track: {
type: "Log",
accounting: "false",
alert: "none",
enable_firewall_session: "false",
per_connection: "true",
per_session: "false",
},
actionSettings: {},
customFields: {},
vpnDirectionals: [{
from: "StarVpn",
to: "MeshedCommunity",
}],
});
const rule5 = new checkpoint.ManagementAccessRule("rule5", {
layer: "Network",
position: {
below: rule4.name,
},
action: "Accept",
actionSettings: {
enable_identity_captive_portal: "false",
},
sources: ["Any"],
destinations: ["Any"],
services: ["Any"],
contents: ["Any"],
times: ["Any"],
installOns: ["Policy Targets"],
track: {
type: "Log",
accounting: "false",
alert: "none",
enable_firewall_session: "false",
per_connection: "true",
per_session: "false",
},
customFields: {},
vpn: "Any",
});
import pulumi
import pulumi_checkpoint as checkpoint
rule1 = checkpoint.ManagementAccessRule("rule1",
layer="Network",
position={
"top": "top",
},
sources=["Any"],
destinations=["Any"],
services=["Any"],
contents=["Any"],
times=["Any"],
install_ons=["Policy Targets"],
track={
"type": "Log",
"accounting": "false",
"alert": "none",
"enable_firewall_session": "false",
"per_connection": "true",
"per_session": "false",
},
action_settings={},
custom_fields={},
vpn="Any")
rule2 = checkpoint.ManagementAccessRule("rule2",
layer="Network",
position={
"below": rule1.name,
},
enabled=True,
sources=[
"DMZNet",
"DMZZone",
"WirelessZone",
],
destinations=[
"InternalNet",
"CPDShield",
],
destination_negate=True,
services=["Any"],
contents=["Any"],
times=["Any"],
install_ons=["Policy Targets"],
track={
"type": "Log",
"accounting": "false",
"alert": "none",
"enable_firewall_session": "false",
"per_connection": "true",
"per_session": "false",
},
action_settings={},
custom_fields={},
vpn="All_GwToGw")
rule3 = checkpoint.ManagementAccessRule("rule3",
layer="Network",
position={
"below": rule2.name,
},
action="Accept",
action_settings={
"enable_identity_captive_portal": "true",
},
sources=["DMZNet"],
enabled=True,
destinations=["InternalNet"],
destination_negate=True,
services=["EDGE"],
contents=["Any"],
times=["Weekend"],
install_ons=["Policy Targets"],
track={
"type": "Log",
"accounting": "false",
"alert": "none",
"enable_firewall_session": "false",
"per_connection": "true",
"per_session": "false",
},
custom_fields={},
vpn_communities=[
"StarCommunity",
"MeshedCommunity",
])
rule4 = checkpoint.ManagementAccessRule("rule4",
layer="Network",
position={
"below": rule3.name,
},
enabled=False,
sources=["Any"],
destinations=["Any"],
services=["Any"],
contents=["Any"],
times=["Any"],
install_ons=["Policy Targets"],
track={
"type": "Log",
"accounting": "false",
"alert": "none",
"enable_firewall_session": "false",
"per_connection": "true",
"per_session": "false",
},
action_settings={},
custom_fields={},
vpn_directionals=[{
"from_": "StarVpn",
"to": "MeshedCommunity",
}])
rule5 = checkpoint.ManagementAccessRule("rule5",
layer="Network",
position={
"below": rule4.name,
},
action="Accept",
action_settings={
"enable_identity_captive_portal": "false",
},
sources=["Any"],
destinations=["Any"],
services=["Any"],
contents=["Any"],
times=["Any"],
install_ons=["Policy Targets"],
track={
"type": "Log",
"accounting": "false",
"alert": "none",
"enable_firewall_session": "false",
"per_connection": "true",
"per_session": "false",
},
custom_fields={},
vpn="Any")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/checkpoint/v2/checkpoint"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
rule1, err := checkpoint.NewManagementAccessRule(ctx, "rule1", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("Network"),
Position: pulumi.StringMap{
"top": pulumi.String("top"),
},
Sources: pulumi.StringArray{
pulumi.String("Any"),
},
Destinations: pulumi.StringArray{
pulumi.String("Any"),
},
Services: pulumi.StringArray{
pulumi.String("Any"),
},
Contents: pulumi.StringArray{
pulumi.String("Any"),
},
Times: pulumi.StringArray{
pulumi.String("Any"),
},
InstallOns: pulumi.StringArray{
pulumi.String("Policy Targets"),
},
Track: pulumi.StringMap{
"type": pulumi.String("Log"),
"accounting": pulumi.String("false"),
"alert": pulumi.String("none"),
"enable_firewall_session": pulumi.String("false"),
"per_connection": pulumi.String("true"),
"per_session": pulumi.String("false"),
},
ActionSettings: pulumi.StringMap{},
CustomFields: pulumi.StringMap{},
Vpn: pulumi.String("Any"),
})
if err != nil {
return err
}
rule2, err := checkpoint.NewManagementAccessRule(ctx, "rule2", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("Network"),
Position: pulumi.StringMap{
"below": rule1.Name,
},
Enabled: pulumi.Bool(true),
Sources: pulumi.StringArray{
pulumi.String("DMZNet"),
pulumi.String("DMZZone"),
pulumi.String("WirelessZone"),
},
Destinations: pulumi.StringArray{
pulumi.String("InternalNet"),
pulumi.String("CPDShield"),
},
DestinationNegate: pulumi.Bool(true),
Services: pulumi.StringArray{
pulumi.String("Any"),
},
Contents: pulumi.StringArray{
pulumi.String("Any"),
},
Times: pulumi.StringArray{
pulumi.String("Any"),
},
InstallOns: pulumi.StringArray{
pulumi.String("Policy Targets"),
},
Track: pulumi.StringMap{
"type": pulumi.String("Log"),
"accounting": pulumi.String("false"),
"alert": pulumi.String("none"),
"enable_firewall_session": pulumi.String("false"),
"per_connection": pulumi.String("true"),
"per_session": pulumi.String("false"),
},
ActionSettings: pulumi.StringMap{},
CustomFields: pulumi.StringMap{},
Vpn: pulumi.String("All_GwToGw"),
})
if err != nil {
return err
}
rule3, err := checkpoint.NewManagementAccessRule(ctx, "rule3", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("Network"),
Position: pulumi.StringMap{
"below": rule2.Name,
},
Action: pulumi.String("Accept"),
ActionSettings: pulumi.StringMap{
"enable_identity_captive_portal": pulumi.String("true"),
},
Sources: pulumi.StringArray{
pulumi.String("DMZNet"),
},
Enabled: pulumi.Bool(true),
Destinations: pulumi.StringArray{
pulumi.String("InternalNet"),
},
DestinationNegate: pulumi.Bool(true),
Services: pulumi.StringArray{
pulumi.String("EDGE"),
},
Contents: pulumi.StringArray{
pulumi.String("Any"),
},
Times: pulumi.StringArray{
pulumi.String("Weekend"),
},
InstallOns: pulumi.StringArray{
pulumi.String("Policy Targets"),
},
Track: pulumi.StringMap{
"type": pulumi.String("Log"),
"accounting": pulumi.String("false"),
"alert": pulumi.String("none"),
"enable_firewall_session": pulumi.String("false"),
"per_connection": pulumi.String("true"),
"per_session": pulumi.String("false"),
},
CustomFields: pulumi.StringMap{},
VpnCommunities: pulumi.StringArray{
pulumi.String("StarCommunity"),
pulumi.String("MeshedCommunity"),
},
})
if err != nil {
return err
}
rule4, err := checkpoint.NewManagementAccessRule(ctx, "rule4", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("Network"),
Position: pulumi.StringMap{
"below": rule3.Name,
},
Enabled: pulumi.Bool(false),
Sources: pulumi.StringArray{
pulumi.String("Any"),
},
Destinations: pulumi.StringArray{
pulumi.String("Any"),
},
Services: pulumi.StringArray{
pulumi.String("Any"),
},
Contents: pulumi.StringArray{
pulumi.String("Any"),
},
Times: pulumi.StringArray{
pulumi.String("Any"),
},
InstallOns: pulumi.StringArray{
pulumi.String("Policy Targets"),
},
Track: pulumi.StringMap{
"type": pulumi.String("Log"),
"accounting": pulumi.String("false"),
"alert": pulumi.String("none"),
"enable_firewall_session": pulumi.String("false"),
"per_connection": pulumi.String("true"),
"per_session": pulumi.String("false"),
},
ActionSettings: pulumi.StringMap{},
CustomFields: pulumi.StringMap{},
VpnDirectionals: checkpoint.ManagementAccessRuleVpnDirectionalArray{
&checkpoint.ManagementAccessRuleVpnDirectionalArgs{
From: pulumi.String("StarVpn"),
To: pulumi.String("MeshedCommunity"),
},
},
})
if err != nil {
return err
}
_, err = checkpoint.NewManagementAccessRule(ctx, "rule5", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("Network"),
Position: pulumi.StringMap{
"below": rule4.Name,
},
Action: pulumi.String("Accept"),
ActionSettings: pulumi.StringMap{
"enable_identity_captive_portal": pulumi.String("false"),
},
Sources: pulumi.StringArray{
pulumi.String("Any"),
},
Destinations: pulumi.StringArray{
pulumi.String("Any"),
},
Services: pulumi.StringArray{
pulumi.String("Any"),
},
Contents: pulumi.StringArray{
pulumi.String("Any"),
},
Times: pulumi.StringArray{
pulumi.String("Any"),
},
InstallOns: pulumi.StringArray{
pulumi.String("Policy Targets"),
},
Track: pulumi.StringMap{
"type": pulumi.String("Log"),
"accounting": pulumi.String("false"),
"alert": pulumi.String("none"),
"enable_firewall_session": pulumi.String("false"),
"per_connection": pulumi.String("true"),
"per_session": pulumi.String("false"),
},
CustomFields: pulumi.StringMap{},
Vpn: pulumi.String("Any"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;
return await Deployment.RunAsync(() =>
{
var rule1 = new Checkpoint.ManagementAccessRule("rule1", new()
{
Layer = "Network",
Position =
{
{ "top", "top" },
},
Sources = new[]
{
"Any",
},
Destinations = new[]
{
"Any",
},
Services = new[]
{
"Any",
},
Contents = new[]
{
"Any",
},
Times = new[]
{
"Any",
},
InstallOns = new[]
{
"Policy Targets",
},
Track =
{
{ "type", "Log" },
{ "accounting", "false" },
{ "alert", "none" },
{ "enable_firewall_session", "false" },
{ "per_connection", "true" },
{ "per_session", "false" },
},
ActionSettings = null,
CustomFields = null,
Vpn = "Any",
});
var rule2 = new Checkpoint.ManagementAccessRule("rule2", new()
{
Layer = "Network",
Position =
{
{ "below", rule1.Name },
},
Enabled = true,
Sources = new[]
{
"DMZNet",
"DMZZone",
"WirelessZone",
},
Destinations = new[]
{
"InternalNet",
"CPDShield",
},
DestinationNegate = true,
Services = new[]
{
"Any",
},
Contents = new[]
{
"Any",
},
Times = new[]
{
"Any",
},
InstallOns = new[]
{
"Policy Targets",
},
Track =
{
{ "type", "Log" },
{ "accounting", "false" },
{ "alert", "none" },
{ "enable_firewall_session", "false" },
{ "per_connection", "true" },
{ "per_session", "false" },
},
ActionSettings = null,
CustomFields = null,
Vpn = "All_GwToGw",
});
var rule3 = new Checkpoint.ManagementAccessRule("rule3", new()
{
Layer = "Network",
Position =
{
{ "below", rule2.Name },
},
Action = "Accept",
ActionSettings =
{
{ "enable_identity_captive_portal", "true" },
},
Sources = new[]
{
"DMZNet",
},
Enabled = true,
Destinations = new[]
{
"InternalNet",
},
DestinationNegate = true,
Services = new[]
{
"EDGE",
},
Contents = new[]
{
"Any",
},
Times = new[]
{
"Weekend",
},
InstallOns = new[]
{
"Policy Targets",
},
Track =
{
{ "type", "Log" },
{ "accounting", "false" },
{ "alert", "none" },
{ "enable_firewall_session", "false" },
{ "per_connection", "true" },
{ "per_session", "false" },
},
CustomFields = null,
VpnCommunities = new[]
{
"StarCommunity",
"MeshedCommunity",
},
});
var rule4 = new Checkpoint.ManagementAccessRule("rule4", new()
{
Layer = "Network",
Position =
{
{ "below", rule3.Name },
},
Enabled = false,
Sources = new[]
{
"Any",
},
Destinations = new[]
{
"Any",
},
Services = new[]
{
"Any",
},
Contents = new[]
{
"Any",
},
Times = new[]
{
"Any",
},
InstallOns = new[]
{
"Policy Targets",
},
Track =
{
{ "type", "Log" },
{ "accounting", "false" },
{ "alert", "none" },
{ "enable_firewall_session", "false" },
{ "per_connection", "true" },
{ "per_session", "false" },
},
ActionSettings = null,
CustomFields = null,
VpnDirectionals = new[]
{
new Checkpoint.Inputs.ManagementAccessRuleVpnDirectionalArgs
{
From = "StarVpn",
To = "MeshedCommunity",
},
},
});
var rule5 = new Checkpoint.ManagementAccessRule("rule5", new()
{
Layer = "Network",
Position =
{
{ "below", rule4.Name },
},
Action = "Accept",
ActionSettings =
{
{ "enable_identity_captive_portal", "false" },
},
Sources = new[]
{
"Any",
},
Destinations = new[]
{
"Any",
},
Services = new[]
{
"Any",
},
Contents = new[]
{
"Any",
},
Times = new[]
{
"Any",
},
InstallOns = new[]
{
"Policy Targets",
},
Track =
{
{ "type", "Log" },
{ "accounting", "false" },
{ "alert", "none" },
{ "enable_firewall_session", "false" },
{ "per_connection", "true" },
{ "per_session", "false" },
},
CustomFields = null,
Vpn = "Any",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.ManagementAccessRule;
import com.pulumi.checkpoint.ManagementAccessRuleArgs;
import com.pulumi.checkpoint.inputs.ManagementAccessRuleVpnDirectionalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var rule1 = new ManagementAccessRule("rule1", ManagementAccessRuleArgs.builder()
.layer("Network")
.position(Map.of("top", "top"))
.sources("Any")
.destinations("Any")
.services("Any")
.contents("Any")
.times("Any")
.installOns("Policy Targets")
.track(Map.ofEntries(
Map.entry("type", "Log"),
Map.entry("accounting", false),
Map.entry("alert", "none"),
Map.entry("enable_firewall_session", false),
Map.entry("per_connection", true),
Map.entry("per_session", false)
))
.actionSettings()
.customFields()
.vpn("Any")
.build());
var rule2 = new ManagementAccessRule("rule2", ManagementAccessRuleArgs.builder()
.layer("Network")
.position(Map.of("below", rule1.name()))
.enabled(true)
.sources(
"DMZNet",
"DMZZone",
"WirelessZone")
.destinations(
"InternalNet",
"CPDShield")
.destinationNegate(true)
.services("Any")
.contents("Any")
.times("Any")
.installOns("Policy Targets")
.track(Map.ofEntries(
Map.entry("type", "Log"),
Map.entry("accounting", false),
Map.entry("alert", "none"),
Map.entry("enable_firewall_session", false),
Map.entry("per_connection", true),
Map.entry("per_session", false)
))
.actionSettings()
.customFields()
.vpn("All_GwToGw")
.build());
var rule3 = new ManagementAccessRule("rule3", ManagementAccessRuleArgs.builder()
.layer("Network")
.position(Map.of("below", rule2.name()))
.action("Accept")
.actionSettings(Map.of("enable_identity_captive_portal", true))
.sources("DMZNet")
.enabled(true)
.destinations("InternalNet")
.destinationNegate(true)
.services("EDGE")
.contents("Any")
.times("Weekend")
.installOns("Policy Targets")
.track(Map.ofEntries(
Map.entry("type", "Log"),
Map.entry("accounting", false),
Map.entry("alert", "none"),
Map.entry("enable_firewall_session", false),
Map.entry("per_connection", true),
Map.entry("per_session", false)
))
.customFields()
.vpnCommunities(
"StarCommunity",
"MeshedCommunity")
.build());
var rule4 = new ManagementAccessRule("rule4", ManagementAccessRuleArgs.builder()
.layer("Network")
.position(Map.of("below", rule3.name()))
.enabled(false)
.sources("Any")
.destinations("Any")
.services("Any")
.contents("Any")
.times("Any")
.installOns("Policy Targets")
.track(Map.ofEntries(
Map.entry("type", "Log"),
Map.entry("accounting", false),
Map.entry("alert", "none"),
Map.entry("enable_firewall_session", false),
Map.entry("per_connection", true),
Map.entry("per_session", false)
))
.actionSettings()
.customFields()
.vpnDirectionals(ManagementAccessRuleVpnDirectionalArgs.builder()
.from("StarVpn")
.to("MeshedCommunity")
.build())
.build());
var rule5 = new ManagementAccessRule("rule5", ManagementAccessRuleArgs.builder()
.layer("Network")
.position(Map.of("below", rule4.name()))
.action("Accept")
.actionSettings(Map.of("enable_identity_captive_portal", false))
.sources("Any")
.destinations("Any")
.services("Any")
.contents("Any")
.times("Any")
.installOns("Policy Targets")
.track(Map.ofEntries(
Map.entry("type", "Log"),
Map.entry("accounting", false),
