Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.getZeroTrustGatewayPolicy

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustGatewayPolicy = cloudflare.getZeroTrustGatewayPolicy({
    accountId: "699d98642c564d2e855e9661899b7252",
    ruleId: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_gateway_policy = cloudflare.get_zero_trust_gateway_policy(account_id="699d98642c564d2e855e9661899b7252",
    rule_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustGatewayPolicy(ctx, &cloudflare.LookupZeroTrustGatewayPolicyArgs{
			AccountId: "699d98642c564d2e855e9661899b7252",
			RuleId:    pulumi.StringRef("f174e90a-fafe-4643-bbbc-4a0ed4fc8415"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustGatewayPolicy = Cloudflare.GetZeroTrustGatewayPolicy.Invoke(new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
        RuleId = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustGatewayPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustGatewayPolicy = CloudflareFunctions.getZeroTrustGatewayPolicy(GetZeroTrustGatewayPolicyArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .ruleId("f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
            .build());

    }
}

variables:
  exampleZeroTrustGatewayPolicy:
    fn::invoke:
      function: cloudflare:getZeroTrustGatewayPolicy
      arguments:
        accountId: 699d98642c564d2e855e9661899b7252
        ruleId: f174e90a-fafe-4643-bbbc-4a0ed4fc8415

Using getZeroTrustGatewayPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getZeroTrustGatewayPolicy(args: GetZeroTrustGatewayPolicyArgs, opts?: InvokeOptions): Promise<GetZeroTrustGatewayPolicyResult>
function getZeroTrustGatewayPolicyOutput(args: GetZeroTrustGatewayPolicyOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustGatewayPolicyResult>

def get_zero_trust_gateway_policy(account_id: Optional[str] = None,
                                  rule_id: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetZeroTrustGatewayPolicyResult
def get_zero_trust_gateway_policy_output(account_id: Optional[pulumi.Input[str]] = None,
                                  rule_id: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustGatewayPolicyResult]

func LookupZeroTrustGatewayPolicy(ctx *Context, args *LookupZeroTrustGatewayPolicyArgs, opts ...InvokeOption) (*LookupZeroTrustGatewayPolicyResult, error)
func LookupZeroTrustGatewayPolicyOutput(ctx *Context, args *LookupZeroTrustGatewayPolicyOutputArgs, opts ...InvokeOption) LookupZeroTrustGatewayPolicyResultOutput

> Note: This function is named LookupZeroTrustGatewayPolicy in the Go SDK.

public static class GetZeroTrustGatewayPolicy 
{
    public static Task<GetZeroTrustGatewayPolicyResult> InvokeAsync(GetZeroTrustGatewayPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustGatewayPolicyResult> Invoke(GetZeroTrustGatewayPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustGatewayPolicyResult> getZeroTrustGatewayPolicy(GetZeroTrustGatewayPolicyArgs args, InvokeOptions options)
public static Output<GetZeroTrustGatewayPolicyResult> getZeroTrustGatewayPolicy(GetZeroTrustGatewayPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustGatewayPolicy:getZeroTrustGatewayPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string
RuleId string: The API resource UUID.

AccountId string
RuleId string: The API resource UUID.

accountId String
ruleId String: The API resource UUID.

accountId string
ruleId string: The API resource UUID.

account_id str
rule_id str: The API resource UUID.

accountId String
ruleId String: The API resource UUID.

getZeroTrustGatewayPolicy Result

The following output properties are available:

AccountId string
Action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Date of deletion, if any.
Description string: The description of the rule.
DevicePosture string: The wirefilter expression used for device posture check matching.
Enabled bool: True if the rule is enabled.
Expiration GetZeroTrustGatewayPolicyExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
Filters List<string>
Id string
Identity string
Name string
Precedence int
RuleSettings GetZeroTrustGatewayPolicyRuleSettings
Schedule GetZeroTrustGatewayPolicySchedule
Traffic string
UpdatedAt string
Version int
RuleId string: The API resource UUID.

AccountId string
Action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
CreatedAt string
DeletedAt string: Date of deletion, if any.
Description string: The description of the rule.
DevicePosture string: The wirefilter expression used for device posture check matching.
Enabled bool: True if the rule is enabled.
Expiration GetZeroTrustGatewayPolicyExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
Filters []string
Id string
Identity string
Name string
Precedence int
RuleSettings GetZeroTrustGatewayPolicyRuleSettings
Schedule GetZeroTrustGatewayPolicySchedule
Traffic string
UpdatedAt string
Version int
RuleId string: The API resource UUID.

accountId String
action String: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Date of deletion, if any.
description String: The description of the rule.
devicePosture String: The wirefilter expression used for device posture check matching.
enabled Boolean: True if the rule is enabled.
expiration GetZeroTrustGatewayPolicyExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters List<String>
id String
identity String
name String
precedence Integer
ruleSettings GetZeroTrustGatewayPolicyRuleSettings
schedule GetZeroTrustGatewayPolicySchedule
traffic String
updatedAt String
version Integer
ruleId String: The API resource UUID.

accountId string
action string: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt string
deletedAt string: Date of deletion, if any.
description string: The description of the rule.
devicePosture string: The wirefilter expression used for device posture check matching.
enabled boolean: True if the rule is enabled.
expiration GetZeroTrustGatewayPolicyExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters string[]
id string
identity string
name string
precedence number
ruleSettings GetZeroTrustGatewayPolicyRuleSettings
schedule GetZeroTrustGatewayPolicySchedule
traffic string
updatedAt string
version number
ruleId string: The API resource UUID.

account_id str
action str: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
created_at str
deleted_at str: Date of deletion, if any.
description str: The description of the rule.
device_posture str: The wirefilter expression used for device posture check matching.
enabled bool: True if the rule is enabled.
expiration GetZeroTrustGatewayPolicyExpiration: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters Sequence[str]
id str
identity str
name str
precedence int
rule_settings GetZeroTrustGatewayPolicyRuleSettings
schedule GetZeroTrustGatewayPolicySchedule
traffic str
updated_at str
version int
rule_id str: The API resource UUID.

accountId String
action String: The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine", "redirect".
createdAt String
deletedAt String: Date of deletion, if any.
description String: The description of the rule.
devicePosture String: The wirefilter expression used for device posture check matching.
enabled Boolean: True if the rule is enabled.
expiration Property Map: The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.
filters List<String>
id String
identity String
name String
precedence Number
ruleSettings Property Map
schedule Property Map
traffic String
updatedAt String
version Number
ruleId String: The API resource UUID.

Supporting Types

GetZeroTrustGatewayPolicyExpiration

Duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
Expired bool: Whether the policy has expired.
ExpiresAt string: The time stamp at which the policy will expire and cease to be applied.

Duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
Expired bool: Whether the policy has expired.
ExpiresAt string: The time stamp at which the policy will expire and cease to be applied.

duration Integer: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Whether the policy has expired.
expiresAt String: The time stamp at which the policy will expire and cease to be applied.

duration number: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired boolean: Whether the policy has expired.
expiresAt string: The time stamp at which the policy will expire and cease to be applied.

duration int: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired bool: Whether the policy has expired.
expires_at str: The time stamp at which the policy will expire and cease to be applied.

duration Number: The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.
expired Boolean: Whether the policy has expired.
expiresAt String: The time stamp at which the policy will expire and cease to be applied.

GetZeroTrustGatewayPolicyRuleSettings

AddHeaders Dictionary<string, string>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
AllowChildBypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
AuditSsh GetZeroTrustGatewayPolicyRuleSettingsAuditSsh: Settings for the Audit SSH action.
BisoAdminControls GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
BlockPageEnabled bool: Enable the custom block page.
BlockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
BypassParentRule bool: Set by children MSP accounts to bypass their parent's rules.
CheckSession GetZeroTrustGatewayPolicyRuleSettingsCheckSession: Configure how session check behaves.
DnsResolvers GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
Egress GetZeroTrustGatewayPolicyRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
IgnoreCnameCategoryMatches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
InsecureDisableDnssecValidation bool: INSECURE - disable DNSSEC validation (for Allow actions).
IpCategories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
IpIndicatorFeeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
L4override GetZeroTrustGatewayPolicyRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
NotificationSettings GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
OverrideHost string: Override matching DNS queries with a hostname.
OverrideIps List<string>: Override matching DNS queries with an IP or set of IPs.
PayloadLog GetZeroTrustGatewayPolicyRuleSettingsPayloadLog: Configure DLP payload logging.
Quarantine GetZeroTrustGatewayPolicyRuleSettingsQuarantine: Settings that apply to quarantine rules
Redirect GetZeroTrustGatewayPolicyRuleSettingsRedirect: Settings that apply to redirect rules
ResolveDnsInternally GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
UntrustedCert GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

AddHeaders map[string]string: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
AllowChildBypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
AuditSsh GetZeroTrustGatewayPolicyRuleSettingsAuditSsh: Settings for the Audit SSH action.
BisoAdminControls GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
BlockPageEnabled bool: Enable the custom block page.
BlockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
BypassParentRule bool: Set by children MSP accounts to bypass their parent's rules.
CheckSession GetZeroTrustGatewayPolicyRuleSettingsCheckSession: Configure how session check behaves.
DnsResolvers GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
Egress GetZeroTrustGatewayPolicyRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
IgnoreCnameCategoryMatches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
InsecureDisableDnssecValidation bool: INSECURE - disable DNSSEC validation (for Allow actions).
IpCategories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
IpIndicatorFeeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
L4override GetZeroTrustGatewayPolicyRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
NotificationSettings GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
OverrideHost string: Override matching DNS queries with a hostname.
OverrideIps []string: Override matching DNS queries with an IP or set of IPs.
PayloadLog GetZeroTrustGatewayPolicyRuleSettingsPayloadLog: Configure DLP payload logging.
Quarantine GetZeroTrustGatewayPolicyRuleSettingsQuarantine: Settings that apply to quarantine rules
Redirect GetZeroTrustGatewayPolicyRuleSettingsRedirect: Settings that apply to redirect rules
ResolveDnsInternally GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
ResolveDnsThroughCloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
UntrustedCert GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders Map<String,String>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass Boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh GetZeroTrustGatewayPolicyRuleSettingsAuditSsh: Settings for the Audit SSH action.
bisoAdminControls GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
blockPageEnabled Boolean: Enable the custom block page.
blockReason String: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule Boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession GetZeroTrustGatewayPolicyRuleSettingsCheckSession: Configure how session check behaves.
dnsResolvers GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPolicyRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches Boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation Boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories Boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds Boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPolicyRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notificationSettings GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
overrideHost String: Override matching DNS queries with a hostname.
overrideIps List<String>: Override matching DNS queries with an IP or set of IPs.
payloadLog GetZeroTrustGatewayPolicyRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPolicyRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPolicyRuleSettingsRedirect: Settings that apply to redirect rules
resolveDnsInternally GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders {[key: string]: string}: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh GetZeroTrustGatewayPolicyRuleSettingsAuditSsh: Settings for the Audit SSH action.
bisoAdminControls GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
blockPageEnabled boolean: Enable the custom block page.
blockReason string: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession GetZeroTrustGatewayPolicyRuleSettingsCheckSession: Configure how session check behaves.
dnsResolvers GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPolicyRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPolicyRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notificationSettings GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
overrideHost string: Override matching DNS queries with a hostname.
overrideIps string[]: Override matching DNS queries with an IP or set of IPs.
payloadLog GetZeroTrustGatewayPolicyRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPolicyRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPolicyRuleSettingsRedirect: Settings that apply to redirect rules
resolveDnsInternally GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

add_headers Mapping[str, str]: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allow_child_bypass bool: Set by parent MSP accounts to enable their children to bypass this rule.
audit_ssh GetZeroTrustGatewayPolicyRuleSettingsAuditSsh: Settings for the Audit SSH action.
biso_admin_controls GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls: Configure how browser isolation behaves.
block_page_enabled bool: Enable the custom block page.
block_reason str: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypass_parent_rule bool: Set by children MSP accounts to bypass their parent's rules.
check_session GetZeroTrustGatewayPolicyRuleSettingsCheckSession: Configure how session check behaves.
dns_resolvers GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress GetZeroTrustGatewayPolicyRuleSettingsEgress: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignore_cname_category_matches bool: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecure_disable_dnssec_validation bool: INSECURE - disable DNSSEC validation (for Allow actions).
ip_categories bool: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ip_indicator_feeds bool: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override GetZeroTrustGatewayPolicyRuleSettingsL4override: Send matching traffic to the supplied destination IP address and port.
notification_settings GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings: Configure a notification to display on the user's device when this rule is matched.
override_host str: Override matching DNS queries with a hostname.
override_ips Sequence[str]: Override matching DNS queries with an IP or set of IPs.
payload_log GetZeroTrustGatewayPolicyRuleSettingsPayloadLog: Configure DLP payload logging.
quarantine GetZeroTrustGatewayPolicyRuleSettingsQuarantine: Settings that apply to quarantine rules
redirect GetZeroTrustGatewayPolicyRuleSettingsRedirect: Settings that apply to redirect rules
resolve_dns_internally GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolve_dns_through_cloudflare bool: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrusted_cert GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert: Configure behavior when an upstream cert is invalid or an SSL error occurs.

