Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.getZeroTrustGatewayPolicies

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustGatewayPolicies = cloudflare.getZeroTrustGatewayPolicies({
    accountId: "699d98642c564d2e855e9661899b7252",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_gateway_policies = cloudflare.get_zero_trust_gateway_policies(account_id="699d98642c564d2e855e9661899b7252")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustGatewayPolicies(ctx, &cloudflare.LookupZeroTrustGatewayPoliciesArgs{
			AccountId: "699d98642c564d2e855e9661899b7252",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustGatewayPolicies = Cloudflare.GetZeroTrustGatewayPolicies.Invoke(new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustGatewayPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustGatewayPolicies = CloudflareFunctions.getZeroTrustGatewayPolicies(GetZeroTrustGatewayPoliciesArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .build());

    }
}

variables:
  exampleZeroTrustGatewayPolicies:
    fn::invoke:
      function: cloudflare:getZeroTrustGatewayPolicies
      arguments:
        accountId: 699d98642c564d2e855e9661899b7252

Using getZeroTrustGatewayPolicies

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getZeroTrustGatewayPolicies(args: GetZeroTrustGatewayPoliciesArgs, opts?: InvokeOptions): Promise<GetZeroTrustGatewayPoliciesResult>
function getZeroTrustGatewayPoliciesOutput(args: GetZeroTrustGatewayPoliciesOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustGatewayPoliciesResult>

def get_zero_trust_gateway_policies(account_id: Optional[str] = None,
                                    max_items: Optional[int] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetZeroTrustGatewayPoliciesResult
def get_zero_trust_gateway_policies_output(account_id: Optional[pulumi.Input[str]] = None,
                                    max_items: Optional[pulumi.Input[int]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustGatewayPoliciesResult]

func LookupZeroTrustGatewayPolicies(ctx *Context, args *LookupZeroTrustGatewayPoliciesArgs, opts ...InvokeOption) (*LookupZeroTrustGatewayPoliciesResult, error)
func LookupZeroTrustGatewayPoliciesOutput(ctx *Context, args *LookupZeroTrustGatewayPoliciesOutputArgs, opts ...InvokeOption) LookupZeroTrustGatewayPoliciesResultOutput

> Note: This function is named LookupZeroTrustGatewayPolicies in the Go SDK.

public static class GetZeroTrustGatewayPolicies 
{
    public static Task<GetZeroTrustGatewayPoliciesResult> InvokeAsync(GetZeroTrustGatewayPoliciesArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustGatewayPoliciesResult> Invoke(GetZeroTrustGatewayPoliciesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustGatewayPoliciesResult> getZeroTrustGatewayPolicies(GetZeroTrustGatewayPoliciesArgs args, InvokeOptions options)
public static Output<GetZeroTrustGatewayPoliciesResult> getZeroTrustGatewayPolicies(GetZeroTrustGatewayPoliciesArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustGatewayPolicies:getZeroTrustGatewayPolicies
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string
MaxItems int: Max items to fetch, default: 1000

AccountId string
MaxItems int: Max items to fetch, default: 1000

accountId String
maxItems Integer: Max items to fetch, default: 1000

accountId string
maxItems number: Max items to fetch, default: 1000

account_id str
max_items int: Max items to fetch, default: 1000

accountId String
maxItems Number: Max items to fetch, default: 1000

getZeroTrustGatewayPolicies Result

The following output properties are available:

AccountId string
Id string: The provider-assigned unique ID for this managed resource.
Results List<GetZeroTrustGatewayPoliciesResult>: The items returned by the data source
MaxItems int: Max items to fetch, default: 1000

AccountId string
Id string: The provider-assigned unique ID for this managed resource.
Results []GetZeroTrustGatewayPoliciesResult: The items returned by the data source
MaxItems int: Max items to fetch, default: 1000

accountId String
id String: The provider-assigned unique ID for this managed resource.
results List<GetZeroTrustGatewayPoliciesResult>: The items returned by the data source
maxItems Integer: Max items to fetch, default: 1000

accountId string
id string: The provider-assigned unique ID for this managed resource.
results GetZeroTrustGatewayPoliciesResult[]: The items returned by the data source
maxItems number: Max items to fetch, default: 1000

account_id str
id str: The provider-assigned unique ID for this managed resource.
results Sequence[GetZeroTrustGatewayPoliciesResult]: The items returned by the data source
max_items int: Max items to fetch, default: 1000

accountId String
id String: The provider-assigned unique ID for this managed resource.
results List<Property Map>: The items returned by the data source
maxItems Number: Max items to fetch, default: 1000

Supporting Types

GetZeroTrustGatewayPoliciesResult

Action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Date of deletion, if any.
Description string: The description of the rule.
DevicePosture string: The wirefilter expression used for device posture check matching.
Enabled bool: True if the rule is enabled.
Expiration GetZeroTrustGatewayPoliciesResultExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
Filters List<string>: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
Id string: The API resource UUID.
Identity string: The wirefilter expression used for identity matching.
Name string: The name of the rule.
Precedence int: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
RuleSettings GetZeroTrustGatewayPoliciesResultRuleSettings: Additional settings that modify the rule's action.
Schedule GetZeroTrustGatewayPoliciesResultSchedule: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
Traffic string: The wirefilter expression used for traffic matching.
UpdatedAt string
Version int: version number of the rule

Action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Date of deletion, if any.
Description string: The description of the rule.
DevicePosture string: The wirefilter expression used for device posture check matching.
Enabled bool: True if the rule is enabled.
Expiration GetZeroTrustGatewayPoliciesResultExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
Filters []string: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
Id string: The API resource UUID.
Identity string: The wirefilter expression used for identity matching.
Name string: The name of the rule.
Precedence int: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
RuleSettings GetZeroTrustGatewayPoliciesResultRuleSettings: Additional settings that modify the rule's action.
Schedule GetZeroTrustGatewayPoliciesResultSchedule: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
Traffic string: The wirefilter expression used for traffic matching.
UpdatedAt string
Version int: version number of the rule

action String: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Date of deletion, if any.
description String: The description of the rule.
devicePosture String: The wirefilter expression used for device posture check matching.
enabled Boolean: True if the rule is enabled.
expiration GetZeroTrustGatewayPoliciesResultExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters List<String>: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
id String: The API resource UUID.
identity String: The wirefilter expression used for identity matching.
name String: The name of the rule.
precedence Integer: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
ruleSettings GetZeroTrustGatewayPoliciesResultRuleSettings: Additional settings that modify the rule's action.
schedule GetZeroTrustGatewayPoliciesResultSchedule: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
traffic String: The wirefilter expression used for traffic matching.
updatedAt String
version Integer: version number of the rule

action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt string
deletedAt string: Date of deletion, if any.
description string: The description of the rule.
devicePosture string: The wirefilter expression used for device posture check matching.
enabled boolean: True if the rule is enabled.
expiration GetZeroTrustGatewayPoliciesResultExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters string[]: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
id string: The API resource UUID.
identity string: The wirefilter expression used for identity matching.
name string: The name of the rule.
precedence number: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
ruleSettings GetZeroTrustGatewayPoliciesResultRuleSettings: Additional settings that modify the rule's action.
schedule GetZeroTrustGatewayPoliciesResultSchedule: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
traffic string: The wirefilter expression used for traffic matching.
updatedAt string
version number: version number of the rule

action str: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
created_at str
deleted_at str: Date of deletion, if any.
description str: The description of the rule.
device_posture str: The wirefilter expression used for device posture check matching.
enabled bool: True if the rule is enabled.
expiration GetZeroTrustGatewayPoliciesResultExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters Sequence[str]: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
id str: The API resource UUID.
identity str: The wirefilter expression used for identity matching.
name str: The name of the rule.
precedence int: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
rule_settings GetZeroTrustGatewayPoliciesResultRuleSettings: Additional settings that modify the rule's action.
schedule GetZeroTrustGatewayPoliciesResultSchedule: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
traffic str: The wirefilter expression used for traffic matching.
updated_at str
version int: version number of the rule

action String: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Date of deletion, if any.
description String: The description of the rule.
devicePosture String: The wirefilter expression used for device posture check matching.
enabled Boolean: True if the rule is enabled.
expiration Property Map: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters List<String>: The protocol or layer to evaluate the traffic, identity, and device posture expressions.
id String: The API resource UUID.
identity String: The wirefilter expression used for identity matching.
name String: The name of the rule.
precedence Number: Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
ruleSettings Property Map: Additional settings that modify the rule's action.
schedule Property Map: The schedule for activating DNS policies. This does not apply to HTTP or network policies.
traffic String: The wirefilter expression used for traffic matching.
updatedAt String
version Number: version number of the rule

GetZeroTrustGatewayPoliciesResultExpiration

Duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
Expired bool: Whether the policy has expired.
ExpiresAt string: The time stamp at which the policy will expire and cease to be applied.

Duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
Expired bool: Whether the policy has expired.
ExpiresAt string: The time stamp at which the policy will expire and cease to be applied.

duration Integer: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Whether the policy has expired.
expiresAt String: The time stamp at which the policy will expire and cease to be applied.

duration number: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired boolean: Whether the policy has expired.
expiresAt string: The time stamp at which the policy will expire and cease to be applied.

duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired bool: Whether the policy has expired.
expires_at str: The time stamp at which the policy will expire and cease to be applied.

duration Number: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Whether the policy has expired.
expiresAt String: The time stamp at which the policy will expire and cease to be applied.

GetZeroTrustGatewayPoliciesResultRuleSettings

AddHeaders Dictionary<string, string>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
AllowChildBypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
AuditSsh GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh: Settings for the Audit SSH action.
BisoAdminControls GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
BlockPageEnabled bool: Enable the custom block page.
BlockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
BypassParentRule bool: Set by children MSP accounts to bypass their parent's rules.
CheckSession GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession: Configure how session check behaves.
DnsResolvers GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
Egress GetZeroTrustGatewayPoliciesResultRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
IgnoreCnameCategoryMatches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
InsecureDisableDnssecValidation bool: INSECURE - disable DNSSEC validation (for Allow actions).
IpCategories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
IpIndicatorFeeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
L4override GetZeroTrustGatewayPoliciesResultRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
NotificationSettings GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
OverrideHost string: Override matching DNS queries with a hostname.
OverrideIps List<string>: Override matching DNS queries with an IP or set of IPs.
PayloadLog GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog: Configure DLP payload logging.
Quarantine GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine: Settings that apply to quarantine rules
Redirect GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect: Settings that apply to redirect rules
ResolveDnsInternally GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
UntrustedCert GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

AddHeaders map[string]string: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
AllowChildBypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
AuditSsh GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh: Settings for the Audit SSH action.
BisoAdminControls GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
BlockPageEnabled bool: Enable the custom block page.
BlockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
BypassParentRule bool: Set by children MSP accounts to bypass their parent's rules.
CheckSession GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession: Configure how session check behaves.
DnsResolvers GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
Egress GetZeroTrustGatewayPoliciesResultRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
IgnoreCnameCategoryMatches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
InsecureDisableDnssecValidation bool: INSECURE - disable DNSSEC validation (for Allow actions).
IpCategories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
IpIndicatorFeeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
L4override GetZeroTrustGatewayPoliciesResultRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
NotificationSettings GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
OverrideHost string: Override matching DNS queries with a hostname.
OverrideIps []string: Override matching DNS queries with an IP or set of IPs.
PayloadLog GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog: Configure DLP payload logging.
Quarantine GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine: Settings that apply to quarantine rules
Redirect GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect: Settings that apply to redirect rules
ResolveDnsInternally GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
UntrustedCert GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders Map<String,String>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass Boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh: Settings for the Audit SSH action.
bisoAdminControls GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
blockPageEnabled Boolean: Enable the custom block page.
blockReason String: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule Boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession: Configure how session check behaves.
dnsResolvers GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPoliciesResultRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches Boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation Boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories Boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds Boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPoliciesResultRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notificationSettings GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
overrideHost String: Override matching DNS queries with a hostname.
overrideIps List<String>: Override matching DNS queries with an IP or set of IPs.
payloadLog GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect: Settings that apply to redirect rules
resolveDnsInternally GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders {[key: string]: string}: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh: Settings for the Audit SSH action.
bisoAdminControls GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
blockPageEnabled boolean: Enable the custom block page.
blockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession: Configure how session check behaves.
dnsResolvers GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPoliciesResultRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPoliciesResultRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notificationSettings GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
overrideHost string: Override matching DNS queries with a hostname.
overrideIps string[]: Override matching DNS queries with an IP or set of IPs.
payloadLog GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect: Settings that apply to redirect rules
resolveDnsInternally GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

add_headers Mapping[str, str]: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allow_child_bypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
audit_ssh GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh: Settings for the Audit SSH action.
biso_admin_controls GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
block_page_enabled bool: Enable the custom block page.
block_reason str: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypass_parent_rule bool: Set by children MSP accounts to bypass their parent's rules.
check_session GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession: Configure how session check behaves.
dns_resolvers GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPoliciesResultRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignore_cname_category_matches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecure_disable_dnssec_validation bool: INSECURE - disable DNSSEC validation (for Allow actions).
ip_categories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ip_indicator_feeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPoliciesResultRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notification_settings GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
override_host str: Override matching DNS queries with a hostname.
override_ips Sequence[str]: Override matching DNS queries with an IP or set of IPs.
payload_log GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect: Settings that apply to redirect rules
resolve_dns_internally GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolve_dns_through_cloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrusted_cert GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders Map<String>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass Boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh Property Map: Settings for the Audit SSH action.
bisoAdminControls Property Map: Configure how browser isolation behaves.
blockPageEnabled Boolean: Enable the custom block page.
blockReason String: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule Boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession Property Map: Configure how session check behaves.
dnsResolvers Property Map: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress Property Map: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches Boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation Boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories Boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds Boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override Property Map: Send matching traffic to the supplied destination IP address and port.
notificationSettings Property Map: Configure a notification to display on the user's device when this rule is matched.
overrideHost String: Override matching DNS queries with a hostname.
overrideIps List<String>: Override matching DNS queries with an IP or set of IPs.
payloadLog Property Map: Configure DLP payload logging.
quarantine Property Map: Settings that apply to quarantine rules
redirect Property Map: Settings that apply to redirect rules
resolveDnsInternally Property Map: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert Property Map: Configure behavior when an upstream cert is invalid or an SSL error occurs.

GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh

CommandLogging bool: Enable to turn on SSH command logging.

CommandLogging bool: Enable to turn on SSH command logging.

commandLogging Boolean: Enable to turn on SSH command logging.

commandLogging boolean: Enable to turn on SSH command logging.

command_logging bool: Enable to turn on SSH command logging.

commandLogging Boolean: Enable to turn on SSH command logging.

GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls

Copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

Copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste String: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload String: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version String: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd boolean: Set to false to enable downloading. Only applies when version == "v1".
dk boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp boolean: Set to false to enable printing. Only applies when version == "v1".
du boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy str: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
dd bool: Set to false to enable downloading. Only applies when version == "v1".
dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
download str: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp bool: Set to false to enable printing. Only applies when version == "v1".
du bool: Set to false to enable uploading. Only applies when version == "v1".
keyboard str: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste str: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing str: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload str: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version str: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste String: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload String: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version String: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession

Duration string: Configure how fresh the session needs to be to be considered valid.
Enforce bool: Set to true to enable session enforcement.

Duration string: Configure how fresh the session needs to be to be considered valid.
Enforce bool: Set to true to enable session enforcement.

duration String: Configure how fresh the session needs to be to be considered valid.
enforce Boolean: Set to true to enable session enforcement.

duration string: Configure how fresh the session needs to be to be considered valid.
enforce boolean: Set to true to enable session enforcement.

duration str: Configure how fresh the session needs to be to be considered valid.
enforce bool: Set to true to enable session enforcement.

duration String: Configure how fresh the session needs to be to be considered valid.
enforce Boolean: Set to true to enable session enforcement.

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers

Ipv4s List<GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4>
Ipv6s List<GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6>

Ipv4s []GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4
Ipv6s []GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6

ipv4s List<GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4>
ipv6s List<GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6>

ipv4s GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4[]
ipv6s GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6[]

ipv4s Sequence[GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4]
ipv6s Sequence[GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6]

ipv4s List<Property Map>
ipv6s List<Property Map>

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4

Ip string: IPv4 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: IPv4 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv4 address of upstream resolver.
port Integer: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip string: IPv4 address of upstream resolver.
port number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip str: IPv4 address of upstream resolver.
port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnet_id str: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv4 address of upstream resolver.
port Number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6

Ip string: IPv6 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: IPv6 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv6 address of upstream resolver.
port Integer: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip string: IPv6 address of upstream resolver.
port number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip str: IPv6 address of upstream resolver.
port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnet_id str: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv6 address of upstream resolver.
port Number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

GetZeroTrustGatewayPoliciesResultRuleSettingsEgress

Ipv4 string: The IPv4 address to be used for egress.
Ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: The IPv6 range to be used for egress.

Ipv4 string: The IPv4 address to be used for egress.
Ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: The IPv6 range to be used for egress.

ipv4 String: The IPv4 address to be used for egress.
ipv4Fallback String: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: The IPv6 range to be used for egress.

ipv4 string: The IPv4 address to be used for egress.
ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 string: The IPv6 range to be used for egress.

ipv4 str: The IPv4 address to be used for egress.
ipv4_fallback str: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 str: The IPv6 range to be used for egress.

ipv4 String: The IPv4 address to be used for egress.
ipv4Fallback String: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: The IPv6 range to be used for egress.

GetZeroTrustGatewayPoliciesResultRuleSettingsL4override

Ip string: IPv4 or IPv6 address.
Port int: A port number to use for TCP/UDP overrides.

Ip string: IPv4 or IPv6 address.
Port int: A port number to use for TCP/UDP overrides.

ip String: IPv4 or IPv6 address.
port Integer: A port number to use for TCP/UDP overrides.

ip string: IPv4 or IPv6 address.
port number: A port number to use for TCP/UDP overrides.

ip str: IPv4 or IPv6 address.
port int: A port number to use for TCP/UDP overrides.

ip String: IPv4 or IPv6 address.
port Number: A port number to use for TCP/UDP overrides.

GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings

Enabled bool: Set notification on
Msg string: Customize the message shown in the notification.
SupportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

Enabled bool: Set notification on
Msg string: Customize the message shown in the notification.
SupportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled Boolean: Set notification on
msg String: Customize the message shown in the notification.
supportUrl String: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled boolean: Set notification on
msg string: Customize the message shown in the notification.
supportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled bool: Set notification on
msg str: Customize the message shown in the notification.
support_url str: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled Boolean: Set notification on
msg String: Customize the message shown in the notification.
supportUrl String: Optional URL to direct users to additional information. If not set, the notification will open a block page.

GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog

Enabled bool: Set to true to enable DLP payload logging for this rule.

Enabled bool: Set to true to enable DLP payload logging for this rule.

enabled Boolean: Set to true to enable DLP payload logging for this rule.

enabled boolean: Set to true to enable DLP payload logging for this rule.

enabled bool: Set to true to enable DLP payload logging for this rule.

enabled Boolean: Set to true to enable DLP payload logging for this rule.

GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine

FileTypes List<string>: Types of files to sandbox.

FileTypes []string: Types of files to sandbox.

fileTypes List<String>: Types of files to sandbox.

fileTypes string[]: Types of files to sandbox.

file_types Sequence[str]: Types of files to sandbox.

fileTypes List<String>: Types of files to sandbox.

GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect

IncludeContext bool: If true, context information will be passed as query parameters
PreservePathAndQuery bool: If true, the path and query parameters from the original request will be appended to target_uri
TargetUri string: URI to which the user will be redirected

IncludeContext bool: If true, context information will be passed as query parameters
PreservePathAndQuery bool: If true, the path and query parameters from the original request will be appended to target_uri
TargetUri string: URI to which the user will be redirected

includeContext Boolean: If true, context information will be passed as query parameters
preservePathAndQuery Boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri String: URI to which the user will be redirected

includeContext boolean: If true, context information will be passed as query parameters
preservePathAndQuery boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri string: URI to which the user will be redirected

include_context bool: If true, context information will be passed as query parameters
preserve_path_and_query bool: If true, the path and query parameters from the original request will be appended to target_uri
target_uri str: URI to which the user will be redirected

includeContext Boolean: If true, context information will be passed as query parameters
preservePathAndQuery Boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri String: URI to which the user will be redirected

GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally

Fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: The internal DNS view identifier that's passed to the internal DNS service.

Fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: The internal DNS view identifier that's passed to the internal DNS service.

fallback String: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: The internal DNS view identifier that's passed to the internal DNS service.

fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId string: The internal DNS view identifier that's passed to the internal DNS service.

fallback str: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
view_id str: The internal DNS view identifier that's passed to the internal DNS service.

fallback String: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: The internal DNS view identifier that's passed to the internal DNS service.

GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert

Action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

Action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action String: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action str: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action String: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

GetZeroTrustGatewayPoliciesResultSchedule

Fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
Mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
Sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
Sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
Thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
TimeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
Tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
Wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

Fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
Mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
Sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
Sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
Thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
TimeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
Tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
Wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri String: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon String: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat String: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun String: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu String: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone String: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue String: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed String: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri str: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon str: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat str: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun str: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu str: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
time_zone str: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue str: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed str: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri String: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon String: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat String: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun String: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu String: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone String: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue String: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed String: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustGatewayPolicies

On this page

On this page

Example Usage

Using getZeroTrustGatewayPolicies

getZeroTrustGatewayPolicies Result

Supporting Types

GetZeroTrustGatewayPoliciesResult

GetZeroTrustGatewayPoliciesResultExpiration

GetZeroTrustGatewayPoliciesResultRuleSettings

GetZeroTrustGatewayPoliciesResultRuleSettingsAuditSsh

GetZeroTrustGatewayPoliciesResultRuleSettingsBisoAdminControls

GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolvers

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv4

GetZeroTrustGatewayPoliciesResultRuleSettingsDnsResolversIpv6

GetZeroTrustGatewayPoliciesResultRuleSettingsEgress

GetZeroTrustGatewayPoliciesResultRuleSettingsL4override

GetZeroTrustGatewayPoliciesResultRuleSettingsNotificationSettings

GetZeroTrustGatewayPoliciesResultRuleSettingsPayloadLog

GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine

GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect

GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally

GetZeroTrustGatewayPoliciesResultRuleSettingsUntrustedCert

GetZeroTrustGatewayPoliciesResultSchedule

Package Details

On this page

On this page