Map.entry("alert", "none"),
Map.entry("enable_firewall_session", false),
Map.entry("per_connection", true),
Map.entry("per_session", false)
))
.customFields()
.vpn("Any")
.build());
}
}
resources:
rule1:
type: checkpoint:ManagementAccessRule
properties:
layer: Network
position:
top: top
sources:
- Any
destinations:
- Any
services:
- Any
contents:
- Any
times:
- Any
installOns:
- Policy Targets
track:
type: Log
accounting: false
alert: none
enable_firewall_session: false
per_connection: true
per_session: false
actionSettings: {}
customFields: {}
vpn: Any
rule2:
type: checkpoint:ManagementAccessRule
properties:
layer: Network
position:
below: ${rule1.name}
enabled: true
sources:
- DMZNet
- DMZZone
- WirelessZone
destinations:
- InternalNet
- CPDShield
destinationNegate: true
services:
- Any
contents:
- Any
times:
- Any
installOns:
- Policy Targets
track:
type: Log
accounting: false
alert: none
enable_firewall_session: false
per_connection: true
per_session: false
actionSettings: {}
customFields: {}
vpn: All_GwToGw
rule3:
type: checkpoint:ManagementAccessRule
properties:
layer: Network
position:
below: ${rule2.name}
action: Accept
actionSettings:
enable_identity_captive_portal: true
sources:
- DMZNet
enabled: true
destinations:
- InternalNet
destinationNegate: true
services:
- EDGE
contents:
- Any
times:
- Weekend
installOns:
- Policy Targets
track:
type: Log
accounting: false
alert: none
enable_firewall_session: false
per_connection: true
per_session: false
customFields: {}
vpnCommunities:
- StarCommunity
- MeshedCommunity
rule4:
type: checkpoint:ManagementAccessRule
properties:
layer: Network
position:
below: ${rule3.name}
enabled: false
sources:
- Any
destinations:
- Any
services:
- Any
contents:
- Any
times:
- Any
installOns:
- Policy Targets
track:
type: Log
accounting: false
alert: none
enable_firewall_session: false
per_connection: true
per_session: false
actionSettings: {}
customFields: {}
vpnDirectionals:
- from: StarVpn
to: MeshedCommunity
rule5:
type: checkpoint:ManagementAccessRule
properties:
layer: Network
position:
below: ${rule4.name}
action: Accept
actionSettings:
enable_identity_captive_portal: false
sources:
- Any
destinations:
- Any
services:
- Any
contents:
- Any
times:
- Any
installOns:
- Policy Targets
track:
type: Log
accounting: false
alert: none
enable_firewall_session: false
per_connection: true
per_session: false
customFields: {}
vpn: Any
Create ManagementAccessRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagementAccessRule(name: string, args: ManagementAccessRuleArgs, opts?: CustomResourceOptions);@overload
def ManagementAccessRule(resource_name: str,
args: ManagementAccessRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagementAccessRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
layer: Optional[str] = None,
position: Optional[Mapping[str, str]] = None,
install_ons: Optional[Sequence[str]] = None,
vpn: Optional[str] = None,
content_negate: Optional[bool] = None,
contents: Optional[Sequence[str]] = None,
custom_fields: Optional[Mapping[str, str]] = None,
destination_negate: Optional[bool] = None,
destinations: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
fields_with_uid_identifiers: Optional[Sequence[str]] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
management_access_rule_id: Optional[str] = None,
content_direction: Optional[str] = None,
action: Optional[str] = None,
inline_layer: Optional[str] = None,
name: Optional[str] = None,
action_settings: Optional[Mapping[str, str]] = None,
service_negate: Optional[bool] = None,
services: Optional[Sequence[str]] = None,
source_negate: Optional[bool] = None,
sources: Optional[Sequence[str]] = None,
times: Optional[Sequence[str]] = None,
track: Optional[Mapping[str, str]] = None,
user_check: Optional[ManagementAccessRuleUserCheckArgs] = None,
comments: Optional[str] = None,
vpn_communities: Optional[Sequence[str]] = None,
vpn_directionals: Optional[Sequence[ManagementAccessRuleVpnDirectionalArgs]] = None)func NewManagementAccessRule(ctx *Context, name string, args ManagementAccessRuleArgs, opts ...ResourceOption) (*ManagementAccessRule, error)public ManagementAccessRule(string name, ManagementAccessRuleArgs args, CustomResourceOptions? opts = null)
public ManagementAccessRule(String name, ManagementAccessRuleArgs args)
public ManagementAccessRule(String name, ManagementAccessRuleArgs args, CustomResourceOptions options)
type: checkpoint:ManagementAccessRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managementAccessRuleResource = new Checkpoint.ManagementAccessRule("managementAccessRuleResource", new()
{
Layer = "string",
Position =
{
{ "string", "string" },
},
InstallOns = new[]
{
"string",
},
Vpn = "string",
ContentNegate = false,
Contents = new[]
{
"string",
},
CustomFields =
{
{ "string", "string" },
},
DestinationNegate = false,
Destinations = new[]
{
"string",
},
Enabled = false,
FieldsWithUidIdentifiers = new[]
{
"string",
},
IgnoreErrors = false,
IgnoreWarnings = false,
ManagementAccessRuleId = "string",
ContentDirection = "string",
Action = "string",
InlineLayer = "string",
Name = "string",
ActionSettings =
{
{ "string", "string" },
},
ServiceNegate = false,
Services = new[]
{
"string",
},
SourceNegate = false,
Sources = new[]
{
"string",
},
Times = new[]
{
"string",
},
Track =
{
{ "string", "string" },
},
UserCheck = new Checkpoint.Inputs.ManagementAccessRuleUserCheckArgs
{
Confirm = "string",
CustomFrequency = new Checkpoint.Inputs.ManagementAccessRuleUserCheckCustomFrequencyArgs
{
Every = 0,
Unit = "string",
},
Frequency = "string",
Interaction = "string",
},
Comments = "string",
VpnCommunities = new[]
{
"string",
},
VpnDirectionals = new[]
{
new Checkpoint.Inputs.ManagementAccessRuleVpnDirectionalArgs
{
From = "string",
To = "string",
},
},
});
example, err := checkpoint.NewManagementAccessRule(ctx, "managementAccessRuleResource", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("string"),
Position: pulumi.StringMap{
"string": pulumi.String("string"),
},
InstallOns: pulumi.StringArray{
pulumi.String("string"),
},
Vpn: pulumi.String("string"),
ContentNegate: pulumi.Bool(false),
Contents: pulumi.StringArray{
pulumi.String("string"),
},
CustomFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
DestinationNegate: pulumi.Bool(false),
Destinations: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
FieldsWithUidIdentifiers: pulumi.StringArray{
pulumi.String("string"),
},
IgnoreErrors: pulumi.Bool(false),
IgnoreWarnings: pulumi.Bool(false),
ManagementAccessRuleId: pulumi.String("string"),
ContentDirection: pulumi.String("string"),
Action: pulumi.String("string"),
InlineLayer: pulumi.String("string"),
Name: pulumi.String("string"),
ActionSettings: pulumi.StringMap{
"string": pulumi.String("string"),
},
ServiceNegate: pulumi.Bool(false),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceNegate: pulumi.Bool(false),
Sources: pulumi.StringArray{
pulumi.String("string"),
},
Times: pulumi.StringArray{
pulumi.String("string"),
},
Track: pulumi.StringMap{
"string": pulumi.String("string"),
},
UserCheck: &checkpoint.ManagementAccessRuleUserCheckArgs{
Confirm: pulumi.String("string"),
CustomFrequency: &checkpoint.ManagementAccessRuleUserCheckCustomFrequencyArgs{
Every: pulumi.Float64(0),
Unit: pulumi.String("string"),
},
Frequency: pulumi.String("string"),
Interaction: pulumi.String("string"),
},
Comments: pulumi.String("string"),
VpnCommunities: pulumi.StringArray{
pulumi.String("string"),
},
VpnDirectionals: checkpoint.ManagementAccessRuleVpnDirectionalArray{
&checkpoint.ManagementAccessRuleVpnDirectionalArgs{
From: pulumi.String("string"),
To: pulumi.String("string"),
},
},
})
var managementAccessRuleResource = new ManagementAccessRule("managementAccessRuleResource", ManagementAccessRuleArgs.builder()
.layer("string")
.position(Map.of("string", "string"))
.installOns("string")
.vpn("string")
.contentNegate(false)
.contents("string")
.customFields(Map.of("string", "string"))
.destinationNegate(false)
.destinations("string")
.enabled(false)
.fieldsWithUidIdentifiers("string")
.ignoreErrors(false)
.ignoreWarnings(false)
.managementAccessRuleId("string")
.contentDirection("string")
.action("string")
.inlineLayer("string")
.name("string")
.actionSettings(Map.of("string", "string"))
.serviceNegate(false)
.services("string")
.sourceNegate(false)
.sources("string")
.times("string")
.track(Map.of("string", "string"))
.userCheck(ManagementAccessRuleUserCheckArgs.builder()
.confirm("string")
.customFrequency(ManagementAccessRuleUserCheckCustomFrequencyArgs.builder()
.every(0)
.unit("string")
.build())
.frequency("string")
.interaction("string")
.build())
.comments("string")
.vpnCommunities("string")
.vpnDirectionals(ManagementAccessRuleVpnDirectionalArgs.builder()
.from("string")
.to("string")
.build())
.build());
management_access_rule_resource = checkpoint.ManagementAccessRule("managementAccessRuleResource",
layer="string",
position={
"string": "string",
},
install_ons=["string"],
vpn="string",
content_negate=False,
contents=["string"],
custom_fields={
"string": "string",
},
destination_negate=False,
destinations=["string"],
enabled=False,
fields_with_uid_identifiers=["string"],
ignore_errors=False,
ignore_warnings=False,
management_access_rule_id="string",
content_direction="string",
action="string",
inline_layer="string",
name="string",
action_settings={
"string": "string",
},
service_negate=False,
services=["string"],
source_negate=False,
sources=["string"],
times=["string"],
track={
"string": "string",
},
user_check={
"confirm": "string",
"custom_frequency": {
"every": 0,
"unit": "string",
},
"frequency": "string",
"interaction": "string",
},
comments="string",
vpn_communities=["string"],
vpn_directionals=[{
"from_": "string",
"to": "string",
}])
const managementAccessRuleResource = new checkpoint.ManagementAccessRule("managementAccessRuleResource", {
layer: "string",
position: {
string: "string",
},
installOns: ["string"],
vpn: "string",
contentNegate: false,
contents: ["string"],
customFields: {
string: "string",
},
destinationNegate: false,
destinations: ["string"],
enabled: false,
fieldsWithUidIdentifiers: ["string"],
ignoreErrors: false,
ignoreWarnings: false,
managementAccessRuleId: "string",
contentDirection: "string",
action: "string",
inlineLayer: "string",
name: "string",
actionSettings: {
string: "string",
},
serviceNegate: false,
services: ["string"],
sourceNegate: false,
sources: ["string"],
times: ["string"],
track: {
string: "string",
},
userCheck: {
confirm: "string",
customFrequency: {
every: 0,
unit: "string",
},
frequency: "string",
interaction: "string",
},
comments: "string",
vpnCommunities: ["string"],
vpnDirectionals: [{
from: "string",
to: "string",
}],
});
type: checkpoint:ManagementAccessRule
properties:
action: string
actionSettings:
string: string
comments: string
contentDirection: string
contentNegate: false
contents:
- string
customFields:
string: string
destinationNegate: false
destinations:
- string
enabled: false
fieldsWithUidIdentifiers:
- string
ignoreErrors: false
ignoreWarnings: false
inlineLayer: string
installOns:
- string
layer: string
managementAccessRuleId: string
name: string
position:
string: string
serviceNegate: false
services:
- string
sourceNegate: false
sources:
- string
times:
- string
track:
string: string
userCheck:
confirm: string
customFrequency:
every: 0
unit: string
frequency: string
interaction: string
vpn: string
vpnCommunities:
- string
vpnDirectionals:
- from: string
to: string
ManagementAccessRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagementAccessRule resource accepts the following input properties:
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Position Dictionary<string, string>
- Position in the rulebase. Position blocks are documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings Dictionary<string, string> - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents List<string>
- List of processed file types that this rule applies on.
- Custom
Fields Dictionary<string, string> - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations List<string>
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With List<string>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons List<string> - Which Gateways identified by the name or UID to install the policy on.
- Management
Access stringRule Id - Name string
- Rule name.
- Service
Negate bool - True if negate is set for service.
- Services List<string>
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources List<string>
- Collection of Network objects identified by the name or UID.
- Times List<string>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track Dictionary<string, string>
- Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities List<string> - Collection of VPN communities identified by name.
- Vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Position map[string]string
- Position in the rulebase. Position blocks are documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings map[string]string - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents []string
- List of processed file types that this rule applies on.
- Custom
Fields map[string]string - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations []string
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With []stringUid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons []string - Which Gateways identified by the name or UID to install the policy on.
- Management
Access stringRule Id - Name string
- Rule name.
- Service
Negate bool - True if negate is set for service.
- Services []string
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources []string
- Collection of Network objects identified by the name or UID.
- Times []string
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track map[string]string
- Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities []string - Collection of VPN communities identified by name.
- Vpn
Directionals []ManagementAccess Rule Vpn Directional Args - Collection of VPN directional. VPN directional block documented below.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- position Map<String,String>
- Position in the rulebase. Position blocks are documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Map<String,String> - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Map<String,String> - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- management
Access StringRule Id - name String
- Rule name.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Map<String,String>
- Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- layer string
- Layer that the rule belongs to identified by the name or UID.
- position {[key: string]: string}
- Position in the rulebase. Position blocks are documented below.
- action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings {[key: string]: string} - Action settings. Action settings blocks are documented below.
- comments string
- Comments string.
- content
Direction string - On which direction the file types processing is applied.
- content
Negate boolean - True if negate is set for data.
- contents string[]
- List of processed file types that this rule applies on.
- custom
Fields {[key: string]: string} - Custom fields. Custom fields blocks are documented below.
- destination
Negate boolean - True if negate is set for destination.
- destinations string[]
- Collection of Network objects identified by the name or UID.
- enabled boolean
- Enable/Disable the rule.
- fields
With string[]Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons string[] - Which Gateways identified by the name or UID to install the policy on.
- management
Access stringRule Id - name string
- Rule name.
- service
Negate boolean - True if negate is set for service.
- services string[]
- Collection of Network objects identified by the name or UID.
- source
Negate boolean - True if negate is set for source.
- sources string[]
- Collection of Network objects identified by the name or UID.
- times string[]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track {[key: string]: string}
- Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities string[] - Collection of VPN communities identified by name.
- vpn
Directionals ManagementAccess Rule Vpn Directional[] - Collection of VPN directional. VPN directional block documented below.
- layer str
- Layer that the rule belongs to identified by the name or UID.
- position Mapping[str, str]
- Position in the rulebase. Position blocks are documented below.
- action str
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action_
settings Mapping[str, str] - Action settings. Action settings blocks are documented below.
- comments str
- Comments string.
- content_
direction str - On which direction the file types processing is applied.
- content_
negate bool - True if negate is set for data.
- contents Sequence[str]
- List of processed file types that this rule applies on.
- custom_
fields Mapping[str, str] - Custom fields. Custom fields blocks are documented below.
- destination_
negate bool - True if negate is set for destination.
- destinations Sequence[str]
- Collection of Network objects identified by the name or UID.
- enabled bool
- Enable/Disable the rule.
- fields_
with_ Sequence[str]uid_ identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- inline_
layer str - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install_
ons Sequence[str] - Which Gateways identified by the name or UID to install the policy on.
- management_
access_ strrule_ id - name str
- Rule name.
- service_
negate bool - True if negate is set for service.
- services Sequence[str]
- Collection of Network objects identified by the name or UID.
- source_
negate bool - True if negate is set for source.
- sources Sequence[str]
- Collection of Network objects identified by the name or UID.
- times Sequence[str]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Mapping[str, str]
- Track Settings. Track Settings blocks are documented below.
- user_
check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- vpn str
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn_
communities Sequence[str] - Collection of VPN communities identified by name.
- vpn_
directionals Sequence[ManagementAccess Rule Vpn Directional Args] - Collection of VPN directional. VPN directional block documented below.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- position Map<String>
- Position in the rulebase. Position blocks are documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Map<String> - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Map<String> - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- management
Access StringRule Id - name String
- Rule name.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Map<String>
- Track Settings. Track Settings blocks are documented below.
- user
Check Property Map - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<Property Map> - Collection of VPN directional. VPN directional block documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagementAccessRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagementAccessRule Resource
Get an existing ManagementAccessRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagementAccessRuleState, opts?: CustomResourceOptions): ManagementAccessRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
action_settings: Optional[Mapping[str, str]] = None,
comments: Optional[str] = None,
content_direction: Optional[str] = None,
content_negate: Optional[bool] = None,
contents: Optional[Sequence[str]] = None,
custom_fields: Optional[Mapping[str, str]] = None,
destination_negate: Optional[bool] = None,
destinations: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
fields_with_uid_identifiers: Optional[Sequence[str]] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
inline_layer: Optional[str] = None,
install_ons: Optional[Sequence[str]] = None,
layer: Optional[str] = None,
management_access_rule_id: Optional[str] = None,
name: Optional[str] = None,
position: Optional[Mapping[str, str]] = None,
service_negate: Optional[bool] = None,
services: Optional[Sequence[str]] = None,
source_negate: Optional[bool] = None,
sources: Optional[Sequence[str]] = None,
times: Optional[Sequence[str]] = None,
track: Optional[Mapping[str, str]] = None,
user_check: Optional[ManagementAccessRuleUserCheckArgs] = None,
vpn: Optional[str] = None,
vpn_communities: Optional[Sequence[str]] = None,
vpn_directionals: Optional[Sequence[ManagementAccessRuleVpnDirectionalArgs]] = None) -> ManagementAccessRulefunc GetManagementAccessRule(ctx *Context, name string, id IDInput, state *ManagementAccessRuleState, opts ...ResourceOption) (*ManagementAccessRule, error)public static ManagementAccessRule Get(string name, Input<string> id, ManagementAccessRuleState? state, CustomResourceOptions? opts = null)public static ManagementAccessRule get(String name, Output<String> id, ManagementAccessRuleState state, CustomResourceOptions options)resources: _: type: checkpoint:ManagementAccessRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings Dictionary<string, string> - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents List<string>
- List of processed file types that this rule applies on.
- Custom
Fields Dictionary<string, string> - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations List<string>
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With List<string>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons List<string> - Which Gateways identified by the name or UID to install the policy on.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Management
Access stringRule Id - Name string
- Rule name.
- Position Dictionary<string, string>
- Position in the rulebase. Position blocks are documented below.
- Service
Negate bool - True if negate is set for service.
- Services List<string>
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources List<string>
- Collection of Network objects identified by the name or UID.
- Times List<string>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track Dictionary<string, string>
- Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities List<string> - Collection of VPN communities identified by name.
- Vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings map[string]string - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents []string
- List of processed file types that this rule applies on.
- Custom
Fields map[string]string - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations []string
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With []stringUid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons []string - Which Gateways identified by the name or UID to install the policy on.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Management
Access stringRule Id - Name string
- Rule name.
- Position map[string]string
- Position in the rulebase. Position blocks are documented below.
- Service
Negate bool - True if negate is set for service.
- Services []string
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources []string
- Collection of Network objects identified by the name or UID.
- Times []string
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track map[string]string
- Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities []string - Collection of VPN communities identified by name.
- Vpn
Directionals []ManagementAccess Rule Vpn Directional Args - Collection of VPN directional. VPN directional block documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Map<String,String> - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Map<String,String> - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- management
Access StringRule Id - name String
- Rule name.
- position Map<String,String>
- Position in the rulebase. Position blocks are documented below.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Map<String,String>
- Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings {[key: string]: string} - Action settings. Action settings blocks are documented below.
- comments string
- Comments string.
- content
Direction string - On which direction the file types processing is applied.
- content
Negate boolean - True if negate is set for data.
- contents string[]
- List of processed file types that this rule applies on.
- custom
Fields {[key: string]: string} - Custom fields. Custom fields blocks are documented below.
- destination
Negate boolean - True if negate is set for destination.
- destinations string[]
- Collection of Network objects identified by the name or UID.
- enabled boolean
- Enable/Disable the rule.
- fields
With string[]Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons string[] - Which Gateways identified by the name or UID to install the policy on.
- layer string
- Layer that the rule belongs to identified by the name or UID.
- management
Access stringRule Id - name string
- Rule name.
- position {[key: string]: string}
- Position in the rulebase. Position blocks are documented below.
- service
Negate boolean - True if negate is set for service.
- services string[]
- Collection of Network objects identified by the name or UID.
- source
Negate boolean - True if negate is set for source.
- sources string[]
- Collection of Network objects identified by the name or UID.
- times string[]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track {[key: string]: string}
- Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities string[] - Collection of VPN communities identified by name.
- vpn
Directionals ManagementAccess Rule Vpn Directional[] - Collection of VPN directional. VPN directional block documented below.
- action str
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action_
settings Mapping[str, str] - Action settings. Action settings blocks are documented below.
- comments str
- Comments string.
- content_
direction str - On which direction the file types processing is applied.
- content_
negate bool - True if negate is set for data.
- contents Sequence[str]
- List of processed file types that this rule applies on.
- custom_
fields Mapping[str, str] - Custom fields. Custom fields blocks are documented below.
- destination_
negate bool - True if negate is set for destination.
- destinations Sequence[str]
- Collection of Network objects identified by the name or UID.
- enabled bool
- Enable/Disable the rule.
- fields_
with_ Sequence[str]uid_ identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- inline_
layer str - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install_
ons Sequence[str] - Which Gateways identified by the name or UID to install the policy on.
- layer str
- Layer that the rule belongs to identified by the name or UID.
- management_
access_ strrule_ id - name str
- Rule name.
- position Mapping[str, str]
- Position in the rulebase. Position blocks are documented below.
- service_
negate bool - True if negate is set for service.
- services Sequence[str]
- Collection of Network objects identified by the name or UID.
- source_
negate bool - True if negate is set for source.
- sources Sequence[str]
- Collection of Network objects identified by the name or UID.
- times Sequence[str]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Mapping[str, str]
- Track Settings. Track Settings blocks are documented below.
- user_
check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- vpn str
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn_
communities Sequence[str] - Collection of VPN communities identified by name.
- vpn_
directionals Sequence[ManagementAccess Rule Vpn Directional Args] - Collection of VPN directional. VPN directional block documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Map<String> - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Map<String> - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- management
Access StringRule Id - name String
- Rule name.
- position Map<String>
- Position in the rulebase. Position blocks are documented below.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Map<String>
- Track Settings. Track Settings blocks are documented below.
- user
Check Property Map - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<Property Map> - Collection of VPN directional. VPN directional block documented below.
Supporting Types
ManagementAccessRuleUserCheck, ManagementAccessRuleUserCheckArgs
- Confirm string
- N/A.
- Custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- Frequency string
- N/A.
- Interaction string
- N/A.
- Confirm string
- N/A.
- Custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- Frequency string
- N/A.
- Interaction string
- N/A.
- confirm String
- N/A.
- custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency String
- N/A.
- interaction String
- N/A.
- confirm string
- N/A.
- custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency string
- N/A.
- interaction string
- N/A.
- confirm str
- N/A.
- custom_
frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency str
- N/A.
- interaction str
- N/A.
- confirm String
- N/A.
- custom
Frequency Property Map - N/A. Custom Frequency blocks are documented below.
- frequency String
- N/A.
- interaction String
- N/A.
ManagementAccessRuleUserCheckCustomFrequency, ManagementAccessRuleUserCheckCustomFrequencyArgs
ManagementAccessRuleVpnDirectional, ManagementAccessRuleVpnDirectionalArgs
Import
checkpoint_management_access_rule can be imported by using the following format: LAYER_NAME;RULE_UID
$ pulumi import checkpoint:index/managementAccessRule:ManagementAccessRule example "Network;9423d36f-2d66-4754-b9e2-e9f4493751d3"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- checkpoint checkpointsw/terraform-provider-checkpoint
- License
- Notes
- This Pulumi package is based on the
checkpointTerraform Provider.
checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw