Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
This resource allows you to add/update/delete Check Point Access Rule.
Create ManagementAccessRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagementAccessRule(name: string, args: ManagementAccessRuleArgs, opts?: CustomResourceOptions);@overload
def ManagementAccessRule(resource_name: str,
args: ManagementAccessRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagementAccessRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
layer: Optional[str] = None,
position: Optional[ManagementAccessRulePositionArgs] = None,
install_ons: Optional[Sequence[str]] = None,
vpn: Optional[str] = None,
content_negate: Optional[bool] = None,
contents: Optional[Sequence[str]] = None,
custom_fields: Optional[ManagementAccessRuleCustomFieldsArgs] = None,
destination_negate: Optional[bool] = None,
destinations: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
fields_with_uid_identifiers: Optional[Sequence[str]] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
management_access_rule_id: Optional[str] = None,
content_direction: Optional[str] = None,
action: Optional[str] = None,
inline_layer: Optional[str] = None,
name: Optional[str] = None,
action_settings: Optional[ManagementAccessRuleActionSettingsArgs] = None,
service_negate: Optional[bool] = None,
services: Optional[Sequence[str]] = None,
source_negate: Optional[bool] = None,
sources: Optional[Sequence[str]] = None,
times: Optional[Sequence[str]] = None,
track: Optional[ManagementAccessRuleTrackArgs] = None,
user_check: Optional[ManagementAccessRuleUserCheckArgs] = None,
comments: Optional[str] = None,
vpn_communities: Optional[Sequence[str]] = None,
vpn_directionals: Optional[Sequence[ManagementAccessRuleVpnDirectionalArgs]] = None)func NewManagementAccessRule(ctx *Context, name string, args ManagementAccessRuleArgs, opts ...ResourceOption) (*ManagementAccessRule, error)public ManagementAccessRule(string name, ManagementAccessRuleArgs args, CustomResourceOptions? opts = null)
public ManagementAccessRule(String name, ManagementAccessRuleArgs args)
public ManagementAccessRule(String name, ManagementAccessRuleArgs args, CustomResourceOptions options)
type: checkpoint:ManagementAccessRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagementAccessRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managementAccessRuleResource = new Checkpoint.Index.ManagementAccessRule("managementAccessRuleResource", new()
{
Layer = "string",
Position = new Checkpoint.Inputs.ManagementAccessRulePositionArgs
{
Above = "string",
Below = "string",
Bottom = "string",
Top = "string",
},
InstallOns = new[]
{
"string",
},
Vpn = "string",
ContentNegate = false,
Contents = new[]
{
"string",
},
CustomFields = new Checkpoint.Inputs.ManagementAccessRuleCustomFieldsArgs
{
Field1 = "string",
Field2 = "string",
Field3 = "string",
},
DestinationNegate = false,
Destinations = new[]
{
"string",
},
Enabled = false,
FieldsWithUidIdentifiers = new[]
{
"string",
},
IgnoreErrors = false,
IgnoreWarnings = false,
ManagementAccessRuleId = "string",
ContentDirection = "string",
Action = "string",
InlineLayer = "string",
Name = "string",
ActionSettings = new Checkpoint.Inputs.ManagementAccessRuleActionSettingsArgs
{
EnableIdentityCaptivePortal = false,
Limit = "string",
},
ServiceNegate = false,
Services = new[]
{
"string",
},
SourceNegate = false,
Sources = new[]
{
"string",
},
Times = new[]
{
"string",
},
Track = new Checkpoint.Inputs.ManagementAccessRuleTrackArgs
{
Accounting = false,
Alert = "string",
EnableFirewallSession = false,
PerConnection = false,
PerSession = false,
Type = "string",
},
UserCheck = new Checkpoint.Inputs.ManagementAccessRuleUserCheckArgs
{
Confirm = "string",
CustomFrequency = new Checkpoint.Inputs.ManagementAccessRuleUserCheckCustomFrequencyArgs
{
Every = 0,
Unit = "string",
},
Frequency = "string",
Interaction = "string",
},
Comments = "string",
VpnCommunities = new[]
{
"string",
},
VpnDirectionals = new[]
{
new Checkpoint.Inputs.ManagementAccessRuleVpnDirectionalArgs
{
From = "string",
To = "string",
},
},
});
example, err := checkpoint.NewManagementAccessRule(ctx, "managementAccessRuleResource", &checkpoint.ManagementAccessRuleArgs{
Layer: pulumi.String("string"),
Position: &checkpoint.ManagementAccessRulePositionArgs{
Above: pulumi.String("string"),
Below: pulumi.String("string"),
Bottom: pulumi.String("string"),
Top: pulumi.String("string"),
},
InstallOns: pulumi.StringArray{
pulumi.String("string"),
},
Vpn: pulumi.String("string"),
ContentNegate: pulumi.Bool(false),
Contents: pulumi.StringArray{
pulumi.String("string"),
},
CustomFields: &checkpoint.ManagementAccessRuleCustomFieldsArgs{
Field1: pulumi.String("string"),
Field2: pulumi.String("string"),
Field3: pulumi.String("string"),
},
DestinationNegate: pulumi.Bool(false),
Destinations: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
FieldsWithUidIdentifiers: pulumi.StringArray{
pulumi.String("string"),
},
IgnoreErrors: pulumi.Bool(false),
IgnoreWarnings: pulumi.Bool(false),
ManagementAccessRuleId: pulumi.String("string"),
ContentDirection: pulumi.String("string"),
Action: pulumi.String("string"),
InlineLayer: pulumi.String("string"),
Name: pulumi.String("string"),
ActionSettings: &checkpoint.ManagementAccessRuleActionSettingsArgs{
EnableIdentityCaptivePortal: pulumi.Bool(false),
Limit: pulumi.String("string"),
},
ServiceNegate: pulumi.Bool(false),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceNegate: pulumi.Bool(false),
Sources: pulumi.StringArray{
pulumi.String("string"),
},
Times: pulumi.StringArray{
pulumi.String("string"),
},
Track: &checkpoint.ManagementAccessRuleTrackArgs{
Accounting: pulumi.Bool(false),
Alert: pulumi.String("string"),
EnableFirewallSession: pulumi.Bool(false),
PerConnection: pulumi.Bool(false),
PerSession: pulumi.Bool(false),
Type: pulumi.String("string"),
},
UserCheck: &checkpoint.ManagementAccessRuleUserCheckArgs{
Confirm: pulumi.String("string"),
CustomFrequency: &checkpoint.ManagementAccessRuleUserCheckCustomFrequencyArgs{
Every: pulumi.Float64(0),
Unit: pulumi.String("string"),
},
Frequency: pulumi.String("string"),
Interaction: pulumi.String("string"),
},
Comments: pulumi.String("string"),
VpnCommunities: pulumi.StringArray{
pulumi.String("string"),
},
VpnDirectionals: checkpoint.ManagementAccessRuleVpnDirectionalArray{
&checkpoint.ManagementAccessRuleVpnDirectionalArgs{
From: pulumi.String("string"),
To: pulumi.String("string"),
},
},
})
var managementAccessRuleResource = new ManagementAccessRule("managementAccessRuleResource", ManagementAccessRuleArgs.builder()
.layer("string")
.position(ManagementAccessRulePositionArgs.builder()
.above("string")
.below("string")
.bottom("string")
.top("string")
.build())
.installOns("string")
.vpn("string")
.contentNegate(false)
.contents("string")
.customFields(ManagementAccessRuleCustomFieldsArgs.builder()
.field1("string")
.field2("string")
.field3("string")
.build())
.destinationNegate(false)
.destinations("string")
.enabled(false)
.fieldsWithUidIdentifiers("string")
.ignoreErrors(false)
.ignoreWarnings(false)
.managementAccessRuleId("string")
.contentDirection("string")
.action("string")
.inlineLayer("string")
.name("string")
.actionSettings(ManagementAccessRuleActionSettingsArgs.builder()
.enableIdentityCaptivePortal(false)
.limit("string")
.build())
.serviceNegate(false)
.services("string")
.sourceNegate(false)
.sources("string")
.times("string")
.track(ManagementAccessRuleTrackArgs.builder()
.accounting(false)
.alert("string")
.enableFirewallSession(false)
.perConnection(false)
.perSession(false)
.type("string")
.build())
.userCheck(ManagementAccessRuleUserCheckArgs.builder()
.confirm("string")
.customFrequency(ManagementAccessRuleUserCheckCustomFrequencyArgs.builder()
.every(0.0)
.unit("string")
.build())
.frequency("string")
.interaction("string")
.build())
.comments("string")
.vpnCommunities("string")
.vpnDirectionals(ManagementAccessRuleVpnDirectionalArgs.builder()
.from("string")
.to("string")
.build())
.build());
management_access_rule_resource = checkpoint.ManagementAccessRule("managementAccessRuleResource",
layer="string",
position={
"above": "string",
"below": "string",
"bottom": "string",
"top": "string",
},
install_ons=["string"],
vpn="string",
content_negate=False,
contents=["string"],
custom_fields={
"field1": "string",
"field2": "string",
"field3": "string",
},
destination_negate=False,
destinations=["string"],
enabled=False,
fields_with_uid_identifiers=["string"],
ignore_errors=False,
ignore_warnings=False,
management_access_rule_id="string",
content_direction="string",
action="string",
inline_layer="string",
name="string",
action_settings={
"enable_identity_captive_portal": False,
"limit": "string",
},
service_negate=False,
services=["string"],
source_negate=False,
sources=["string"],
times=["string"],
track={
"accounting": False,
"alert": "string",
"enable_firewall_session": False,
"per_connection": False,
"per_session": False,
"type": "string",
},
user_check={
"confirm": "string",
"custom_frequency": {
"every": 0,
"unit": "string",
},
"frequency": "string",
"interaction": "string",
},
comments="string",
vpn_communities=["string"],
vpn_directionals=[{
"from_": "string",
"to": "string",
}])
const managementAccessRuleResource = new checkpoint.ManagementAccessRule("managementAccessRuleResource", {
layer: "string",
position: {
above: "string",
below: "string",
bottom: "string",
top: "string",
},
installOns: ["string"],
vpn: "string",
contentNegate: false,
contents: ["string"],
customFields: {
field1: "string",
field2: "string",
field3: "string",
},
destinationNegate: false,
destinations: ["string"],
enabled: false,
fieldsWithUidIdentifiers: ["string"],
ignoreErrors: false,
ignoreWarnings: false,
managementAccessRuleId: "string",
contentDirection: "string",
action: "string",
inlineLayer: "string",
name: "string",
actionSettings: {
enableIdentityCaptivePortal: false,
limit: "string",
},
serviceNegate: false,
services: ["string"],
sourceNegate: false,
sources: ["string"],
times: ["string"],
track: {
accounting: false,
alert: "string",
enableFirewallSession: false,
perConnection: false,
perSession: false,
type: "string",
},
userCheck: {
confirm: "string",
customFrequency: {
every: 0,
unit: "string",
},
frequency: "string",
interaction: "string",
},
comments: "string",
vpnCommunities: ["string"],
vpnDirectionals: [{
from: "string",
to: "string",
}],
});
type: checkpoint:ManagementAccessRule
properties:
action: string
actionSettings:
enableIdentityCaptivePortal: false
limit: string
comments: string
contentDirection: string
contentNegate: false
contents:
- string
customFields:
field1: string
field2: string
field3: string
destinationNegate: false
destinations:
- string
enabled: false
fieldsWithUidIdentifiers:
- string
ignoreErrors: false
ignoreWarnings: false
inlineLayer: string
installOns:
- string
layer: string
managementAccessRuleId: string
name: string
position:
above: string
below: string
bottom: string
top: string
serviceNegate: false
services:
- string
sourceNegate: false
sources:
- string
times:
- string
track:
accounting: false
alert: string
enableFirewallSession: false
perConnection: false
perSession: false
type: string
userCheck:
confirm: string
customFrequency:
every: 0
unit: string
frequency: string
interaction: string
vpn: string
vpnCommunities:
- string
vpnDirectionals:
- from: string
to: string
ManagementAccessRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagementAccessRule resource accepts the following input properties:
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents List<string>
- List of processed file types that this rule applies on.
- Custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations List<string>
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With List<string>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons List<string> - Which Gateways identified by the name or UID to install the policy on.
- Management
Access stringRule Id - Name string
- Rule name.
- Service
Negate bool - True if negate is set for service.
- Services List<string>
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources List<string>
- Collection of Network objects identified by the name or UID.
- Times List<string>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities List<string> - Collection of VPN communities identified by name.
- Vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Position
Management
Access Rule Position Args - Position in the rulebase. Position blocks are documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings ManagementAccess Rule Action Settings Args - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents []string
- List of processed file types that this rule applies on.
- Custom
Fields ManagementAccess Rule Custom Fields Args - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations []string
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With []stringUid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons []string - Which Gateways identified by the name or UID to install the policy on.
- Management
Access stringRule Id - Name string
- Rule name.
- Service
Negate bool - True if negate is set for service.
- Services []string
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources []string
- Collection of Network objects identified by the name or UID.
- Times []string
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track
Management
Access Rule Track Args - Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities []string - Collection of VPN communities identified by name.
- Vpn
Directionals []ManagementAccess Rule Vpn Directional Args - Collection of VPN directional. VPN directional block documented below.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- management
Access StringRule Id - name String
- Rule name.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- layer string
- Layer that the rule belongs to identified by the name or UID.
- position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- comments string
- Comments string.
- content
Direction string - On which direction the file types processing is applied.
- content
Negate boolean - True if negate is set for data.
- contents string[]
- List of processed file types that this rule applies on.
- custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- destination
Negate boolean - True if negate is set for destination.
- destinations string[]
- Collection of Network objects identified by the name or UID.
- enabled boolean
- Enable/Disable the rule.
- fields
With string[]Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons string[] - Which Gateways identified by the name or UID to install the policy on.
- management
Access stringRule Id - name string
- Rule name.
- service
Negate boolean - True if negate is set for service.
- services string[]
- Collection of Network objects identified by the name or UID.
- source
Negate boolean - True if negate is set for source.
- sources string[]
- Collection of Network objects identified by the name or UID.
- times string[]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities string[] - Collection of VPN communities identified by name.
- vpn
Directionals ManagementAccess Rule Vpn Directional[] - Collection of VPN directional. VPN directional block documented below.
- layer str
- Layer that the rule belongs to identified by the name or UID.
- position
Management
Access Rule Position Args - Position in the rulebase. Position blocks are documented below.
- action str
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action_
settings ManagementAccess Rule Action Settings Args - Action settings. Action settings blocks are documented below.
- comments str
- Comments string.
- content_
direction str - On which direction the file types processing is applied.
- content_
negate bool - True if negate is set for data.
- contents Sequence[str]
- List of processed file types that this rule applies on.
- custom_
fields ManagementAccess Rule Custom Fields Args - Custom fields. Custom fields blocks are documented below.
- destination_
negate bool - True if negate is set for destination.
- destinations Sequence[str]
- Collection of Network objects identified by the name or UID.
- enabled bool
- Enable/Disable the rule.
- fields_
with_ Sequence[str]uid_ identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- inline_
layer str - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install_
ons Sequence[str] - Which Gateways identified by the name or UID to install the policy on.
- management_
access_ strrule_ id - name str
- Rule name.
- service_
negate bool - True if negate is set for service.
- services Sequence[str]
- Collection of Network objects identified by the name or UID.
- source_
negate bool - True if negate is set for source.
- sources Sequence[str]
- Collection of Network objects identified by the name or UID.
- times Sequence[str]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track Args - Track Settings. Track Settings blocks are documented below.
- user_
check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- vpn str
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn_
communities Sequence[str] - Collection of VPN communities identified by name.
- vpn_
directionals Sequence[ManagementAccess Rule Vpn Directional Args] - Collection of VPN directional. VPN directional block documented below.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- position Property Map
- Position in the rulebase. Position blocks are documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Property Map - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Property Map - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- management
Access StringRule Id - name String
- Rule name.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Property Map
- Track Settings. Track Settings blocks are documented below.
- user
Check Property Map - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<Property Map> - Collection of VPN directional. VPN directional block documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagementAccessRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagementAccessRule Resource
Get an existing ManagementAccessRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagementAccessRuleState, opts?: CustomResourceOptions): ManagementAccessRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
action_settings: Optional[ManagementAccessRuleActionSettingsArgs] = None,
comments: Optional[str] = None,
content_direction: Optional[str] = None,
content_negate: Optional[bool] = None,
contents: Optional[Sequence[str]] = None,
custom_fields: Optional[ManagementAccessRuleCustomFieldsArgs] = None,
destination_negate: Optional[bool] = None,
destinations: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
fields_with_uid_identifiers: Optional[Sequence[str]] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
inline_layer: Optional[str] = None,
install_ons: Optional[Sequence[str]] = None,
layer: Optional[str] = None,
management_access_rule_id: Optional[str] = None,
name: Optional[str] = None,
position: Optional[ManagementAccessRulePositionArgs] = None,
service_negate: Optional[bool] = None,
services: Optional[Sequence[str]] = None,
source_negate: Optional[bool] = None,
sources: Optional[Sequence[str]] = None,
times: Optional[Sequence[str]] = None,
track: Optional[ManagementAccessRuleTrackArgs] = None,
user_check: Optional[ManagementAccessRuleUserCheckArgs] = None,
vpn: Optional[str] = None,
vpn_communities: Optional[Sequence[str]] = None,
vpn_directionals: Optional[Sequence[ManagementAccessRuleVpnDirectionalArgs]] = None) -> ManagementAccessRulefunc GetManagementAccessRule(ctx *Context, name string, id IDInput, state *ManagementAccessRuleState, opts ...ResourceOption) (*ManagementAccessRule, error)public static ManagementAccessRule Get(string name, Input<string> id, ManagementAccessRuleState? state, CustomResourceOptions? opts = null)public static ManagementAccessRule get(String name, Output<String> id, ManagementAccessRuleState state, CustomResourceOptions options)resources: _: type: checkpoint:ManagementAccessRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents List<string>
- List of processed file types that this rule applies on.
- Custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations List<string>
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With List<string>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons List<string> - Which Gateways identified by the name or UID to install the policy on.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Management
Access stringRule Id - Name string
- Rule name.
- Position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- Service
Negate bool - True if negate is set for service.
- Services List<string>
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources List<string>
- Collection of Network objects identified by the name or UID.
- Times List<string>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities List<string> - Collection of VPN communities identified by name.
- Vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- Action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- Action
Settings ManagementAccess Rule Action Settings Args - Action settings. Action settings blocks are documented below.
- Comments string
- Comments string.
- Content
Direction string - On which direction the file types processing is applied.
- Content
Negate bool - True if negate is set for data.
- Contents []string
- List of processed file types that this rule applies on.
- Custom
Fields ManagementAccess Rule Custom Fields Args - Custom fields. Custom fields blocks are documented below.
- Destination
Negate bool - True if negate is set for destination.
- Destinations []string
- Collection of Network objects identified by the name or UID.
- Enabled bool
- Enable/Disable the rule.
- Fields
With []stringUid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- Install
Ons []string - Which Gateways identified by the name or UID to install the policy on.
- Layer string
- Layer that the rule belongs to identified by the name or UID.
- Management
Access stringRule Id - Name string
- Rule name.
- Position
Management
Access Rule Position Args - Position in the rulebase. Position blocks are documented below.
- Service
Negate bool - True if negate is set for service.
- Services []string
- Collection of Network objects identified by the name or UID.
- Source
Negate bool - True if negate is set for source.
- Sources []string
- Collection of Network objects identified by the name or UID.
- Times []string
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- Track
Management
Access Rule Track Args - Track Settings. Track Settings blocks are documented below.
- User
Check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- Vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- Vpn
Communities []string - Collection of VPN communities identified by name.
- Vpn
Directionals []ManagementAccess Rule Vpn Directional Args - Collection of VPN directional. VPN directional block documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- management
Access StringRule Id - name String
- Rule name.
- position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<ManagementAccess Rule Vpn Directional> - Collection of VPN directional. VPN directional block documented below.
- action string
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings ManagementAccess Rule Action Settings - Action settings. Action settings blocks are documented below.
- comments string
- Comments string.
- content
Direction string - On which direction the file types processing is applied.
- content
Negate boolean - True if negate is set for data.
- contents string[]
- List of processed file types that this rule applies on.
- custom
Fields ManagementAccess Rule Custom Fields - Custom fields. Custom fields blocks are documented below.
- destination
Negate boolean - True if negate is set for destination.
- destinations string[]
- Collection of Network objects identified by the name or UID.
- enabled boolean
- Enable/Disable the rule.
- fields
With string[]Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- inline
Layer string - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons string[] - Which Gateways identified by the name or UID to install the policy on.
- layer string
- Layer that the rule belongs to identified by the name or UID.
- management
Access stringRule Id - name string
- Rule name.
- position
Management
Access Rule Position - Position in the rulebase. Position blocks are documented below.
- service
Negate boolean - True if negate is set for service.
- services string[]
- Collection of Network objects identified by the name or UID.
- source
Negate boolean - True if negate is set for source.
- sources string[]
- Collection of Network objects identified by the name or UID.
- times string[]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track - Track Settings. Track Settings blocks are documented below.
- user
Check ManagementAccess Rule User Check - User check settings. User check settings blocks are documented below.
- vpn string
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities string[] - Collection of VPN communities identified by name.
- vpn
Directionals ManagementAccess Rule Vpn Directional[] - Collection of VPN directional. VPN directional block documented below.
- action str
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action_
settings ManagementAccess Rule Action Settings Args - Action settings. Action settings blocks are documented below.
- comments str
- Comments string.
- content_
direction str - On which direction the file types processing is applied.
- content_
negate bool - True if negate is set for data.
- contents Sequence[str]
- List of processed file types that this rule applies on.
- custom_
fields ManagementAccess Rule Custom Fields Args - Custom fields. Custom fields blocks are documented below.
- destination_
negate bool - True if negate is set for destination.
- destinations Sequence[str]
- Collection of Network objects identified by the name or UID.
- enabled bool
- Enable/Disable the rule.
- fields_
with_ Sequence[str]uid_ identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- inline_
layer str - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install_
ons Sequence[str] - Which Gateways identified by the name or UID to install the policy on.
- layer str
- Layer that the rule belongs to identified by the name or UID.
- management_
access_ strrule_ id - name str
- Rule name.
- position
Management
Access Rule Position Args - Position in the rulebase. Position blocks are documented below.
- service_
negate bool - True if negate is set for service.
- services Sequence[str]
- Collection of Network objects identified by the name or UID.
- source_
negate bool - True if negate is set for source.
- sources Sequence[str]
- Collection of Network objects identified by the name or UID.
- times Sequence[str]
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track
Management
Access Rule Track Args - Track Settings. Track Settings blocks are documented below.
- user_
check ManagementAccess Rule User Check Args - User check settings. User check settings blocks are documented below.
- vpn str
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn_
communities Sequence[str] - Collection of VPN communities identified by name.
- vpn_
directionals Sequence[ManagementAccess Rule Vpn Directional Args] - Collection of VPN directional. VPN directional block documented below.
- action String
- Valid values: "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
- action
Settings Property Map - Action settings. Action settings blocks are documented below.
- comments String
- Comments string.
- content
Direction String - On which direction the file types processing is applied.
- content
Negate Boolean - True if negate is set for data.
- contents List<String>
- List of processed file types that this rule applies on.
- custom
Fields Property Map - Custom fields. Custom fields blocks are documented below.
- destination
Negate Boolean - True if negate is set for destination.
- destinations List<String>
- Collection of Network objects identified by the name or UID.
- enabled Boolean
- Enable/Disable the rule.
- fields
With List<String>Uid Identifiers - List of resource fields that will use object UIDs as object identifiers. Default is object name.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- inline
Layer String - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
- install
Ons List<String> - Which Gateways identified by the name or UID to install the policy on.
- layer String
- Layer that the rule belongs to identified by the name or UID.
- management
Access StringRule Id - name String
- Rule name.
- position Property Map
- Position in the rulebase. Position blocks are documented below.
- service
Negate Boolean - True if negate is set for service.
- services List<String>
- Collection of Network objects identified by the name or UID.
- source
Negate Boolean - True if negate is set for source.
- sources List<String>
- Collection of Network objects identified by the name or UID.
- times List<String>
- List of time objects. For example: "Weekend", "Off-Work", "Every-Day".
- track Property Map
- Track Settings. Track Settings blocks are documented below.
- user
Check Property Map - User check settings. User check settings blocks are documented below.
- vpn String
- VPN community identified by name or "Any" or "All_GwToGw".
- vpn
Communities List<String> - Collection of VPN communities identified by name.
- vpn
Directionals List<Property Map> - Collection of VPN directional. VPN directional block documented below.
Supporting Types
ManagementAccessRuleActionSettings, ManagementAccessRuleActionSettingsArgs
- Enable
Identity boolCaptive Portal - N/A.
- Limit string
- N/A.
- Enable
Identity boolCaptive Portal - N/A.
- Limit string
- N/A.
- enable
Identity BooleanCaptive Portal - N/A.
- limit String
- N/A.
- enable
Identity booleanCaptive Portal - N/A.
- limit string
- N/A.
- enable_
identity_ boolcaptive_ portal - N/A.
- limit str
- N/A.
- enable
Identity BooleanCaptive Portal - N/A.
- limit String
- N/A.
ManagementAccessRuleCustomFields, ManagementAccessRuleCustomFieldsArgs
ManagementAccessRulePosition, ManagementAccessRulePositionArgs
ManagementAccessRuleTrack, ManagementAccessRuleTrackArgs
- Accounting bool
- Turns accounting for track on and off.
- Alert string
- Type of alert for the track.
- Enable
Firewall boolSession - Determine whether to generate session log to firewall only connections.
- Per
Connection bool - Determines whether to perform the log per connection.
- Per
Session bool - Determines whether to perform the log per session.
- Type string
- "Log", "Extended Log", "Detailed Log", "None".
- Accounting bool
- Turns accounting for track on and off.
- Alert string
- Type of alert for the track.
- Enable
Firewall boolSession - Determine whether to generate session log to firewall only connections.
- Per
Connection bool - Determines whether to perform the log per connection.
- Per
Session bool - Determines whether to perform the log per session.
- Type string
- "Log", "Extended Log", "Detailed Log", "None".
- accounting Boolean
- Turns accounting for track on and off.
- alert String
- Type of alert for the track.
- enable
Firewall BooleanSession - Determine whether to generate session log to firewall only connections.
- per
Connection Boolean - Determines whether to perform the log per connection.
- per
Session Boolean - Determines whether to perform the log per session.
- type String
- "Log", "Extended Log", "Detailed Log", "None".
- accounting boolean
- Turns accounting for track on and off.
- alert string
- Type of alert for the track.
- enable
Firewall booleanSession - Determine whether to generate session log to firewall only connections.
- per
Connection boolean - Determines whether to perform the log per connection.
- per
Session boolean - Determines whether to perform the log per session.
- type string
- "Log", "Extended Log", "Detailed Log", "None".
- accounting bool
- Turns accounting for track on and off.
- alert str
- Type of alert for the track.
- enable_
firewall_ boolsession - Determine whether to generate session log to firewall only connections.
- per_
connection bool - Determines whether to perform the log per connection.
- per_
session bool - Determines whether to perform the log per session.
- type str
- "Log", "Extended Log", "Detailed Log", "None".
- accounting Boolean
- Turns accounting for track on and off.
- alert String
- Type of alert for the track.
- enable
Firewall BooleanSession - Determine whether to generate session log to firewall only connections.
- per
Connection Boolean - Determines whether to perform the log per connection.
- per
Session Boolean - Determines whether to perform the log per session.
- type String
- "Log", "Extended Log", "Detailed Log", "None".
ManagementAccessRuleUserCheck, ManagementAccessRuleUserCheckArgs
- Confirm string
- N/A.
- Custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- Frequency string
- N/A.
- Interaction string
- N/A.
- Confirm string
- N/A.
- Custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- Frequency string
- N/A.
- Interaction string
- N/A.
- confirm String
- N/A.
- custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency String
- N/A.
- interaction String
- N/A.
- confirm string
- N/A.
- custom
Frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency string
- N/A.
- interaction string
- N/A.
- confirm str
- N/A.
- custom_
frequency ManagementAccess Rule User Check Custom Frequency - N/A. Custom Frequency blocks are documented below.
- frequency str
- N/A.
- interaction str
- N/A.
- confirm String
- N/A.
- custom
Frequency Property Map - N/A. Custom Frequency blocks are documented below.
- frequency String
- N/A.
- interaction String
- N/A.
ManagementAccessRuleUserCheckCustomFrequency, ManagementAccessRuleUserCheckCustomFrequencyArgs
ManagementAccessRuleVpnDirectional, ManagementAccessRuleVpnDirectionalArgs
Import
checkpoint_management_access_rule can be imported by using the following format: LAYER_NAME;RULE_UID
$ pulumi import checkpoint:index/managementAccessRule:ManagementAccessRule example "Network;9423d36f-2d66-4754-b9e2-e9f4493751d3"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- checkpoint checkpointsw/terraform-provider-checkpoint
- License
- Notes
- This Pulumi package is based on the
checkpointTerraform Provider.
Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