addHeaders Map<String>: Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
allowChildBypass Boolean: Set by parent MSP accounts to enable their children to bypass this rule.
auditSsh Property Map: Settings for the Audit SSH action.
bisoAdminControls Property Map: Configure how browser isolation behaves.
blockPageEnabled Boolean: Enable the custom block page.
blockReason String: The text describing why this block occurred, displayed on the custom block page (if enabled).
bypassParentRule Boolean: Set by children MSP accounts to bypass their parent's rules.
checkSession Property Map: Configure how session check behaves.
dnsResolvers Property Map: Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
egress Property Map: Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
ignoreCnameCategoryMatches Boolean: Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
insecureDisableDnssecValidation Boolean: INSECURE - disable DNSSEC validation (for Allow actions).
ipCategories Boolean: Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
ipIndicatorFeeds Boolean: Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
l4override Property Map: Send matching traffic to the supplied destination IP address and port.
notificationSettings Property Map: Configure a notification to display on the user's device when this rule is matched.
overrideHost String: Override matching DNS queries with a hostname.
overrideIps List<String>: Override matching DNS queries with an IP or set of IPs.
payloadLog Property Map: Configure DLP payload logging.
quarantine Property Map: Settings that apply to quarantine rules
redirect Property Map: Settings that apply to redirect rules
resolveDnsInternally Property Map: Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
resolveDnsThroughCloudflare Boolean: Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.
untrustedCert Property Map: Configure behavior when an upstream cert is invalid or an SSL error occurs.

GetZeroTrustGatewayPolicyRuleSettingsAuditSsh

CommandLogging bool: Enable to turn on SSH command logging.

CommandLogging bool: Enable to turn on SSH command logging.

commandLogging Boolean: Enable to turn on SSH command logging.

commandLogging boolean: Enable to turn on SSH command logging.

command_logging bool: Enable to turn on SSH command logging.

commandLogging Boolean: Enable to turn on SSH command logging.

GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls

Copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

Copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
Dd bool: Set to false to enable downloading. Only applies when version == "v1".
Dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
Download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Dp bool: Set to false to enable printing. Only applies when version == "v1".
Du bool: Set to false to enable uploading. Only applies when version == "v1".
Keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
Printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
Version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste String: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload String: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version String: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy string: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd boolean: Set to false to enable downloading. Only applies when version == "v1".
dk boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download string: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp boolean: Set to false to enable printing. Only applies when version == "v1".
du boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard string: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste string: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing string: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload string: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version string: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy str: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp bool: Set to false to enable copy-pasting. Only applies when version == "v1".
dd bool: Set to false to enable downloading. Only applies when version == "v1".
dk bool: Set to false to enable keyboard usage. Only applies when version == "v1".
download str: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp bool: Set to false to enable printing. Only applies when version == "v1".
du bool: Set to false to enable uploading. Only applies when version == "v1".
keyboard str: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste str: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing str: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload str: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version str: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

copy String: Configure whether copy is enabled or not. When set with "remoteonly", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
dcp Boolean: Set to false to enable copy-pasting. Only applies when version == "v1".
dd Boolean: Set to false to enable downloading. Only applies when version == "v1".
dk Boolean: Set to false to enable keyboard usage. Only applies when version == "v1".
download String: Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
dp Boolean: Set to false to enable printing. Only applies when version == "v1".
du Boolean: Set to false to enable uploading. Only applies when version == "v1".
keyboard String: Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
paste String: Configure whether pasting is enabled or not. When set with "remoteonly", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2". Available values: "enabled", "disabled", "remoteonly".
printing String: Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
upload String: Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2". Available values: "enabled", "disabled".
version String: Indicates which version of the browser isolation controls should apply. Available values: "v1", "v2".

GetZeroTrustGatewayPolicyRuleSettingsCheckSession

Duration string: Configure how fresh the session needs to be to be considered valid.
Enforce bool: Set to true to enable session enforcement.

Duration string: Configure how fresh the session needs to be to be considered valid.
Enforce bool: Set to true to enable session enforcement.

duration String: Configure how fresh the session needs to be to be considered valid.
enforce Boolean: Set to true to enable session enforcement.

duration string: Configure how fresh the session needs to be to be considered valid.
enforce boolean: Set to true to enable session enforcement.

duration str: Configure how fresh the session needs to be to be considered valid.
enforce bool: Set to true to enable session enforcement.

duration String: Configure how fresh the session needs to be to be considered valid.
enforce Boolean: Set to true to enable session enforcement.

GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers

Ipv4s List<GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4>
Ipv6s List<GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6>

Ipv4s []GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4
Ipv6s []GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6

ipv4s List<GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4>
ipv6s List<GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6>

ipv4s GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4[]
ipv6s GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6[]

ipv4s Sequence[GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4]
ipv6s Sequence[GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6]

ipv4s List<Property Map>
ipv6s List<Property Map>

GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4

Ip string: IPv4 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: IPv4 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv4 address of upstream resolver.
port Integer: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip string: IPv4 address of upstream resolver.
port number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip str: IPv4 address of upstream resolver.
port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnet_id str: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv4 address of upstream resolver.
port Number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6

Ip string: IPv6 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

Ip string: IPv6 address of upstream resolver.
Port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
RouteThroughPrivateNetwork bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
VnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv6 address of upstream resolver.
port Integer: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip string: IPv6 address of upstream resolver.
port number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId string: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip str: IPv6 address of upstream resolver.
port int: A port number to use for upstream resolver. Defaults to 53 if unspecified.
route_through_private_network bool: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnet_id str: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

ip String: IPv6 address of upstream resolver.
port Number: A port number to use for upstream resolver. Defaults to 53 if unspecified.
routeThroughPrivateNetwork Boolean: Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
vnetId String: Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

GetZeroTrustGatewayPolicyRuleSettingsEgress

Ipv4 string: The IPv4 address to be used for egress.
Ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: The IPv6 range to be used for egress.

Ipv4 string: The IPv4 address to be used for egress.
Ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
Ipv6 string: The IPv6 range to be used for egress.

ipv4 String: The IPv4 address to be used for egress.
ipv4Fallback String: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: The IPv6 range to be used for egress.

ipv4 string: The IPv4 address to be used for egress.
ipv4Fallback string: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 string: The IPv6 range to be used for egress.

ipv4 str: The IPv4 address to be used for egress.
ipv4_fallback str: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 str: The IPv6 range to be used for egress.

ipv4 String: The IPv4 address to be used for egress.
ipv4Fallback String: The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
ipv6 String: The IPv6 range to be used for egress.

GetZeroTrustGatewayPolicyRuleSettingsL4override

Ip string: IPv4 or IPv6 address.
Port int: A port number to use for TCP/UDP overrides.

Ip string: IPv4 or IPv6 address.
Port int: A port number to use for TCP/UDP overrides.

ip String: IPv4 or IPv6 address.
port Integer: A port number to use for TCP/UDP overrides.

ip string: IPv4 or IPv6 address.
port number: A port number to use for TCP/UDP overrides.

ip str: IPv4 or IPv6 address.
port int: A port number to use for TCP/UDP overrides.

ip String: IPv4 or IPv6 address.
port Number: A port number to use for TCP/UDP overrides.

GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings

Enabled bool: Set notification on
Msg string: Customize the message shown in the notification.
SupportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

Enabled bool: Set notification on
Msg string: Customize the message shown in the notification.
SupportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled Boolean: Set notification on
msg String: Customize the message shown in the notification.
supportUrl String: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled boolean: Set notification on
msg string: Customize the message shown in the notification.
supportUrl string: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled bool: Set notification on
msg str: Customize the message shown in the notification.
support_url str: Optional URL to direct users to additional information. If not set, the notification will open a block page.

enabled Boolean: Set notification on
msg String: Customize the message shown in the notification.
supportUrl String: Optional URL to direct users to additional information. If not set, the notification will open a block page.

GetZeroTrustGatewayPolicyRuleSettingsPayloadLog

Enabled bool: Set to true to enable DLP payload logging for this rule.

Enabled bool: Set to true to enable DLP payload logging for this rule.

enabled Boolean: Set to true to enable DLP payload logging for this rule.

enabled boolean: Set to true to enable DLP payload logging for this rule.

enabled bool: Set to true to enable DLP payload logging for this rule.

enabled Boolean: Set to true to enable DLP payload logging for this rule.

GetZeroTrustGatewayPolicyRuleSettingsQuarantine

FileTypes List<string>: Types of files to sandbox.

FileTypes []string: Types of files to sandbox.

fileTypes List<String>: Types of files to sandbox.

fileTypes string[]: Types of files to sandbox.

file_types Sequence[str]: Types of files to sandbox.

fileTypes List<String>: Types of files to sandbox.

GetZeroTrustGatewayPolicyRuleSettingsRedirect

IncludeContext bool: If true, context information will be passed as query parameters
PreservePathAndQuery bool: If true, the path and query parameters from the original request will be appended to target_uri
TargetUri string: URI to which the user will be redirected

IncludeContext bool: If true, context information will be passed as query parameters
PreservePathAndQuery bool: If true, the path and query parameters from the original request will be appended to target_uri
TargetUri string: URI to which the user will be redirected

includeContext Boolean: If true, context information will be passed as query parameters
preservePathAndQuery Boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri String: URI to which the user will be redirected

includeContext boolean: If true, context information will be passed as query parameters
preservePathAndQuery boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri string: URI to which the user will be redirected

include_context bool: If true, context information will be passed as query parameters
preserve_path_and_query bool: If true, the path and query parameters from the original request will be appended to target_uri
target_uri str: URI to which the user will be redirected

includeContext Boolean: If true, context information will be passed as query parameters
preservePathAndQuery Boolean: If true, the path and query parameters from the original request will be appended to target_uri
targetUri String: URI to which the user will be redirected

GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally

Fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: The internal DNS view identifier that's passed to the internal DNS service.

Fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
ViewId string: The internal DNS view identifier that's passed to the internal DNS service.

fallback String: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: The internal DNS view identifier that's passed to the internal DNS service.

fallback string: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId string: The internal DNS view identifier that's passed to the internal DNS service.

fallback str: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
view_id str: The internal DNS view identifier that's passed to the internal DNS service.

fallback String: The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Available values: "none", "public_dns".
viewId String: The internal DNS view identifier that's passed to the internal DNS service.

GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert

Action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

Action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action String: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action string: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action str: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

action String: The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Available values: "pass_through", "block", "error".

GetZeroTrustGatewayPolicySchedule

Fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
Mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
Sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
Sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
Thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
TimeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
Tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
Wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

Fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
Mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
Sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
Sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
Thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
TimeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
Tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
Wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri String: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon String: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat String: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun String: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu String: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone String: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue String: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed String: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri string: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon string: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat string: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun string: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu string: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone string: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue string: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed string: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri str: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon str: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat str: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun str: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu str: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
time_zone str: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue str: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed str: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

fri String: The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
mon String: The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
sat String: The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
sun String: The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
thu String: The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
timeZone String: The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
tue String: The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
wed String: The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustGatewayPolicy

On this page

On this page

Example Usage

Using getZeroTrustGatewayPolicy

getZeroTrustGatewayPolicy Result

Supporting Types

GetZeroTrustGatewayPolicyExpiration

GetZeroTrustGatewayPolicyRuleSettings

GetZeroTrustGatewayPolicyRuleSettingsAuditSsh

GetZeroTrustGatewayPolicyRuleSettingsBisoAdminControls

GetZeroTrustGatewayPolicyRuleSettingsCheckSession

GetZeroTrustGatewayPolicyRuleSettingsDnsResolvers

GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4

GetZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6

GetZeroTrustGatewayPolicyRuleSettingsEgress

GetZeroTrustGatewayPolicyRuleSettingsL4override

GetZeroTrustGatewayPolicyRuleSettingsNotificationSettings

GetZeroTrustGatewayPolicyRuleSettingsPayloadLog

GetZeroTrustGatewayPolicyRuleSettingsQuarantine

GetZeroTrustGatewayPolicyRuleSettingsRedirect

GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally

GetZeroTrustGatewayPolicyRuleSettingsUntrustedCert

GetZeroTrustGatewayPolicySchedule

Package Details

On this page

On this page