Cloudflare v6.10.1, Oct 22 25

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

cloudflare.getZeroTrustGatewaySettings

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustGatewaySettings = cloudflare.getZeroTrustGatewaySettings({
    accountId: "699d98642c564d2e855e9661899b7252",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_gateway_settings = cloudflare.get_zero_trust_gateway_settings(account_id="699d98642c564d2e855e9661899b7252")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustGatewaySettings(ctx, &cloudflare.LookupZeroTrustGatewaySettingsArgs{
			AccountId: "699d98642c564d2e855e9661899b7252",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustGatewaySettings = Cloudflare.GetZeroTrustGatewaySettings.Invoke(new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustGatewaySettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustGatewaySettings = CloudflareFunctions.getZeroTrustGatewaySettings(GetZeroTrustGatewaySettingsArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .build());

    }
}

variables:
  exampleZeroTrustGatewaySettings:
    fn::invoke:
      function: cloudflare:getZeroTrustGatewaySettings
      arguments:
        accountId: 699d98642c564d2e855e9661899b7252

Using getZeroTrustGatewaySettings

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getZeroTrustGatewaySettings(args: GetZeroTrustGatewaySettingsArgs, opts?: InvokeOptions): Promise<GetZeroTrustGatewaySettingsResult>
function getZeroTrustGatewaySettingsOutput(args: GetZeroTrustGatewaySettingsOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustGatewaySettingsResult>

def get_zero_trust_gateway_settings(account_id: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetZeroTrustGatewaySettingsResult
def get_zero_trust_gateway_settings_output(account_id: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustGatewaySettingsResult]

func LookupZeroTrustGatewaySettings(ctx *Context, args *LookupZeroTrustGatewaySettingsArgs, opts ...InvokeOption) (*LookupZeroTrustGatewaySettingsResult, error)
func LookupZeroTrustGatewaySettingsOutput(ctx *Context, args *LookupZeroTrustGatewaySettingsOutputArgs, opts ...InvokeOption) LookupZeroTrustGatewaySettingsResultOutput

> Note: This function is named LookupZeroTrustGatewaySettings in the Go SDK.

public static class GetZeroTrustGatewaySettings 
{
    public static Task<GetZeroTrustGatewaySettingsResult> InvokeAsync(GetZeroTrustGatewaySettingsArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustGatewaySettingsResult> Invoke(GetZeroTrustGatewaySettingsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustGatewaySettingsResult> getZeroTrustGatewaySettings(GetZeroTrustGatewaySettingsArgs args, InvokeOptions options)
public static Output<GetZeroTrustGatewaySettingsResult> getZeroTrustGatewaySettings(GetZeroTrustGatewaySettingsArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustGatewaySettings:getZeroTrustGatewaySettings
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string

AccountId string

accountId String

accountId string

account_id str

accountId String

getZeroTrustGatewaySettings Result

The following output properties are available:

AccountId string
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Settings GetZeroTrustGatewaySettingsSettings: Specify account settings.
UpdatedAt string

AccountId string
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Settings GetZeroTrustGatewaySettingsSettings: Specify account settings.
UpdatedAt string

accountId String
createdAt String
id String: The provider-assigned unique ID for this managed resource.
settings GetZeroTrustGatewaySettingsSettings: Specify account settings.
updatedAt String

accountId string
createdAt string
id string: The provider-assigned unique ID for this managed resource.
settings GetZeroTrustGatewaySettingsSettings: Specify account settings.
updatedAt string

account_id str
created_at str
id str: The provider-assigned unique ID for this managed resource.
settings GetZeroTrustGatewaySettingsSettings: Specify account settings.
updated_at str

accountId String
createdAt String
id String: The provider-assigned unique ID for this managed resource.
settings Property Map: Specify account settings.
updatedAt String

Supporting Types

GetZeroTrustGatewaySettingsSettings

ActivityLog GetZeroTrustGatewaySettingsSettingsActivityLog: Specify activity log settings.
Antivirus GetZeroTrustGatewaySettingsSettingsAntivirus: Specify anti-virus settings.
BlockPage GetZeroTrustGatewaySettingsSettingsBlockPage: Specify block page layout settings.
BodyScanning GetZeroTrustGatewaySettingsSettingsBodyScanning: Specify the DLP inspection mode.
BrowserIsolation GetZeroTrustGatewaySettingsSettingsBrowserIsolation: Specify Clientless Browser Isolation settings.
Certificate GetZeroTrustGatewaySettingsSettingsCertificate: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
CustomCertificate GetZeroTrustGatewaySettingsSettingsCustomCertificate: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
ExtendedEmailMatching GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
Fips GetZeroTrustGatewaySettingsSettingsFips: Specify FIPS settings.
HostSelector GetZeroTrustGatewaySettingsSettingsHostSelector: Enable host selection in egress policies.
Inspection GetZeroTrustGatewaySettingsSettingsInspection: Define the proxy inspection mode.
ProtocolDetection GetZeroTrustGatewaySettingsSettingsProtocolDetection: Specify whether to detect protocols from the initial bytes of client traffic.
Sandbox GetZeroTrustGatewaySettingsSettingsSandbox: Specify whether to enable the sandbox.
TlsDecrypt GetZeroTrustGatewaySettingsSettingsTlsDecrypt: Specify whether to inspect encrypted HTTP traffic.

ActivityLog GetZeroTrustGatewaySettingsSettingsActivityLog: Specify activity log settings.
Antivirus GetZeroTrustGatewaySettingsSettingsAntivirus: Specify anti-virus settings.
BlockPage GetZeroTrustGatewaySettingsSettingsBlockPage: Specify block page layout settings.
BodyScanning GetZeroTrustGatewaySettingsSettingsBodyScanning: Specify the DLP inspection mode.
BrowserIsolation GetZeroTrustGatewaySettingsSettingsBrowserIsolation: Specify Clientless Browser Isolation settings.
Certificate GetZeroTrustGatewaySettingsSettingsCertificate: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
CustomCertificate GetZeroTrustGatewaySettingsSettingsCustomCertificate: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
ExtendedEmailMatching GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
Fips GetZeroTrustGatewaySettingsSettingsFips: Specify FIPS settings.
HostSelector GetZeroTrustGatewaySettingsSettingsHostSelector: Enable host selection in egress policies.
Inspection GetZeroTrustGatewaySettingsSettingsInspection: Define the proxy inspection mode.
ProtocolDetection GetZeroTrustGatewaySettingsSettingsProtocolDetection: Specify whether to detect protocols from the initial bytes of client traffic.
Sandbox GetZeroTrustGatewaySettingsSettingsSandbox: Specify whether to enable the sandbox.
TlsDecrypt GetZeroTrustGatewaySettingsSettingsTlsDecrypt: Specify whether to inspect encrypted HTTP traffic.

activityLog GetZeroTrustGatewaySettingsSettingsActivityLog: Specify activity log settings.
antivirus GetZeroTrustGatewaySettingsSettingsAntivirus: Specify anti-virus settings.
blockPage GetZeroTrustGatewaySettingsSettingsBlockPage: Specify block page layout settings.
bodyScanning GetZeroTrustGatewaySettingsSettingsBodyScanning: Specify the DLP inspection mode.
browserIsolation GetZeroTrustGatewaySettingsSettingsBrowserIsolation: Specify Clientless Browser Isolation settings.
certificate GetZeroTrustGatewaySettingsSettingsCertificate: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
customCertificate GetZeroTrustGatewaySettingsSettingsCustomCertificate: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
extendedEmailMatching GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
fips GetZeroTrustGatewaySettingsSettingsFips: Specify FIPS settings.
hostSelector GetZeroTrustGatewaySettingsSettingsHostSelector: Enable host selection in egress policies.
inspection GetZeroTrustGatewaySettingsSettingsInspection: Define the proxy inspection mode.
protocolDetection GetZeroTrustGatewaySettingsSettingsProtocolDetection: Specify whether to detect protocols from the initial bytes of client traffic.
sandbox GetZeroTrustGatewaySettingsSettingsSandbox: Specify whether to enable the sandbox.
tlsDecrypt GetZeroTrustGatewaySettingsSettingsTlsDecrypt: Specify whether to inspect encrypted HTTP traffic.

activityLog GetZeroTrustGatewaySettingsSettingsActivityLog: Specify activity log settings.
antivirus GetZeroTrustGatewaySettingsSettingsAntivirus: Specify anti-virus settings.
blockPage GetZeroTrustGatewaySettingsSettingsBlockPage: Specify block page layout settings.
bodyScanning GetZeroTrustGatewaySettingsSettingsBodyScanning: Specify the DLP inspection mode.
browserIsolation GetZeroTrustGatewaySettingsSettingsBrowserIsolation: Specify Clientless Browser Isolation settings.
certificate GetZeroTrustGatewaySettingsSettingsCertificate: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
customCertificate GetZeroTrustGatewaySettingsSettingsCustomCertificate: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
extendedEmailMatching GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
fips GetZeroTrustGatewaySettingsSettingsFips: Specify FIPS settings.
hostSelector GetZeroTrustGatewaySettingsSettingsHostSelector: Enable host selection in egress policies.
inspection GetZeroTrustGatewaySettingsSettingsInspection: Define the proxy inspection mode.
protocolDetection GetZeroTrustGatewaySettingsSettingsProtocolDetection: Specify whether to detect protocols from the initial bytes of client traffic.
sandbox GetZeroTrustGatewaySettingsSettingsSandbox: Specify whether to enable the sandbox.
tlsDecrypt GetZeroTrustGatewaySettingsSettingsTlsDecrypt: Specify whether to inspect encrypted HTTP traffic.

activity_log GetZeroTrustGatewaySettingsSettingsActivityLog: Specify activity log settings.
antivirus GetZeroTrustGatewaySettingsSettingsAntivirus: Specify anti-virus settings.
block_page GetZeroTrustGatewaySettingsSettingsBlockPage: Specify block page layout settings.
body_scanning GetZeroTrustGatewaySettingsSettingsBodyScanning: Specify the DLP inspection mode.
browser_isolation GetZeroTrustGatewaySettingsSettingsBrowserIsolation: Specify Clientless Browser Isolation settings.
certificate GetZeroTrustGatewaySettingsSettingsCertificate: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
custom_certificate GetZeroTrustGatewaySettingsSettingsCustomCertificate: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
extended_email_matching GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
fips GetZeroTrustGatewaySettingsSettingsFips: Specify FIPS settings.
host_selector GetZeroTrustGatewaySettingsSettingsHostSelector: Enable host selection in egress policies.
inspection GetZeroTrustGatewaySettingsSettingsInspection: Define the proxy inspection mode.
protocol_detection GetZeroTrustGatewaySettingsSettingsProtocolDetection: Specify whether to detect protocols from the initial bytes of client traffic.
sandbox GetZeroTrustGatewaySettingsSettingsSandbox: Specify whether to enable the sandbox.
tls_decrypt GetZeroTrustGatewaySettingsSettingsTlsDecrypt: Specify whether to inspect encrypted HTTP traffic.

activityLog Property Map: Specify activity log settings.
antivirus Property Map: Specify anti-virus settings.
blockPage Property Map: Specify block page layout settings.
bodyScanning Property Map: Specify the DLP inspection mode.
browserIsolation Property Map: Specify Clientless Browser Isolation settings.
certificate Property Map: Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception.
customCertificate Property Map: Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Deprecated: This attribute is deprecated.
extendedEmailMatching Property Map: Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has . or + modifiers, you should enable this setting.
fips Property Map: Specify FIPS settings.
hostSelector Property Map: Enable host selection in egress policies.
inspection Property Map: Define the proxy inspection mode.
protocolDetection Property Map: Specify whether to detect protocols from the initial bytes of client traffic.
sandbox Property Map: Specify whether to enable the sandbox.
tlsDecrypt Property Map: Specify whether to inspect encrypted HTTP traffic.

GetZeroTrustGatewaySettingsSettingsActivityLog

Enabled bool: Specify whether to log activity.

Enabled bool: Specify whether to log activity.

enabled Boolean: Specify whether to log activity.

enabled boolean: Specify whether to log activity.

enabled bool: Specify whether to log activity.

enabled Boolean: Specify whether to log activity.

GetZeroTrustGatewaySettingsSettingsAntivirus

EnabledDownloadPhase bool: Specify whether to enable anti-virus scanning on downloads.
EnabledUploadPhase bool: Specify whether to enable anti-virus scanning on uploads.
FailClosed bool: Specify whether to block requests for unscannable files.
NotificationSettings GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings: Configure the message the user's device shows during an antivirus scan.

EnabledDownloadPhase bool: Specify whether to enable anti-virus scanning on downloads.
EnabledUploadPhase bool: Specify whether to enable anti-virus scanning on uploads.
FailClosed bool: Specify whether to block requests for unscannable files.
NotificationSettings GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings: Configure the message the user's device shows during an antivirus scan.

enabledDownloadPhase Boolean: Specify whether to enable anti-virus scanning on downloads.
enabledUploadPhase Boolean: Specify whether to enable anti-virus scanning on uploads.
failClosed Boolean: Specify whether to block requests for unscannable files.
notificationSettings GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings: Configure the message the user's device shows during an antivirus scan.

enabledDownloadPhase boolean: Specify whether to enable anti-virus scanning on downloads.
enabledUploadPhase boolean: Specify whether to enable anti-virus scanning on uploads.
failClosed boolean: Specify whether to block requests for unscannable files.
notificationSettings GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings: Configure the message the user's device shows during an antivirus scan.

enabled_download_phase bool: Specify whether to enable anti-virus scanning on downloads.
enabled_upload_phase bool: Specify whether to enable anti-virus scanning on uploads.
fail_closed bool: Specify whether to block requests for unscannable files.
notification_settings GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings: Configure the message the user's device shows during an antivirus scan.

enabledDownloadPhase Boolean: Specify whether to enable anti-virus scanning on downloads.
enabledUploadPhase Boolean: Specify whether to enable anti-virus scanning on uploads.
failClosed Boolean: Specify whether to block requests for unscannable files.
notificationSettings Property Map: Configure the message the user's device shows during an antivirus scan.

GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings

Enabled bool: Specify whether to enable notifications.
IncludeContext bool: Specify whether to include context information as query parameters.
Msg string: Specify the message to show in the notification.
SupportUrl string: Specify a URL that directs users to more information. If unset, the notification opens a block page.

Enabled bool: Specify whether to enable notifications.
IncludeContext bool: Specify whether to include context information as query parameters.
Msg string: Specify the message to show in the notification.
SupportUrl string: Specify a URL that directs users to more information. If unset, the notification opens a block page.

enabled Boolean: Specify whether to enable notifications.
includeContext Boolean: Specify whether to include context information as query parameters.
msg String: Specify the message to show in the notification.
supportUrl String: Specify a URL that directs users to more information. If unset, the notification opens a block page.

enabled boolean: Specify whether to enable notifications.
includeContext boolean: Specify whether to include context information as query parameters.
msg string: Specify the message to show in the notification.
supportUrl string: Specify a URL that directs users to more information. If unset, the notification opens a block page.

enabled bool: Specify whether to enable notifications.
include_context bool: Specify whether to include context information as query parameters.
msg str: Specify the message to show in the notification.
support_url str: Specify a URL that directs users to more information. If unset, the notification opens a block page.

enabled Boolean: Specify whether to enable notifications.
includeContext Boolean: Specify whether to include context information as query parameters.
msg String: Specify the message to show in the notification.
supportUrl String: Specify a URL that directs users to more information. If unset, the notification opens a block page.

GetZeroTrustGatewaySettingsSettingsBlockPage

BackgroundColor string: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
Enabled bool: Specify whether to enable the custom block page.
FooterText string: Specify the block page footer text when the mode is customizedblockpage.
HeaderText string: Specify the block page header text when the mode is customizedblockpage.
IncludeContext bool: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
LogoPath string: Specify the full URL to the logo file when the mode is customizedblockpage.
MailtoAddress string: Specify the admin email for users to contact when the mode is customizedblockpage.
MailtoSubject string: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
Mode string: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
Name string: Specify the block page title when the mode is customizedblockpage.
ReadOnly bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
SourceAccount string: Indicate the account tag of the account that shared this setting.
SuppressFooter bool: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
TargetUri string: Specify the URI to redirect users to when the mode is redirect_uri.
Version int: Indicate the version number of the setting.

BackgroundColor string: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
Enabled bool: Specify whether to enable the custom block page.
FooterText string: Specify the block page footer text when the mode is customizedblockpage.
HeaderText string: Specify the block page header text when the mode is customizedblockpage.
IncludeContext bool: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
LogoPath string: Specify the full URL to the logo file when the mode is customizedblockpage.
MailtoAddress string: Specify the admin email for users to contact when the mode is customizedblockpage.
MailtoSubject string: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
Mode string: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
Name string: Specify the block page title when the mode is customizedblockpage.
ReadOnly bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
SourceAccount string: Indicate the account tag of the account that shared this setting.
SuppressFooter bool: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
TargetUri string: Specify the URI to redirect users to when the mode is redirect_uri.
Version int: Indicate the version number of the setting.

backgroundColor String: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
enabled Boolean: Specify whether to enable the custom block page.
footerText String: Specify the block page footer text when the mode is customizedblockpage.
headerText String: Specify the block page header text when the mode is customizedblockpage.
includeContext Boolean: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
logoPath String: Specify the full URL to the logo file when the mode is customizedblockpage.
mailtoAddress String: Specify the admin email for users to contact when the mode is customizedblockpage.
mailtoSubject String: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
mode String: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
name String: Specify the block page title when the mode is customizedblockpage.
readOnly Boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount String: Indicate the account tag of the account that shared this setting.
suppressFooter Boolean: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
targetUri String: Specify the URI to redirect users to when the mode is redirect_uri.
version Integer: Indicate the version number of the setting.

backgroundColor string: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
enabled boolean: Specify whether to enable the custom block page.
footerText string: Specify the block page footer text when the mode is customizedblockpage.
headerText string: Specify the block page header text when the mode is customizedblockpage.
includeContext boolean: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
logoPath string: Specify the full URL to the logo file when the mode is customizedblockpage.
mailtoAddress string: Specify the admin email for users to contact when the mode is customizedblockpage.
mailtoSubject string: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
mode string: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
name string: Specify the block page title when the mode is customizedblockpage.
readOnly boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount string: Indicate the account tag of the account that shared this setting.
suppressFooter boolean: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
targetUri string: Specify the URI to redirect users to when the mode is redirect_uri.
version number: Indicate the version number of the setting.

background_color str: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
enabled bool: Specify whether to enable the custom block page.
footer_text str: Specify the block page footer text when the mode is customizedblockpage.
header_text str: Specify the block page header text when the mode is customizedblockpage.
include_context bool: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
logo_path str: Specify the full URL to the logo file when the mode is customizedblockpage.
mailto_address str: Specify the admin email for users to contact when the mode is customizedblockpage.
mailto_subject str: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
mode str: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
name str: Specify the block page title when the mode is customizedblockpage.
read_only bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
source_account str: Indicate the account tag of the account that shared this setting.
suppress_footer bool: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
target_uri str: Specify the URI to redirect users to when the mode is redirect_uri.
version int: Indicate the version number of the setting.

backgroundColor String: Specify the block page background color in #rrggbb format when the mode is customizedblockpage.
enabled Boolean: Specify whether to enable the custom block page.
footerText String: Specify the block page footer text when the mode is customizedblockpage.
headerText String: Specify the block page header text when the mode is customizedblockpage.
includeContext Boolean: Specify whether to append context to targeturi as query parameters. This applies only when the mode is redirecturi.
logoPath String: Specify the full URL to the logo file when the mode is customizedblockpage.
mailtoAddress String: Specify the admin email for users to contact when the mode is customizedblockpage.
mailtoSubject String: Specify the subject line for emails created from the block page when the mode is customizedblockpage.
mode String: Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Available values: "", "customizedblockpage", <span pulumi-lang-nodejs=""redirectUri"" pulumi-lang-dotnet=""RedirectUri"" pulumi-lang-go=""redirectUri"" pulumi-lang-python=""redirect_uri"" pulumi-lang-yaml=""redirectUri"" pulumi-lang-java=""redirectUri"">"redirect_uri".
name String: Specify the block page title when the mode is customizedblockpage.
readOnly Boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount String: Indicate the account tag of the account that shared this setting.
suppressFooter Boolean: Specify whether to suppress detailed information at the bottom of the block page when the mode is customizedblockpage.
targetUri String: Specify the URI to redirect users to when the mode is redirect_uri.
version Number: Indicate the version number of the setting.

GetZeroTrustGatewaySettingsSettingsBodyScanning

InspectionMode string: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

InspectionMode string: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

inspectionMode String: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

inspectionMode string: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

inspection_mode str: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

inspectionMode String: Specify the inspection mode as either deep or shallow. Available values: "deep", "shallow".

GetZeroTrustGatewaySettingsSettingsBrowserIsolation

NonIdentityEnabled bool: Specify whether to enable non-identity onramp support for Browser Isolation.
UrlBrowserIsolationEnabled bool: Specify whether to enable Clientless Browser Isolation.

NonIdentityEnabled bool: Specify whether to enable non-identity onramp support for Browser Isolation.
UrlBrowserIsolationEnabled bool: Specify whether to enable Clientless Browser Isolation.

nonIdentityEnabled Boolean: Specify whether to enable non-identity onramp support for Browser Isolation.
urlBrowserIsolationEnabled Boolean: Specify whether to enable Clientless Browser Isolation.

nonIdentityEnabled boolean: Specify whether to enable non-identity onramp support for Browser Isolation.
urlBrowserIsolationEnabled boolean: Specify whether to enable Clientless Browser Isolation.

non_identity_enabled bool: Specify whether to enable non-identity onramp support for Browser Isolation.
url_browser_isolation_enabled bool: Specify whether to enable Clientless Browser Isolation.

nonIdentityEnabled Boolean: Specify whether to enable non-identity onramp support for Browser Isolation.
urlBrowserIsolationEnabled Boolean: Specify whether to enable Clientless Browser Isolation.

GetZeroTrustGatewaySettingsSettingsCertificate

Id string: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

Id string: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

id String: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

id string: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

id str: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

id String: Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA.

GetZeroTrustGatewaySettingsSettingsCustomCertificate

BindingStatus string: Indicate the internal certificate status.
Enabled bool: Specify whether to enable a custom certificate authority for signing Gateway traffic.
Id string: Specify the UUID of the certificate (ID from MTLS certificate store).
UpdatedAt string

BindingStatus string: Indicate the internal certificate status.
Enabled bool: Specify whether to enable a custom certificate authority for signing Gateway traffic.
Id string: Specify the UUID of the certificate (ID from MTLS certificate store).
UpdatedAt string

bindingStatus String: Indicate the internal certificate status.
enabled Boolean: Specify whether to enable a custom certificate authority for signing Gateway traffic.
id String: Specify the UUID of the certificate (ID from MTLS certificate store).
updatedAt String

bindingStatus string: Indicate the internal certificate status.
enabled boolean: Specify whether to enable a custom certificate authority for signing Gateway traffic.
id string: Specify the UUID of the certificate (ID from MTLS certificate store).
updatedAt string

binding_status str: Indicate the internal certificate status.
enabled bool: Specify whether to enable a custom certificate authority for signing Gateway traffic.
id str: Specify the UUID of the certificate (ID from MTLS certificate store).
updated_at str

bindingStatus String: Indicate the internal certificate status.
enabled Boolean: Specify whether to enable a custom certificate authority for signing Gateway traffic.
id String: Specify the UUID of the certificate (ID from MTLS certificate store).
updatedAt String

GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching

Enabled bool: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
ReadOnly bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
SourceAccount string: Indicate the account tag of the account that shared this setting.
Version int: Indicate the version number of the setting.

Enabled bool: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
ReadOnly bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
SourceAccount string: Indicate the account tag of the account that shared this setting.
Version int: Indicate the version number of the setting.

enabled Boolean: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
readOnly Boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount String: Indicate the account tag of the account that shared this setting.
version Integer: Indicate the version number of the setting.

enabled boolean: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
readOnly boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount string: Indicate the account tag of the account that shared this setting.
version number: Indicate the version number of the setting.

enabled bool: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
read_only bool: Indicate that this setting was shared via the Orgs API and read only for the current account.
source_account str: Indicate the account tag of the account that shared this setting.
version int: Indicate the version number of the setting.

enabled Boolean: Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
readOnly Boolean: Indicate that this setting was shared via the Orgs API and read only for the current account.
sourceAccount String: Indicate the account tag of the account that shared this setting.
version Number: Indicate the version number of the setting.

GetZeroTrustGatewaySettingsSettingsFips

Tls bool: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

Tls bool: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

tls Boolean: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

tls boolean: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

tls bool: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

tls Boolean: Enforce cipher suites and TLS versions compliant with FIPS 140-2.

GetZeroTrustGatewaySettingsSettingsHostSelector

Enabled bool: Specify whether to enable filtering via hosts for egress policies.

Enabled bool: Specify whether to enable filtering via hosts for egress policies.

enabled Boolean: Specify whether to enable filtering via hosts for egress policies.

enabled boolean: Specify whether to enable filtering via hosts for egress policies.

enabled bool: Specify whether to enable filtering via hosts for egress policies.

enabled Boolean: Specify whether to enable filtering via hosts for egress policies.

GetZeroTrustGatewaySettingsSettingsInspection

Mode string: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

Mode string: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

mode String: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

mode string: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

mode str: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

mode String: Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Available values: "static", "dynamic".

GetZeroTrustGatewaySettingsSettingsProtocolDetection

Enabled bool: Specify whether to detect protocols from the initial bytes of client traffic.

Enabled bool: Specify whether to detect protocols from the initial bytes of client traffic.

enabled Boolean: Specify whether to detect protocols from the initial bytes of client traffic.

enabled boolean: Specify whether to detect protocols from the initial bytes of client traffic.

enabled bool: Specify whether to detect protocols from the initial bytes of client traffic.

enabled Boolean: Specify whether to detect protocols from the initial bytes of client traffic.

GetZeroTrustGatewaySettingsSettingsSandbox

Enabled bool: Specify whether to enable the sandbox.
FallbackAction string: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

Enabled bool: Specify whether to enable the sandbox.
FallbackAction string: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

enabled Boolean: Specify whether to enable the sandbox.
fallbackAction String: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

enabled boolean: Specify whether to enable the sandbox.
fallbackAction string: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

enabled bool: Specify whether to enable the sandbox.
fallback_action str: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

enabled Boolean: Specify whether to enable the sandbox.
fallbackAction String: Specify the action to take when the system cannot scan the file. Available values: "allow", "block".

GetZeroTrustGatewaySettingsSettingsTlsDecrypt

Enabled bool: Specify whether to inspect encrypted HTTP traffic.

Enabled bool: Specify whether to inspect encrypted HTTP traffic.

enabled Boolean: Specify whether to inspect encrypted HTTP traffic.

enabled boolean: Specify whether to inspect encrypted HTTP traffic.

enabled bool: Specify whether to inspect encrypted HTTP traffic.

enabled Boolean: Specify whether to inspect encrypted HTTP traffic.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.10.1 published on Wednesday, Oct 22, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustGatewaySettings

On this page

On this page

Example Usage

Using getZeroTrustGatewaySettings

getZeroTrustGatewaySettings Result

Supporting Types

GetZeroTrustGatewaySettingsSettings

GetZeroTrustGatewaySettingsSettingsActivityLog

GetZeroTrustGatewaySettingsSettingsAntivirus

GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings

GetZeroTrustGatewaySettingsSettingsBlockPage

GetZeroTrustGatewaySettingsSettingsBodyScanning

GetZeroTrustGatewaySettingsSettingsBrowserIsolation

GetZeroTrustGatewaySettingsSettingsCertificate

GetZeroTrustGatewaySettingsSettingsCustomCertificate

GetZeroTrustGatewaySettingsSettingsExtendedEmailMatching

GetZeroTrustGatewaySettingsSettingsFips

GetZeroTrustGatewaySettingsSettingsHostSelector

GetZeroTrustGatewaySettingsSettingsInspection

GetZeroTrustGatewaySettingsSettingsProtocolDetection

GetZeroTrustGatewaySettingsSettingsSandbox

GetZeroTrustGatewaySettingsSettingsTlsDecrypt

Package Details

On this page

On this page