Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.ZeroTrustDeviceCustomProfile

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustDeviceCustomProfile = new cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile", {
    accountId: "699d98642c564d2e855e9661899b7252",
    match: "identity.email == \"test@cloudflare.com\"",
    name: "Allow Developers",
    precedence: 100,
    allowModeSwitch: true,
    allowUpdates: true,
    allowedToLeave: true,
    autoConnect: 0,
    captivePortal: 180,
    description: "Policy for test teams.",
    disableAutoFallback: true,
    enabled: true,
    excludes: [{
        address: "192.0.2.0/24",
        description: "Exclude testing domains from the tunnel",
    }],
    excludeOfficeIps: true,
    includes: [{
        address: "192.0.2.0/24",
        description: "Include testing domains in the tunnel",
    }],
    lanAllowMinutes: 30,
    lanAllowSubnetSize: 24,
    registerInterfaceIpWithDns: true,
    serviceModeV2: {
        mode: "proxy",
        port: 3000,
    },
    supportUrl: "https://1.1.1.1/help",
    switchLocked: true,
    tunnelProtocol: "wireguard",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_device_custom_profile = cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile",
    account_id="699d98642c564d2e855e9661899b7252",
    match="identity.email == \"test@cloudflare.com\"",
    name="Allow Developers",
    precedence=100,
    allow_mode_switch=True,
    allow_updates=True,
    allowed_to_leave=True,
    auto_connect=0,
    captive_portal=180,
    description="Policy for test teams.",
    disable_auto_fallback=True,
    enabled=True,
    excludes=[{
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel",
    }],
    exclude_office_ips=True,
    includes=[{
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel",
    }],
    lan_allow_minutes=30,
    lan_allow_subnet_size=24,
    register_interface_ip_with_dns=True,
    service_mode_v2={
        "mode": "proxy",
        "port": 3000,
    },
    support_url="https://1.1.1.1/help",
    switch_locked=True,
    tunnel_protocol="wireguard")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewZeroTrustDeviceCustomProfile(ctx, "example_zero_trust_device_custom_profile", &cloudflare.ZeroTrustDeviceCustomProfileArgs{
			AccountId:           pulumi.String("699d98642c564d2e855e9661899b7252"),
			Match:               pulumi.String("identity.email == \"test@cloudflare.com\""),
			Name:                pulumi.String("Allow Developers"),
			Precedence:          pulumi.Float64(100),
			AllowModeSwitch:     pulumi.Bool(true),
			AllowUpdates:        pulumi.Bool(true),
			AllowedToLeave:      pulumi.Bool(true),
			AutoConnect:         pulumi.Float64(0),
			CaptivePortal:       pulumi.Float64(180),
			Description:         pulumi.String("Policy for test teams."),
			DisableAutoFallback: pulumi.Bool(true),
			Enabled:             pulumi.Bool(true),
			Excludes: cloudflare.ZeroTrustDeviceCustomProfileExcludeArray{
				&cloudflare.ZeroTrustDeviceCustomProfileExcludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Exclude testing domains from the tunnel"),
				},
			},
			ExcludeOfficeIps: pulumi.Bool(true),
			Includes: cloudflare.ZeroTrustDeviceCustomProfileIncludeArray{
				&cloudflare.ZeroTrustDeviceCustomProfileIncludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Include testing domains in the tunnel"),
				},
			},
			LanAllowMinutes:            pulumi.Float64(30),
			LanAllowSubnetSize:         pulumi.Float64(24),
			RegisterInterfaceIpWithDns: pulumi.Bool(true),
			ServiceModeV2: &cloudflare.ZeroTrustDeviceCustomProfileServiceModeV2Args{
				Mode: pulumi.String("proxy"),
				Port: pulumi.Float64(3000),
			},
			SupportUrl:     pulumi.String("https://1.1.1.1/help"),
			SwitchLocked:   pulumi.Bool(true),
			TunnelProtocol: pulumi.String("wireguard"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustDeviceCustomProfile = new Cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile", new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
        Match = "identity.email == \"test@cloudflare.com\"",
        Name = "Allow Developers",
        Precedence = 100,
        AllowModeSwitch = true,
        AllowUpdates = true,
        AllowedToLeave = true,
        AutoConnect = 0,
        CaptivePortal = 180,
        Description = "Policy for test teams.",
        DisableAutoFallback = true,
        Enabled = true,
        Excludes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileExcludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Exclude testing domains from the tunnel",
            },
        },
        ExcludeOfficeIps = true,
        Includes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileIncludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Include testing domains in the tunnel",
            },
        },
        LanAllowMinutes = 30,
        LanAllowSubnetSize = 24,
        RegisterInterfaceIpWithDns = true,
        ServiceModeV2 = new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileServiceModeV2Args
        {
            Mode = "proxy",
            Port = 3000,
        },
        SupportUrl = "https://1.1.1.1/help",
        SwitchLocked = true,
        TunnelProtocol = "wireguard",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustDeviceCustomProfile;
import com.pulumi.cloudflare.ZeroTrustDeviceCustomProfileArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileExcludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileIncludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileServiceModeV2Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleZeroTrustDeviceCustomProfile = new ZeroTrustDeviceCustomProfile("exampleZeroTrustDeviceCustomProfile", ZeroTrustDeviceCustomProfileArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .match("identity.email == \"test@cloudflare.com\"")
            .name("Allow Developers")
            .precedence(100.0)
            .allowModeSwitch(true)
            .allowUpdates(true)
            .allowedToLeave(true)
            .autoConnect(0.0)
            .captivePortal(180.0)
            .description("Policy for test teams.")
            .disableAutoFallback(true)
            .enabled(true)
            .excludes(ZeroTrustDeviceCustomProfileExcludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Exclude testing domains from the tunnel")
                .build())
            .excludeOfficeIps(true)
            .includes(ZeroTrustDeviceCustomProfileIncludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Include testing domains in the tunnel")
                .build())
            .lanAllowMinutes(30.0)
            .lanAllowSubnetSize(24.0)
            .registerInterfaceIpWithDns(true)
            .serviceModeV2(ZeroTrustDeviceCustomProfileServiceModeV2Args.builder()
                .mode("proxy")
                .port(3000.0)
                .build())
            .supportUrl("https://1.1.1.1/help")
            .switchLocked(true)
            .tunnelProtocol("wireguard")
            .build());

    }
}

resources:
  exampleZeroTrustDeviceCustomProfile:
    type: cloudflare:ZeroTrustDeviceCustomProfile
    name: example_zero_trust_device_custom_profile
    properties:
      accountId: 699d98642c564d2e855e9661899b7252
      match: identity.email == "test@cloudflare.com"
      name: Allow Developers
      precedence: 100
      allowModeSwitch: true
      allowUpdates: true
      allowedToLeave: true
      autoConnect: 0
      captivePortal: 180
      description: Policy for test teams.
      disableAutoFallback: true
      enabled: true
      excludes:
        - address: 192.0.2.0/24
          description: Exclude testing domains from the tunnel
      excludeOfficeIps: true
      includes:
        - address: 192.0.2.0/24
          description: Include testing domains in the tunnel
      lanAllowMinutes: 30
      lanAllowSubnetSize: 24
      registerInterfaceIpWithDns: true
      serviceModeV2:
        mode: proxy
        port: 3000
      supportUrl: https://1.1.1.1/help
      switchLocked: true
      tunnelProtocol: wireguard

Create ZeroTrustDeviceCustomProfile Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ZeroTrustDeviceCustomProfile(name: string, args: ZeroTrustDeviceCustomProfileArgs, opts?: CustomResourceOptions);

@overload
def ZeroTrustDeviceCustomProfile(resource_name: str,
                                 args: ZeroTrustDeviceCustomProfileArgs,
                                 opts: Optional[ResourceOptions] = None)

@overload
def ZeroTrustDeviceCustomProfile(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 account_id: Optional[str] = None,
                                 precedence: Optional[float] = None,
                                 name: Optional[str] = None,
                                 match: Optional[str] = None,
                                 captive_portal: Optional[float] = None,
                                 lan_allow_subnet_size: Optional[float] = None,
                                 description: Optional[str] = None,
                                 disable_auto_fallback: Optional[bool] = None,
                                 enabled: Optional[bool] = None,
                                 exclude_office_ips: Optional[bool] = None,
                                 excludes: Optional[Sequence[ZeroTrustDeviceCustomProfileExcludeArgs]] = None,
                                 includes: Optional[Sequence[ZeroTrustDeviceCustomProfileIncludeArgs]] = None,
                                 lan_allow_minutes: Optional[float] = None,
                                 auto_connect: Optional[float] = None,
                                 allowed_to_leave: Optional[bool] = None,
                                 allow_updates: Optional[bool] = None,
                                 allow_mode_switch: Optional[bool] = None,
                                 register_interface_ip_with_dns: Optional[bool] = None,
                                 service_mode_v2: Optional[ZeroTrustDeviceCustomProfileServiceModeV2Args] = None,
                                 support_url: Optional[str] = None,
                                 switch_locked: Optional[bool] = None,
                                 tunnel_protocol: Optional[str] = None)

func NewZeroTrustDeviceCustomProfile(ctx *Context, name string, args ZeroTrustDeviceCustomProfileArgs, opts ...ResourceOption) (*ZeroTrustDeviceCustomProfile, error)

public ZeroTrustDeviceCustomProfile(string name, ZeroTrustDeviceCustomProfileArgs args, CustomResourceOptions? opts = null)

public ZeroTrustDeviceCustomProfile(String name, ZeroTrustDeviceCustomProfileArgs args)
public ZeroTrustDeviceCustomProfile(String name, ZeroTrustDeviceCustomProfileArgs args, CustomResourceOptions options)

type: cloudflare:ZeroTrustDeviceCustomProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ZeroTrustDeviceCustomProfileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ZeroTrustDeviceCustomProfileArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ZeroTrustDeviceCustomProfileArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ZeroTrustDeviceCustomProfileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ZeroTrustDeviceCustomProfileArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var zeroTrustDeviceCustomProfileResource = new Cloudflare.ZeroTrustDeviceCustomProfile("zeroTrustDeviceCustomProfileResource", new()
{
    AccountId = "string",
    Precedence = 0,
    Name = "string",
    Match = "string",
    CaptivePortal = 0,
    LanAllowSubnetSize = 0,
    Description = "string",
    DisableAutoFallback = false,
    Enabled = false,
    ExcludeOfficeIps = false,
    Excludes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileExcludeArgs
        {
            Address = "string",
            Description = "string",
            Host = "string",
        },
    },
    Includes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileIncludeArgs
        {
            Address = "string",
            Description = "string",
            Host = "string",
        },
    },
    LanAllowMinutes = 0,
    AutoConnect = 0,
    AllowedToLeave = false,
    AllowUpdates = false,
    AllowModeSwitch = false,
    RegisterInterfaceIpWithDns = false,
    ServiceModeV2 = new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileServiceModeV2Args
    {
        Mode = "string",
        Port = 0,
    },
    SupportUrl = "string",
    SwitchLocked = false,
    TunnelProtocol = "string",
});

example, err := cloudflare.NewZeroTrustDeviceCustomProfile(ctx, "zeroTrustDeviceCustomProfileResource", &cloudflare.ZeroTrustDeviceCustomProfileArgs{
	AccountId:           pulumi.String("string"),
	Precedence:          pulumi.Float64(0),
	Name:                pulumi.String("string"),
	Match:               pulumi.String("string"),
	CaptivePortal:       pulumi.Float64(0),
	LanAllowSubnetSize:  pulumi.Float64(0),
	Description:         pulumi.String("string"),
	DisableAutoFallback: pulumi.Bool(false),
	Enabled:             pulumi.Bool(false),
	ExcludeOfficeIps:    pulumi.Bool(false),
	Excludes: cloudflare.ZeroTrustDeviceCustomProfileExcludeArray{
		&cloudflare.ZeroTrustDeviceCustomProfileExcludeArgs{
			Address:     pulumi.String("string"),
			Description: pulumi.String("string"),
			Host:        pulumi.String("string"),
		},
	},
	Includes: cloudflare.ZeroTrustDeviceCustomProfileIncludeArray{
		&cloudflare.ZeroTrustDeviceCustomProfileIncludeArgs{
			Address:     pulumi.String("string"),
			Description: pulumi.String("string"),
			Host:        pulumi.String("string"),
		},
	},
	LanAllowMinutes:            pulumi.Float64(0),
	AutoConnect:                pulumi.Float64(0),
	AllowedToLeave:             pulumi.Bool(false),
	AllowUpdates:               pulumi.Bool(false),
	AllowModeSwitch:            pulumi.Bool(false),
	RegisterInterfaceIpWithDns: pulumi.Bool(false),
	ServiceModeV2: &cloudflare.ZeroTrustDeviceCustomProfileServiceModeV2Args{
		Mode: pulumi.String("string"),
		Port: pulumi.Float64(0),
	},
	SupportUrl:     pulumi.String("string"),
	SwitchLocked:   pulumi.Bool(false),
	TunnelProtocol: pulumi.String("string"),
})

var zeroTrustDeviceCustomProfileResource = new ZeroTrustDeviceCustomProfile("zeroTrustDeviceCustomProfileResource", ZeroTrustDeviceCustomProfileArgs.builder()
    .accountId("string")
    .precedence(0)
    .name("string")
    .match("string")
    .captivePortal(0)
    .lanAllowSubnetSize(0)
    .description("string")
    .disableAutoFallback(false)
    .enabled(false)
    .excludeOfficeIps(false)
    .excludes(ZeroTrustDeviceCustomProfileExcludeArgs.builder()
        .address("string")
        .description("string")
        .host("string")
        .build())
    .includes(ZeroTrustDeviceCustomProfileIncludeArgs.builder()
        .address("string")
        .description("string")
        .host("string")
        .build())
    .lanAllowMinutes(0)
    .autoConnect(0)
    .allowedToLeave(false)
    .allowUpdates(false)
    .allowModeSwitch(false)
    .registerInterfaceIpWithDns(false)
    .serviceModeV2(ZeroTrustDeviceCustomProfileServiceModeV2Args.builder()
        .mode("string")
        .port(0)
        .build())
    .supportUrl("string")
    .switchLocked(false)
    .tunnelProtocol("string")
    .build());

zero_trust_device_custom_profile_resource = cloudflare.ZeroTrustDeviceCustomProfile("zeroTrustDeviceCustomProfileResource",
    account_id="string",
    precedence=0,
    name="string",
    match="string",
    captive_portal=0,
    lan_allow_subnet_size=0,
    description="string",
    disable_auto_fallback=False,
    enabled=False,
    exclude_office_ips=False,
    excludes=[{
        "address": "string",
        "description": "string",
        "host": "string",
    }],
    includes=[{
        "address": "string",
        "description": "string",
        "host": "string",
    }],
    lan_allow_minutes=0,
    auto_connect=0,
    allowed_to_leave=False,
    allow_updates=False,
    allow_mode_switch=False,
    register_interface_ip_with_dns=False,
    service_mode_v2={
        "mode": "string",
        "port": 0,
    },
    support_url="string",
    switch_locked=False,
    tunnel_protocol="string")

const zeroTrustDeviceCustomProfileResource = new cloudflare.ZeroTrustDeviceCustomProfile("zeroTrustDeviceCustomProfileResource", {
    accountId: "string",
    precedence: 0,
    name: "string",
    match: "string",
    captivePortal: 0,
    lanAllowSubnetSize: 0,
    description: "string",
    disableAutoFallback: false,
    enabled: false,
    excludeOfficeIps: false,
    excludes: [{
        address: "string",
        description: "string",
        host: "string",
    }],
    includes: [{
        address: "string",
        description: "string",
        host: "string",
    }],
    lanAllowMinutes: 0,
    autoConnect: 0,
    allowedToLeave: false,
    allowUpdates: false,
    allowModeSwitch: false,
    registerInterfaceIpWithDns: false,
    serviceModeV2: {
        mode: "string",
        port: 0,
    },
    supportUrl: "string",
    switchLocked: false,
    tunnelProtocol: "string",
});

type: cloudflare:ZeroTrustDeviceCustomProfile
properties:
    accountId: string
    allowModeSwitch: false
    allowUpdates: false
    allowedToLeave: false
    autoConnect: 0
    captivePortal: 0
    description: string
    disableAutoFallback: false
    enabled: false
    excludeOfficeIps: false
    excludes:
        - address: string
          description: string
          host: string
    includes:
        - address: string
          description: string
          host: string
    lanAllowMinutes: 0
    lanAllowSubnetSize: 0
    match: string
    name: string
    precedence: 0
    registerInterfaceIpWithDns: false
    serviceModeV2:
        mode: string
        port: 0
    supportUrl: string
    switchLocked: false
    tunnelProtocol: string

ZeroTrustDeviceCustomProfile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ZeroTrustDeviceCustomProfile resource accepts the following input properties:

AccountId string
Match string: The wirefilter expression to match devices.
Name string: The name of the device settings profile.
Precedence double: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect double: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal double: Turn on the captive portal after the specified amount of time.
Description string: A description of the policy.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes List<ZeroTrustDeviceCustomProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
Includes List<ZeroTrustDeviceCustomProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
LanAllowMinutes double: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
LanAllowSubnetSize double: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

AccountId string
Match string: The wirefilter expression to match devices.
Name string: The name of the device settings profile.
Precedence float64: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect float64: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal float64: Turn on the captive portal after the specified amount of time.
Description string: A description of the policy.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes []ZeroTrustDeviceCustomProfileExcludeArgs: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
Includes []ZeroTrustDeviceCustomProfileIncludeArgs: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
LanAllowMinutes float64: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
LanAllowSubnetSize float64: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2Args
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

accountId String
match String: The wirefilter expression to match devices.
name String: The name of the device settings profile.
precedence Double: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Double: The amount of time in seconds to reconnect after having been disabled.
captivePortal Double: Turn on the captive portal after the specified amount of time.
description String: A description of the policy.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<ZeroTrustDeviceCustomProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes List<ZeroTrustDeviceCustomProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes Double: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize Double: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

accountId string
match string: The wirefilter expression to match devices.
name string: The name of the device settings profile.
precedence number: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
allowModeSwitch boolean: Whether to allow the user to switch WARP between modes.
allowUpdates boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave boolean: Whether to allow devices to leave the organization.
autoConnect number: The amount of time in seconds to reconnect after having been disabled.
captivePortal number: Turn on the captive portal after the specified amount of time.
description string: A description of the policy.
disableAutoFallback boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes ZeroTrustDeviceCustomProfileExclude[]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes ZeroTrustDeviceCustomProfileInclude[]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes number: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize number: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
registerInterfaceIpWithDns boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
supportUrl string: The URL to launch when the Send Feedback button is clicked.
switchLocked boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol string: Determines which tunnel protocol to use.

account_id str
match str: The wirefilter expression to match devices.
name str: The name of the device settings profile.
precedence float: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
allow_mode_switch bool: Whether to allow the user to switch WARP between modes.
allow_updates bool: Whether to receive update notifications when a new version of the client is available.
allowed_to_leave bool: Whether to allow devices to leave the organization.
auto_connect float: The amount of time in seconds to reconnect after having been disabled.
captive_portal float: Turn on the captive portal after the specified amount of time.
description str: A description of the policy.
disable_auto_fallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled bool: Whether the policy will be applied to matching devices.
exclude_office_ips bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes Sequence[ZeroTrustDeviceCustomProfileExcludeArgs]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes Sequence[ZeroTrustDeviceCustomProfileIncludeArgs]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lan_allow_minutes float: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lan_allow_subnet_size float: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
register_interface_ip_with_dns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
service_mode_v2 ZeroTrustDeviceCustomProfileServiceModeV2Args
support_url str: The URL to launch when the Send Feedback button is clicked.
switch_locked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnel_protocol str: Determines which tunnel protocol to use.

accountId String
match String: The wirefilter expression to match devices.
name String: The name of the device settings profile.
precedence Number: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Number: The amount of time in seconds to reconnect after having been disabled.
captivePortal Number: Turn on the captive portal after the specified amount of time.
description String: A description of the policy.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<Property Map>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes List<Property Map>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes Number: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize Number: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 Property Map
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

Outputs

All input properties are implicitly available as output properties. Additionally, the ZeroTrustDeviceCustomProfile resource produces the following output properties:

Default bool: Whether the policy is the default policy for an account.
FallbackDomains List<ZeroTrustDeviceCustomProfileFallbackDomain>
GatewayUniqueId string
Id string: The provider-assigned unique ID for this managed resource.
PolicyId string
TargetTests List<ZeroTrustDeviceCustomProfileTargetTest>

Default bool: Whether the policy is the default policy for an account.
FallbackDomains []ZeroTrustDeviceCustomProfileFallbackDomain
GatewayUniqueId string
Id string: The provider-assigned unique ID for this managed resource.
PolicyId string
TargetTests []ZeroTrustDeviceCustomProfileTargetTest

default_ Boolean: Whether the policy is the default policy for an account.
fallbackDomains List<ZeroTrustDeviceCustomProfileFallbackDomain>
gatewayUniqueId String
id String: The provider-assigned unique ID for this managed resource.
policyId String
targetTests List<ZeroTrustDeviceCustomProfileTargetTest>

default boolean: Whether the policy is the default policy for an account.
fallbackDomains ZeroTrustDeviceCustomProfileFallbackDomain[]
gatewayUniqueId string
id string: The provider-assigned unique ID for this managed resource.
policyId string
targetTests ZeroTrustDeviceCustomProfileTargetTest[]

default bool: Whether the policy is the default policy for an account.
fallback_domains Sequence[ZeroTrustDeviceCustomProfileFallbackDomain]
gateway_unique_id str
id str: The provider-assigned unique ID for this managed resource.
policy_id str
target_tests Sequence[ZeroTrustDeviceCustomProfileTargetTest]

default Boolean: Whether the policy is the default policy for an account.
fallbackDomains List<Property Map>
gatewayUniqueId String
id String: The provider-assigned unique ID for this managed resource.
policyId String
targetTests List<Property Map>

Look up Existing ZeroTrustDeviceCustomProfile Resource

Get an existing ZeroTrustDeviceCustomProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ZeroTrustDeviceCustomProfileState, opts?: CustomResourceOptions): ZeroTrustDeviceCustomProfile

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allow_mode_switch: Optional[bool] = None,
        allow_updates: Optional[bool] = None,
        allowed_to_leave: Optional[bool] = None,
        auto_connect: Optional[float] = None,
        captive_portal: Optional[float] = None,
        default: Optional[bool] = None,
        description: Optional[str] = None,
        disable_auto_fallback: Optional[bool] = None,
        enabled: Optional[bool] = None,
        exclude_office_ips: Optional[bool] = None,
        excludes: Optional[Sequence[ZeroTrustDeviceCustomProfileExcludeArgs]] = None,
        fallback_domains: Optional[Sequence[ZeroTrustDeviceCustomProfileFallbackDomainArgs]] = None,
        gateway_unique_id: Optional[str] = None,
        includes: Optional[Sequence[ZeroTrustDeviceCustomProfileIncludeArgs]] = None,
        lan_allow_minutes: Optional[float] = None,
        lan_allow_subnet_size: Optional[float] = None,
        match: Optional[str] = None,
        name: Optional[str] = None,
        policy_id: Optional[str] = None,
        precedence: Optional[float] = None,
        register_interface_ip_with_dns: Optional[bool] = None,
        service_mode_v2: Optional[ZeroTrustDeviceCustomProfileServiceModeV2Args] = None,
        support_url: Optional[str] = None,
        switch_locked: Optional[bool] = None,
        target_tests: Optional[Sequence[ZeroTrustDeviceCustomProfileTargetTestArgs]] = None,
        tunnel_protocol: Optional[str] = None) -> ZeroTrustDeviceCustomProfile

func GetZeroTrustDeviceCustomProfile(ctx *Context, name string, id IDInput, state *ZeroTrustDeviceCustomProfileState, opts ...ResourceOption) (*ZeroTrustDeviceCustomProfile, error)

public static ZeroTrustDeviceCustomProfile Get(string name, Input<string> id, ZeroTrustDeviceCustomProfileState? state, CustomResourceOptions? opts = null)

public static ZeroTrustDeviceCustomProfile get(String name, Output<String> id, ZeroTrustDeviceCustomProfileState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:ZeroTrustDeviceCustomProfile    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect double: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal double: Turn on the captive portal after the specified amount of time.
Default bool: Whether the policy is the default policy for an account.
Description string: A description of the policy.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes List<ZeroTrustDeviceCustomProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
FallbackDomains List<ZeroTrustDeviceCustomProfileFallbackDomain>
GatewayUniqueId string
Includes List<ZeroTrustDeviceCustomProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
LanAllowMinutes double: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
LanAllowSubnetSize double: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
Match string: The wirefilter expression to match devices.
Name string: The name of the device settings profile.
PolicyId string
Precedence double: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TargetTests List<ZeroTrustDeviceCustomProfileTargetTest>
TunnelProtocol string: Determines which tunnel protocol to use.

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect float64: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal float64: Turn on the captive portal after the specified amount of time.
Default bool: Whether the policy is the default policy for an account.
Description string: A description of the policy.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes []ZeroTrustDeviceCustomProfileExcludeArgs: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
FallbackDomains []ZeroTrustDeviceCustomProfileFallbackDomainArgs
GatewayUniqueId string
Includes []ZeroTrustDeviceCustomProfileIncludeArgs: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
LanAllowMinutes float64: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
LanAllowSubnetSize float64: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
Match string: The wirefilter expression to match devices.
Name string: The name of the device settings profile.
PolicyId string
Precedence float64: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2Args
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TargetTests []ZeroTrustDeviceCustomProfileTargetTestArgs
TunnelProtocol string: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Double: The amount of time in seconds to reconnect after having been disabled.
captivePortal Double: Turn on the captive portal after the specified amount of time.
default_ Boolean: Whether the policy is the default policy for an account.
description String: A description of the policy.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<ZeroTrustDeviceCustomProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains List<ZeroTrustDeviceCustomProfileFallbackDomain>
gatewayUniqueId String
includes List<ZeroTrustDeviceCustomProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes Double: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize Double: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
match String: The wirefilter expression to match devices.
name String: The name of the device settings profile.
policyId String
precedence Double: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
targetTests List<ZeroTrustDeviceCustomProfileTargetTest>
tunnelProtocol String: Determines which tunnel protocol to use.

accountId string
allowModeSwitch boolean: Whether to allow the user to switch WARP between modes.
allowUpdates boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave boolean: Whether to allow devices to leave the organization.
autoConnect number: The amount of time in seconds to reconnect after having been disabled.
captivePortal number: Turn on the captive portal after the specified amount of time.
default boolean: Whether the policy is the default policy for an account.
description string: A description of the policy.
disableAutoFallback boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes ZeroTrustDeviceCustomProfileExclude[]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains ZeroTrustDeviceCustomProfileFallbackDomain[]
gatewayUniqueId string
includes ZeroTrustDeviceCustomProfileInclude[]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes number: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize number: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
match string: The wirefilter expression to match devices.
name string: The name of the device settings profile.
policyId string
precedence number: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
registerInterfaceIpWithDns boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceCustomProfileServiceModeV2
supportUrl string: The URL to launch when the Send Feedback button is clicked.
switchLocked boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
targetTests ZeroTrustDeviceCustomProfileTargetTest[]
tunnelProtocol string: Determines which tunnel protocol to use.

account_id str
allow_mode_switch bool: Whether to allow the user to switch WARP between modes.
allow_updates bool: Whether to receive update notifications when a new version of the client is available.
allowed_to_leave bool: Whether to allow devices to leave the organization.
auto_connect float: The amount of time in seconds to reconnect after having been disabled.
captive_portal float: Turn on the captive portal after the specified amount of time.
default bool: Whether the policy is the default policy for an account.
description str: A description of the policy.
disable_auto_fallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled bool: Whether the policy will be applied to matching devices.
exclude_office_ips bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes Sequence[ZeroTrustDeviceCustomProfileExcludeArgs]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallback_domains Sequence[ZeroTrustDeviceCustomProfileFallbackDomainArgs]
gateway_unique_id str
includes Sequence[ZeroTrustDeviceCustomProfileIncludeArgs]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lan_allow_minutes float: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lan_allow_subnet_size float: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
match str: The wirefilter expression to match devices.
name str: The name of the device settings profile.
policy_id str
precedence float: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
register_interface_ip_with_dns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
service_mode_v2 ZeroTrustDeviceCustomProfileServiceModeV2Args
support_url str: The URL to launch when the Send Feedback button is clicked.
switch_locked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
target_tests Sequence[ZeroTrustDeviceCustomProfileTargetTestArgs]
tunnel_protocol str: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Number: The amount of time in seconds to reconnect after having been disabled.
captivePortal Number: Turn on the captive portal after the specified amount of time.
default Boolean: Whether the policy is the default policy for an account.
description String: A description of the policy.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<Property Map>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains List<Property Map>
gatewayUniqueId String
includes List<Property Map>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
lanAllowMinutes Number: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lanAllowSubnetSize Number: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
match String: The wirefilter expression to match devices.
name String: The name of the device settings profile.
policyId String
precedence Number: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 Property Map
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
targetTests List<Property Map>
tunnelProtocol String: Determines which tunnel protocol to use.

Supporting Types

ZeroTrustDeviceCustomProfileExclude, ZeroTrustDeviceCustomProfileExcludeArgs

Address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

Address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to exclude from the tunnel. If host is present, address must not be present.

address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description string: A description of the Split Tunnel item, displayed in the client UI.
host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

address str: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description str: A description of the Split Tunnel item, displayed in the client UI.
host str: The domain name to exclude from the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to exclude from the tunnel. If host is present, address must not be present.

ZeroTrustDeviceCustomProfileFallbackDomain, ZeroTrustDeviceCustomProfileFallbackDomainArgs

Description string: A description of the fallback domain, displayed in the client UI.
DnsServers List<string>: A list of IP addresses to handle domain resolution.
Suffix string: The domain suffix to match when resolving locally.

Description string: A description of the fallback domain, displayed in the client UI.
DnsServers []string: A list of IP addresses to handle domain resolution.
Suffix string: The domain suffix to match when resolving locally.

description String: A description of the fallback domain, displayed in the client UI.
dnsServers List<String>: A list of IP addresses to handle domain resolution.
suffix String: The domain suffix to match when resolving locally.

description string: A description of the fallback domain, displayed in the client UI.
dnsServers string[]: A list of IP addresses to handle domain resolution.
suffix string: The domain suffix to match when resolving locally.

description str: A description of the fallback domain, displayed in the client UI.
dns_servers Sequence[str]: A list of IP addresses to handle domain resolution.
suffix str: The domain suffix to match when resolving locally.

description String: A description of the fallback domain, displayed in the client UI.
dnsServers List<String>: A list of IP addresses to handle domain resolution.
suffix String: The domain suffix to match when resolving locally.

ZeroTrustDeviceCustomProfileInclude, ZeroTrustDeviceCustomProfileIncludeArgs

Address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to include in the tunnel. If host is present, address must not be present.

Address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to include in the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to include in the tunnel. If host is present, address must not be present.

address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description string: A description of the Split Tunnel item, displayed in the client UI.
host string: The domain name to include in the tunnel. If host is present, address must not be present.

address str: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description str: A description of the Split Tunnel item, displayed in the client UI.
host str: The domain name to include in the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to include in the tunnel. If host is present, address must not be present.

ZeroTrustDeviceCustomProfileServiceModeV2, ZeroTrustDeviceCustomProfileServiceModeV2Args

Mode string: The mode to run the WARP client under.
Port double: The port number when used with proxy mode.

Mode string: The mode to run the WARP client under.
Port float64: The port number when used with proxy mode.

mode String: The mode to run the WARP client under.
port Double: The port number when used with proxy mode.

mode string: The mode to run the WARP client under.
port number: The port number when used with proxy mode.

mode str: The mode to run the WARP client under.
port float: The port number when used with proxy mode.

mode String: The mode to run the WARP client under.
port Number: The port number when used with proxy mode.

ZeroTrustDeviceCustomProfileTargetTest, ZeroTrustDeviceCustomProfileTargetTestArgs

Id string: The id of the DEX test targeting this policy
Name string: The name of the DEX test targeting this policy

Id string: The id of the DEX test targeting this policy
Name string: The name of the DEX test targeting this policy

id String: The id of the DEX test targeting this policy
name String: The name of the DEX test targeting this policy

id string: The id of the DEX test targeting this policy
name string: The name of the DEX test targeting this policy

id str: The id of the DEX test targeting this policy
name str: The name of the DEX test targeting this policy

id String: The id of the DEX test targeting this policy
name String: The name of the DEX test targeting this policy

Import

$ pulumi import cloudflare:index/zeroTrustDeviceCustomProfile:ZeroTrustDeviceCustomProfile example '<account_id>/<policy_id>'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.ZeroTrustDeviceCustomProfile

On this page

On this page

Example Usage

Create ZeroTrustDeviceCustomProfile Resource

Constructor syntax

Parameters

Constructor example

ZeroTrustDeviceCustomProfile Resource Properties

Inputs

Outputs

Look up Existing ZeroTrustDeviceCustomProfile Resource

Supporting Types

ZeroTrustDeviceCustomProfileExclude, ZeroTrustDeviceCustomProfileExcludeArgs

ZeroTrustDeviceCustomProfileFallbackDomain, ZeroTrustDeviceCustomProfileFallbackDomainArgs

ZeroTrustDeviceCustomProfileInclude, ZeroTrustDeviceCustomProfileIncludeArgs

ZeroTrustDeviceCustomProfileServiceModeV2, ZeroTrustDeviceCustomProfileServiceModeV2Args

ZeroTrustDeviceCustomProfileTargetTest, ZeroTrustDeviceCustomProfileTargetTestArgs

Import

Package Details

On this page

On this page