Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides information about the security feature configuration on NSX-T Tier-0 and Tier-1 gateways. It retrieves the current status of North-South traffic security features including IDPS, IDFW, Malware Prevention, and TLS Inspection.
Note: Feature availability varies by gateway type. Tier-0 gateways support only IDPS and IDFW features, while Tier-1 gateways support IDPS, IDFW, Malware Prevention, and TLS features.
Example Usage
Read Security Config for a Tier-1 Gateway
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const tier1Security = nsxt.getPolicyGatewaySecurityConfig({
tier1Id: "test",
});
export const idpsEnabled = tier1Security.then(tier1Security => tier1Security.idpsEnabled);
import pulumi
import pulumi_nsxt as nsxt
tier1_security = nsxt.get_policy_gateway_security_config(tier1_id="test")
pulumi.export("idpsEnabled", tier1_security.idps_enabled)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tier1Security, err := nsxt.LookupPolicyGatewaySecurityConfig(ctx, &nsxt.LookupPolicyGatewaySecurityConfigArgs{
Tier1Id: pulumi.StringRef("test"),
}, nil)
if err != nil {
return err
}
ctx.Export("idpsEnabled", tier1Security.IdpsEnabled)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var tier1Security = Nsxt.GetPolicyGatewaySecurityConfig.Invoke(new()
{
Tier1Id = "test",
});
return new Dictionary<string, object?>
{
["idpsEnabled"] = tier1Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.IdpsEnabled),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyGatewaySecurityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var tier1Security = NsxtFunctions.getPolicyGatewaySecurityConfig(GetPolicyGatewaySecurityConfigArgs.builder()
.tier1Id("test")
.build());
ctx.export("idpsEnabled", tier1Security.idpsEnabled());
}
}
variables:
tier1Security:
fn::invoke:
function: nsxt:getPolicyGatewaySecurityConfig
arguments:
tier1Id: test
outputs:
idpsEnabled: ${tier1Security.idpsEnabled}
Example coming soon!
Read Security Config for a Tier-0 Gateway
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const tier0 = nsxt.getPolicyTier0Gateway({
displayName: "DefaultT0Gateway",
});
const tier0Security = tier0.then(tier0 => nsxt.getPolicyGatewaySecurityConfig({
tier0Id: tier0.id,
}));
export const tier0IdpsEnabled = tier0Security.then(tier0Security => tier0Security.idpsEnabled);
import pulumi
import pulumi_nsxt as nsxt
tier0 = nsxt.get_policy_tier0_gateway(display_name="DefaultT0Gateway")
tier0_security = nsxt.get_policy_gateway_security_config(tier0_id=tier0.id)
pulumi.export("tier0IdpsEnabled", tier0_security.idps_enabled)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tier0, err := nsxt.LookupPolicyTier0Gateway(ctx, &nsxt.LookupPolicyTier0GatewayArgs{
DisplayName: pulumi.StringRef("DefaultT0Gateway"),
}, nil)
if err != nil {
return err
}
tier0Security, err := nsxt.LookupPolicyGatewaySecurityConfig(ctx, &nsxt.LookupPolicyGatewaySecurityConfigArgs{
Tier0Id: pulumi.StringRef(tier0.Id),
}, nil)
if err != nil {
return err
}
ctx.Export("tier0IdpsEnabled", tier0Security.IdpsEnabled)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var tier0 = Nsxt.GetPolicyTier0Gateway.Invoke(new()
{
DisplayName = "DefaultT0Gateway",
});
var tier0Security = Nsxt.GetPolicyGatewaySecurityConfig.Invoke(new()
{
Tier0Id = tier0.Apply(getPolicyTier0GatewayResult => getPolicyTier0GatewayResult.Id),
});
return new Dictionary<string, object?>
{
["tier0IdpsEnabled"] = tier0Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.IdpsEnabled),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyTier0GatewayArgs;
import com.pulumi.nsxt.inputs.GetPolicyGatewaySecurityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var tier0 = NsxtFunctions.getPolicyTier0Gateway(GetPolicyTier0GatewayArgs.builder()
.displayName("DefaultT0Gateway")
.build());
final var tier0Security = NsxtFunctions.getPolicyGatewaySecurityConfig(GetPolicyGatewaySecurityConfigArgs.builder()
.tier0Id(tier0.id())
.build());
ctx.export("tier0IdpsEnabled", tier0Security.idpsEnabled());
}
}
variables:
tier0:
fn::invoke:
function: nsxt:getPolicyTier0Gateway
arguments:
displayName: DefaultT0Gateway
tier0Security:
fn::invoke:
function: nsxt:getPolicyGatewaySecurityConfig
arguments:
tier0Id: ${tier0.id}
outputs:
tier0IdpsEnabled: ${tier0Security.idpsEnabled}
Example coming soon!
Check Security Feature Status Before Creating Policy
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const tier1 = nsxt.getPolicyTier1Gateway({
displayName: "Tier1-GW-01",
});
const tier1Security = tier1.then(tier1 => nsxt.getPolicyGatewaySecurityConfig({
tier1Id: tier1.id,
}));
export const securitySummary = {
idpsEnabled: tier1Security.then(tier1Security => tier1Security.idpsEnabled),
idfwEnabled: tier1Security.then(tier1Security => tier1Security.idfwEnabled),
malwarePreventionEnabled: tier1Security.then(tier1Security => tier1Security.malwarePreventionEnabled),
tlsEnabled: tier1Security.then(tier1Security => tier1Security.tlsEnabled),
};
import pulumi
import pulumi_nsxt as nsxt
tier1 = nsxt.get_policy_tier1_gateway(display_name="Tier1-GW-01")
tier1_security = nsxt.get_policy_gateway_security_config(tier1_id=tier1.id)
pulumi.export("securitySummary", {
"idpsEnabled": tier1_security.idps_enabled,
"idfwEnabled": tier1_security.idfw_enabled,
"malwarePreventionEnabled": tier1_security.malware_prevention_enabled,
"tlsEnabled": tier1_security.tls_enabled,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tier1, err := nsxt.LookupPolicyTier1Gateway(ctx, &nsxt.LookupPolicyTier1GatewayArgs{
DisplayName: pulumi.StringRef("Tier1-GW-01"),
}, nil)
if err != nil {
return err
}
tier1Security, err := nsxt.LookupPolicyGatewaySecurityConfig(ctx, &nsxt.LookupPolicyGatewaySecurityConfigArgs{
Tier1Id: pulumi.StringRef(tier1.Id),
}, nil)
if err != nil {
return err
}
ctx.Export("securitySummary", pulumi.BoolMap{
"idpsEnabled": tier1Security.IdpsEnabled,
"idfwEnabled": tier1Security.IdfwEnabled,
"malwarePreventionEnabled": tier1Security.MalwarePreventionEnabled,
"tlsEnabled": tier1Security.TlsEnabled,
})
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var tier1 = Nsxt.GetPolicyTier1Gateway.Invoke(new()
{
DisplayName = "Tier1-GW-01",
});
var tier1Security = Nsxt.GetPolicyGatewaySecurityConfig.Invoke(new()
{
Tier1Id = tier1.Apply(getPolicyTier1GatewayResult => getPolicyTier1GatewayResult.Id),
});
return new Dictionary<string, object?>
{
["securitySummary"] =
{
{ "idpsEnabled", tier1Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.IdpsEnabled) },
{ "idfwEnabled", tier1Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.IdfwEnabled) },
{ "malwarePreventionEnabled", tier1Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.MalwarePreventionEnabled) },
{ "tlsEnabled", tier1Security.Apply(getPolicyGatewaySecurityConfigResult => getPolicyGatewaySecurityConfigResult.TlsEnabled) },
},
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyTier1GatewayArgs;
import com.pulumi.nsxt.inputs.GetPolicyGatewaySecurityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var tier1 = NsxtFunctions.getPolicyTier1Gateway(GetPolicyTier1GatewayArgs.builder()
.displayName("Tier1-GW-01")
.build());
final var tier1Security = NsxtFunctions.getPolicyGatewaySecurityConfig(GetPolicyGatewaySecurityConfigArgs.builder()
.tier1Id(tier1.id())
.build());
ctx.export("securitySummary", Map.ofEntries(
Map.entry("idpsEnabled", tier1Security.idpsEnabled()),
Map.entry("idfwEnabled", tier1Security.idfwEnabled()),
Map.entry("malwarePreventionEnabled", tier1Security.malwarePreventionEnabled()),
Map.entry("tlsEnabled", tier1Security.tlsEnabled())
));
}
}
variables:
tier1:
fn::invoke:
function: nsxt:getPolicyTier1Gateway
arguments:
displayName: Tier1-GW-01
tier1Security:
fn::invoke:
function: nsxt:getPolicyGatewaySecurityConfig
arguments:
tier1Id: ${tier1.id}
outputs:
securitySummary:
idpsEnabled: ${tier1Security.idpsEnabled}
idfwEnabled: ${tier1Security.idfwEnabled}
malwarePreventionEnabled: ${tier1Security.malwarePreventionEnabled}
tlsEnabled: ${tier1Security.tlsEnabled}
Example coming soon!
See Also
- nsxt.PolicyTier0Gateway data source
- nsxt.PolicyTier1Gateway data source
- nsxt.PolicyGatewaySecurityConfig resource
Using getPolicyGatewaySecurityConfig
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyGatewaySecurityConfig(args: GetPolicyGatewaySecurityConfigArgs, opts?: InvokeOptions): Promise<GetPolicyGatewaySecurityConfigResult>
function getPolicyGatewaySecurityConfigOutput(args: GetPolicyGatewaySecurityConfigOutputArgs, opts?: InvokeOptions): Output<GetPolicyGatewaySecurityConfigResult>def get_policy_gateway_security_config(id: Optional[str] = None,
tier0_id: Optional[str] = None,
tier1_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyGatewaySecurityConfigResult
def get_policy_gateway_security_config_output(id: pulumi.Input[Optional[str]] = None,
tier0_id: pulumi.Input[Optional[str]] = None,
tier1_id: pulumi.Input[Optional[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyGatewaySecurityConfigResult]func LookupPolicyGatewaySecurityConfig(ctx *Context, args *LookupPolicyGatewaySecurityConfigArgs, opts ...InvokeOption) (*LookupPolicyGatewaySecurityConfigResult, error)
func LookupPolicyGatewaySecurityConfigOutput(ctx *Context, args *LookupPolicyGatewaySecurityConfigOutputArgs, opts ...InvokeOption) LookupPolicyGatewaySecurityConfigResultOutput> Note: This function is named LookupPolicyGatewaySecurityConfig in the Go SDK.
public static class GetPolicyGatewaySecurityConfig
{
public static Task<GetPolicyGatewaySecurityConfigResult> InvokeAsync(GetPolicyGatewaySecurityConfigArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyGatewaySecurityConfigResult> Invoke(GetPolicyGatewaySecurityConfigInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyGatewaySecurityConfigResult> getPolicyGatewaySecurityConfig(GetPolicyGatewaySecurityConfigArgs args, InvokeOptions options)
public static Output<GetPolicyGatewaySecurityConfigResult> getPolicyGatewaySecurityConfig(GetPolicyGatewaySecurityConfigArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyGatewaySecurityConfig:getPolicyGatewaySecurityConfig
arguments:
# arguments dictionarydata "nsxt_getpolicygatewaysecurityconfig" "name" {
# arguments
}The following arguments are supported:
getPolicyGatewaySecurityConfig Result
The following output properties are available:
- Id string
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - Idfw
Enabled bool - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- Idps
Enabled bool - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- Malware
Prevention boolEnabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - Path string
- The NSX path of the gateway security configuration.
- Tls
Enabled bool - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - Tier0Id string
- Tier1Id string
- Id string
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - Idfw
Enabled bool - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- Idps
Enabled bool - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- Malware
Prevention boolEnabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - Path string
- The NSX path of the gateway security configuration.
- Tls
Enabled bool - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - Tier0Id string
- Tier1Id string
- id string
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - idfw_
enabled bool - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- idps_
enabled bool - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- malware_
prevention_ boolenabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - path string
- The NSX path of the gateway security configuration.
- tls_
enabled bool - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - tier0_
id string - tier1_
id string
- id String
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - idfw
Enabled Boolean - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- idps
Enabled Boolean - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- malware
Prevention BooleanEnabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - path String
- The NSX path of the gateway security configuration.
- tls
Enabled Boolean - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - tier0Id String
- tier1Id String
- id string
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - idfw
Enabled boolean - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- idps
Enabled boolean - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- malware
Prevention booleanEnabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - path string
- The NSX path of the gateway security configuration.
- tls
Enabled boolean - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - tier0Id string
- tier1Id string
- id str
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - idfw_
enabled bool - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- idps_
enabled bool - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- malware_
prevention_ boolenabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - path str
- The NSX path of the gateway security configuration.
- tls_
enabled bool - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - tier0_
id str - tier1_
id str
- id String
- The data source ID in the format
tier0/<gateway-id>ortier1/<gateway-id>. - idfw
Enabled Boolean - Whether Identity Firewall (IDFW) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- idps
Enabled Boolean - Whether Intrusion Detection and Prevention System (IDPS) is enabled on the gateway. Supported on both Tier-0 and Tier-1 gateways.
- malware
Prevention BooleanEnabled - Whether Malware Prevention is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - path String
- The NSX path of the gateway security configuration.
- tls
Enabled Boolean - Whether TLS (Transport Layer Security) Inspection is enabled on the gateway. Only supported on Tier-1 gateways (always
falsefor Tier-0). - tier0Id String
- tier1Id String
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware