nsxt 3.11.0 published on Monday, Dec 15, 2025 by vmware
nsxt 3.11.0 published on Monday, Dec 15, 2025 by vmware
This resource provides a method for adding rules for Gateway Policy.
This resource is applicable to NSX Global Manager and NSX Policy Manager.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const predefined = nsxt.getPolicyGatewayPolicy({
displayName: "tf-gw-policy",
});
const t0Pepsi = nsxt.getPolicyTier0Gateway({
displayName: "pepsi",
});
const rule1 = new nsxt.PolicyGatewayPolicyRule("rule1", {
displayName: "rule2",
description: "Terraform provisioned gateway Policy Rule",
policyPath: predefined.then(predefined => predefined.path),
sequenceNumber: 1,
destinationGroups: [
cats.path,
dogs.path,
],
action: "DROP",
logged: true,
scopes: [t0Pepsi.then(t0Pepsi => t0Pepsi.path)],
});
import pulumi
import pulumi_nsxt as nsxt
predefined = nsxt.get_policy_gateway_policy(display_name="tf-gw-policy")
t0_pepsi = nsxt.get_policy_tier0_gateway(display_name="pepsi")
rule1 = nsxt.PolicyGatewayPolicyRule("rule1",
display_name="rule2",
description="Terraform provisioned gateway Policy Rule",
policy_path=predefined.path,
sequence_number=1,
destination_groups=[
cats["path"],
dogs["path"],
],
action="DROP",
logged=True,
scopes=[t0_pepsi.path])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
predefined, err := nsxt.LookupPolicyGatewayPolicy(ctx, &nsxt.LookupPolicyGatewayPolicyArgs{
DisplayName: pulumi.StringRef("tf-gw-policy"),
}, nil)
if err != nil {
return err
}
t0Pepsi, err := nsxt.LookupPolicyTier0Gateway(ctx, &nsxt.LookupPolicyTier0GatewayArgs{
DisplayName: pulumi.StringRef("pepsi"),
}, nil)
if err != nil {
return err
}
_, err = nsxt.NewPolicyGatewayPolicyRule(ctx, "rule1", &nsxt.PolicyGatewayPolicyRuleArgs{
DisplayName: pulumi.String("rule2"),
Description: pulumi.String("Terraform provisioned gateway Policy Rule"),
PolicyPath: pulumi.String(predefined.Path),
SequenceNumber: pulumi.Float64(1),
DestinationGroups: pulumi.StringArray{
cats.Path,
dogs.Path,
},
Action: pulumi.String("DROP"),
Logged: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String(t0Pepsi.Path),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var predefined = Nsxt.GetPolicyGatewayPolicy.Invoke(new()
{
DisplayName = "tf-gw-policy",
});
var t0Pepsi = Nsxt.GetPolicyTier0Gateway.Invoke(new()
{
DisplayName = "pepsi",
});
var rule1 = new Nsxt.PolicyGatewayPolicyRule("rule1", new()
{
DisplayName = "rule2",
Description = "Terraform provisioned gateway Policy Rule",
PolicyPath = predefined.Apply(getPolicyGatewayPolicyResult => getPolicyGatewayPolicyResult.Path),
SequenceNumber = 1,
DestinationGroups = new[]
{
cats.Path,
dogs.Path,
},
Action = "DROP",
Logged = true,
Scopes = new[]
{
t0Pepsi.Apply(getPolicyTier0GatewayResult => getPolicyTier0GatewayResult.Path),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyGatewayPolicyArgs;
import com.pulumi.nsxt.inputs.GetPolicyTier0GatewayArgs;
import com.pulumi.nsxt.PolicyGatewayPolicyRule;
import com.pulumi.nsxt.PolicyGatewayPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var predefined = NsxtFunctions.getPolicyGatewayPolicy(GetPolicyGatewayPolicyArgs.builder()
.displayName("tf-gw-policy")
.build());
final var t0Pepsi = NsxtFunctions.getPolicyTier0Gateway(GetPolicyTier0GatewayArgs.builder()
.displayName("pepsi")
.build());
var rule1 = new PolicyGatewayPolicyRule("rule1", PolicyGatewayPolicyRuleArgs.builder()
.displayName("rule2")
.description("Terraform provisioned gateway Policy Rule")
.policyPath(predefined.path())
.sequenceNumber(1.0)
.destinationGroups(
cats.path(),
dogs.path())
.action("DROP")
.logged(true)
.scopes(t0Pepsi.path())
.build());
}
}
resources:
rule1:
type: nsxt:PolicyGatewayPolicyRule
properties:
displayName: rule2
description: Terraform provisioned gateway Policy Rule
policyPath: ${predefined.path}
sequenceNumber: 1
destinationGroups:
- ${cats.path}
- ${dogs.path}
action: DROP
logged: true
scopes:
- ${t0Pepsi.path}
variables:
predefined:
fn::invoke:
function: nsxt:getPolicyGatewayPolicy
arguments:
displayName: tf-gw-policy
t0Pepsi:
fn::invoke:
function: nsxt:getPolicyTier0Gateway
arguments:
displayName: pepsi
Create PolicyGatewayPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyGatewayPolicyRule(name: string, args: PolicyGatewayPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def PolicyGatewayPolicyRule(resource_name: str,
args: PolicyGatewayPolicyRuleInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyGatewayPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
sequence_number: Optional[float] = None,
policy_path: Optional[str] = None,
logged: Optional[bool] = None,
nsx_id: Optional[str] = None,
direction: Optional[str] = None,
disabled: Optional[bool] = None,
destination_groups: Optional[Sequence[str]] = None,
ip_version: Optional[str] = None,
log_label: Optional[str] = None,
action: Optional[str] = None,
notes: Optional[str] = None,
destinations_excluded: Optional[bool] = None,
policy_gateway_policy_rule_id: Optional[str] = None,
description: Optional[str] = None,
profiles: Optional[Sequence[str]] = None,
scopes: Optional[Sequence[str]] = None,
context: Optional[PolicyGatewayPolicyRuleContextArgs] = None,
service_entries: Optional[PolicyGatewayPolicyRuleServiceEntriesArgs] = None,
services: Optional[Sequence[str]] = None,
source_groups: Optional[Sequence[str]] = None,
sources_excluded: Optional[bool] = None,
tags: Optional[Sequence[PolicyGatewayPolicyRuleTagArgs]] = None)func NewPolicyGatewayPolicyRule(ctx *Context, name string, args PolicyGatewayPolicyRuleArgs, opts ...ResourceOption) (*PolicyGatewayPolicyRule, error)public PolicyGatewayPolicyRule(string name, PolicyGatewayPolicyRuleArgs args, CustomResourceOptions? opts = null)
public PolicyGatewayPolicyRule(String name, PolicyGatewayPolicyRuleArgs args)
public PolicyGatewayPolicyRule(String name, PolicyGatewayPolicyRuleArgs args, CustomResourceOptions options)
type: nsxt:PolicyGatewayPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyGatewayPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyGatewayPolicyRuleInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyGatewayPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyGatewayPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyGatewayPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyGatewayPolicyRuleResource = new Nsxt.PolicyGatewayPolicyRule("policyGatewayPolicyRuleResource", new()
{
DisplayName = "string",
SequenceNumber = 0,
PolicyPath = "string",
Logged = false,
NsxId = "string",
Direction = "string",
Disabled = false,
DestinationGroups = new[]
{
"string",
},
IpVersion = "string",
LogLabel = "string",
Action = "string",
Notes = "string",
DestinationsExcluded = false,
PolicyGatewayPolicyRuleId = "string",
Description = "string",
Profiles = new[]
{
"string",
},
Scopes = new[]
{
"string",
},
Context = new Nsxt.Inputs.PolicyGatewayPolicyRuleContextArgs
{
ProjectId = "string",
},
ServiceEntries = new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesArgs
{
AlgorithmEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntryArgs
{
Algorithm = "string",
DestinationPort = "string",
Description = "string",
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
EtherTypeEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntryArgs
{
EtherType = 0,
Description = "string",
DisplayName = "string",
},
},
IcmpEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesIcmpEntryArgs
{
Protocol = "string",
Description = "string",
DisplayName = "string",
IcmpCode = "string",
IcmpType = "string",
},
},
IgmpEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesIgmpEntryArgs
{
Description = "string",
DisplayName = "string",
},
},
IpProtocolEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntryArgs
{
Protocol = 0,
Description = "string",
DisplayName = "string",
},
},
L4PortSetEntries = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntryArgs
{
Protocol = "string",
Description = "string",
DestinationPorts = new[]
{
"string",
},
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
},
Services = new[]
{
"string",
},
SourceGroups = new[]
{
"string",
},
SourcesExcluded = false,
Tags = new[]
{
new Nsxt.Inputs.PolicyGatewayPolicyRuleTagArgs
{
Scope = "string",
Tag = "string",
},
},
});
example, err := nsxt.NewPolicyGatewayPolicyRule(ctx, "policyGatewayPolicyRuleResource", &nsxt.PolicyGatewayPolicyRuleArgs{
DisplayName: pulumi.String("string"),
SequenceNumber: pulumi.Float64(0),
PolicyPath: pulumi.String("string"),
Logged: pulumi.Bool(false),
NsxId: pulumi.String("string"),
Direction: pulumi.String("string"),
Disabled: pulumi.Bool(false),
DestinationGroups: pulumi.StringArray{
pulumi.String("string"),
},
IpVersion: pulumi.String("string"),
LogLabel: pulumi.String("string"),
Action: pulumi.String("string"),
Notes: pulumi.String("string"),
DestinationsExcluded: pulumi.Bool(false),
PolicyGatewayPolicyRuleId: pulumi.String("string"),
Description: pulumi.String("string"),
Profiles: pulumi.StringArray{
pulumi.String("string"),
},
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Context: &nsxt.PolicyGatewayPolicyRuleContextArgs{
ProjectId: pulumi.String("string"),
},
ServiceEntries: &nsxt.PolicyGatewayPolicyRuleServiceEntriesArgs{
AlgorithmEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntryArgs{
Algorithm: pulumi.String("string"),
DestinationPort: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EtherTypeEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntryArgs{
EtherType: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IcmpEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesIcmpEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesIcmpEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
IcmpCode: pulumi.String("string"),
IcmpType: pulumi.String("string"),
},
},
IgmpEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesIgmpEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesIgmpEntryArgs{
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IpProtocolEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntryArgs{
Protocol: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
L4PortSetEntries: nsxt.PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntryArray{
&nsxt.PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceGroups: pulumi.StringArray{
pulumi.String("string"),
},
SourcesExcluded: pulumi.Bool(false),
Tags: nsxt.PolicyGatewayPolicyRuleTagArray{
&nsxt.PolicyGatewayPolicyRuleTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
})
var policyGatewayPolicyRuleResource = new PolicyGatewayPolicyRule("policyGatewayPolicyRuleResource", PolicyGatewayPolicyRuleArgs.builder()
.displayName("string")
.sequenceNumber(0.0)
.policyPath("string")
.logged(false)
.nsxId("string")
.direction("string")
.disabled(false)
.destinationGroups("string")
.ipVersion("string")
.logLabel("string")
.action("string")
.notes("string")
.destinationsExcluded(false)
.policyGatewayPolicyRuleId("string")
.description("string")
.profiles("string")
.scopes("string")
.context(PolicyGatewayPolicyRuleContextArgs.builder()
.projectId("string")
.build())
.serviceEntries(PolicyGatewayPolicyRuleServiceEntriesArgs.builder()
.algorithmEntries(PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntryArgs.builder()
.algorithm("string")
.destinationPort("string")
.description("string")
.displayName("string")
.sourcePorts("string")
.build())
.etherTypeEntries(PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntryArgs.builder()
.etherType(0.0)
.description("string")
.displayName("string")
.build())
.icmpEntries(PolicyGatewayPolicyRuleServiceEntriesIcmpEntryArgs.builder()
.protocol("string")
.description("string")
.displayName("string")
.icmpCode("string")
.icmpType("string")
.build())
.igmpEntries(PolicyGatewayPolicyRuleServiceEntriesIgmpEntryArgs.builder()
.description("string")
.displayName("string")
.build())
.ipProtocolEntries(PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntryArgs.builder()
.protocol(0.0)
.description("string")
.displayName("string")
.build())
.l4PortSetEntries(PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntryArgs.builder()
.protocol("string")
.description("string")
.destinationPorts("string")
.displayName("string")
.sourcePorts("string")
.build())
.build())
.services("string")
.sourceGroups("string")
.sourcesExcluded(false)
.tags(PolicyGatewayPolicyRuleTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build());
policy_gateway_policy_rule_resource = nsxt.PolicyGatewayPolicyRule("policyGatewayPolicyRuleResource",
display_name="string",
sequence_number=0,
policy_path="string",
logged=False,
nsx_id="string",
direction="string",
disabled=False,
destination_groups=["string"],
ip_version="string",
log_label="string",
action="string",
notes="string",
destinations_excluded=False,
policy_gateway_policy_rule_id="string",
description="string",
profiles=["string"],
scopes=["string"],
context={
"project_id": "string",
},
service_entries={
"algorithm_entries": [{
"algorithm": "string",
"destination_port": "string",
"description": "string",
"display_name": "string",
"source_ports": ["string"],
}],
"ether_type_entries": [{
"ether_type": 0,
"description": "string",
"display_name": "string",
}],
"icmp_entries": [{
"protocol": "string",
"description": "string",
"display_name": "string",
"icmp_code": "string",
"icmp_type": "string",
}],
"igmp_entries": [{
"description": "string",
"display_name": "string",
}],
"ip_protocol_entries": [{
"protocol": 0,
"description": "string",
"display_name": "string",
}],
"l4_port_set_entries": [{
"protocol": "string",
"description": "string",
"destination_ports": ["string"],
"display_name": "string",
"source_ports": ["string"],
}],
},
services=["string"],
source_groups=["string"],
sources_excluded=False,
tags=[{
"scope": "string",
"tag": "string",
}])
const policyGatewayPolicyRuleResource = new nsxt.PolicyGatewayPolicyRule("policyGatewayPolicyRuleResource", {
displayName: "string",
sequenceNumber: 0,
policyPath: "string",
logged: false,
nsxId: "string",
direction: "string",
disabled: false,
destinationGroups: ["string"],
ipVersion: "string",
logLabel: "string",
action: "string",
notes: "string",
destinationsExcluded: false,
policyGatewayPolicyRuleId: "string",
description: "string",
profiles: ["string"],
scopes: ["string"],
context: {
projectId: "string",
},
serviceEntries: {
algorithmEntries: [{
algorithm: "string",
destinationPort: "string",
description: "string",
displayName: "string",
sourcePorts: ["string"],
}],
etherTypeEntries: [{
etherType: 0,
description: "string",
displayName: "string",
}],
icmpEntries: [{
protocol: "string",
description: "string",
displayName: "string",
icmpCode: "string",
icmpType: "string",
}],
igmpEntries: [{
description: "string",
displayName: "string",
}],
ipProtocolEntries: [{
protocol: 0,
description: "string",
displayName: "string",
}],
l4PortSetEntries: [{
protocol: "string",
description: "string",
destinationPorts: ["string"],
displayName: "string",
sourcePorts: ["string"],
}],
},
services: ["string"],
sourceGroups: ["string"],
sourcesExcluded: false,
tags: [{
scope: "string",
tag: "string",
}],
});
type: nsxt:PolicyGatewayPolicyRule
properties:
action: string
context:
projectId: string
description: string
destinationGroups:
- string
destinationsExcluded: false
direction: string
disabled: false
displayName: string
ipVersion: string
logLabel: string
logged: false
notes: string
nsxId: string
policyGatewayPolicyRuleId: string
policyPath: string
profiles:
- string
scopes:
- string
sequenceNumber: 0
serviceEntries:
algorithmEntries:
- algorithm: string
description: string
destinationPort: string
displayName: string
sourcePorts:
- string
etherTypeEntries:
- description: string
displayName: string
etherType: 0
icmpEntries:
- description: string
displayName: string
icmpCode: string
icmpType: string
protocol: string
igmpEntries:
- description: string
displayName: string
ipProtocolEntries:
- description: string
displayName: string
protocol: 0
l4PortSetEntries:
- description: string
destinationPorts:
- string
displayName: string
protocol: string
sourcePorts:
- string
services:
- string
sourceGroups:
- string
sourcesExcluded: false
tags:
- scope: string
tag: string
PolicyGatewayPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyGatewayPolicyRule resource accepts the following input properties:
- Display
Name string - Display name of the resource.
- Policy
Path string - Security or Gateway Policy path
- Sequence
Number double - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - Context
Policy
Gateway Policy Rule Context - Resource context
- Description string
- Description of the resource.
- Destination
Groups List<string> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Policy
Gateway stringPolicy Rule Id - Profiles List<string>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- Scopes List<string>
- List of policy paths where the rule is applied.
- Service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- Services List<string>
- List of services to match.
- Source
Groups List<string> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
List<Policy
Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- Display
Name string - Display name of the resource.
- Policy
Path string - Security or Gateway Policy path
- Sequence
Number float64 - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - Context
Policy
Gateway Policy Rule Context Args - Resource context
- Description string
- Description of the resource.
- Destination
Groups []string - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Policy
Gateway stringPolicy Rule Id - Profiles []string
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- Scopes []string
- List of policy paths where the rule is applied.
- Service
Entries PolicyGateway Policy Rule Service Entries Args - Set of explicit protocol/port service definition
- Services []string
- List of services to match.
- Source
Groups []string - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
[]Policy
Gateway Policy Rule Tag Args - A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- policy
Path String - Security or Gateway Policy path
- sequence
Number Double - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context - Resource context
- description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- policy
Gateway StringPolicy Rule Id - profiles List<String>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- scopes List<String>
- List of policy paths where the rule is applied.
- service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
-
List<Policy
Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- display
Name string - Display name of the resource.
- policy
Path string - Security or Gateway Policy path
- sequence
Number number - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context - Resource context
- description string
- Description of the resource.
- destination
Groups string[] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded boolean - A boolean value indicating negation of destination groups.
- direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label string - Additional information (string) which will be propagated to the rule syslog.
- logged boolean
- A boolean flag to enable packet logging.
- notes string
- Text for additional notes on changes for the rule.
- nsx
Id string - NSX ID for this resource
- policy
Gateway stringPolicy Rule Id - profiles string[]
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- scopes string[]
- List of policy paths where the rule is applied.
- service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- services string[]
- List of services to match.
- source
Groups string[] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded boolean - Negation of source groups
-
Policy
Gateway Policy Rule Tag[] - A list of scope + tag pairs to associate with this Rule.
- display_
name str - Display name of the resource.
- policy_
path str - Security or Gateway Policy path
- sequence_
number float - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- action str
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context Args - Resource context
- description str
- Description of the resource.
- destination_
groups Sequence[str] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations_
excluded bool - A boolean value indicating negation of destination groups.
- direction str
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip_
version str - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log_
label str - Additional information (string) which will be propagated to the rule syslog.
- logged bool
- A boolean flag to enable packet logging.
- notes str
- Text for additional notes on changes for the rule.
- nsx_
id str - NSX ID for this resource
- policy_
gateway_ strpolicy_ rule_ id - profiles Sequence[str]
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- scopes Sequence[str]
- List of policy paths where the rule is applied.
- service_
entries PolicyGateway Policy Rule Service Entries Args - Set of explicit protocol/port service definition
- services Sequence[str]
- List of services to match.
- source_
groups Sequence[str] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources_
excluded bool - Negation of source groups
-
Sequence[Policy
Gateway Policy Rule Tag Args] - A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- policy
Path String - Security or Gateway Policy path
- sequence
Number Number - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context Property Map
- Resource context
- description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- policy
Gateway StringPolicy Rule Id - profiles List<String>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- scopes List<String>
- List of policy paths where the rule is applied.
- service
Entries Property Map - Set of explicit protocol/port service definition
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
- List<Property Map>
- A list of scope + tag pairs to associate with this Rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyGatewayPolicyRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- The NSX path of the policy resource.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id double - Unique positive number that is assigned by the system and is useful for debugging.
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- The NSX path of the policy resource.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id float64 - Unique positive number that is assigned by the system and is useful for debugging.
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- The NSX path of the policy resource.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Double - Unique positive number that is assigned by the system and is useful for debugging.
- id string
- The provider-assigned unique ID for this managed resource.
- path string
- The NSX path of the policy resource.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id number - Unique positive number that is assigned by the system and is useful for debugging.
- id str
- The provider-assigned unique ID for this managed resource.
- path str
- The NSX path of the policy resource.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule_
id float - Unique positive number that is assigned by the system and is useful for debugging.
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- The NSX path of the policy resource.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Number - Unique positive number that is assigned by the system and is useful for debugging.
Look up Existing PolicyGatewayPolicyRule Resource
Get an existing PolicyGatewayPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyGatewayPolicyRuleState, opts?: CustomResourceOptions): PolicyGatewayPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
context: Optional[PolicyGatewayPolicyRuleContextArgs] = None,
description: Optional[str] = None,
destination_groups: Optional[Sequence[str]] = None,
destinations_excluded: Optional[bool] = None,
direction: Optional[str] = None,
disabled: Optional[bool] = None,
display_name: Optional[str] = None,
ip_version: Optional[str] = None,
log_label: Optional[str] = None,
logged: Optional[bool] = None,
notes: Optional[str] = None,
nsx_id: Optional[str] = None,
path: Optional[str] = None,
policy_gateway_policy_rule_id: Optional[str] = None,
policy_path: Optional[str] = None,
profiles: Optional[Sequence[str]] = None,
revision: Optional[float] = None,
rule_id: Optional[float] = None,
scopes: Optional[Sequence[str]] = None,
sequence_number: Optional[float] = None,
service_entries: Optional[PolicyGatewayPolicyRuleServiceEntriesArgs] = None,
services: Optional[Sequence[str]] = None,
source_groups: Optional[Sequence[str]] = None,
sources_excluded: Optional[bool] = None,
tags: Optional[Sequence[PolicyGatewayPolicyRuleTagArgs]] = None) -> PolicyGatewayPolicyRulefunc GetPolicyGatewayPolicyRule(ctx *Context, name string, id IDInput, state *PolicyGatewayPolicyRuleState, opts ...ResourceOption) (*PolicyGatewayPolicyRule, error)public static PolicyGatewayPolicyRule Get(string name, Input<string> id, PolicyGatewayPolicyRuleState? state, CustomResourceOptions? opts = null)public static PolicyGatewayPolicyRule get(String name, Output<String> id, PolicyGatewayPolicyRuleState state, CustomResourceOptions options)resources: _: type: nsxt:PolicyGatewayPolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - Context
Policy
Gateway Policy Rule Context - Resource context
- Description string
- Description of the resource.
- Destination
Groups List<string> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Display
Name string - Display name of the resource.
- Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Path string
- The NSX path of the policy resource.
- Policy
Gateway stringPolicy Rule Id - Policy
Path string - Security or Gateway Policy path
- Profiles List<string>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id double - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes List<string>
- List of policy paths where the rule is applied.
- Sequence
Number double - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- Service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- Services List<string>
- List of services to match.
- Source
Groups List<string> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
List<Policy
Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - Context
Policy
Gateway Policy Rule Context Args - Resource context
- Description string
- Description of the resource.
- Destination
Groups []string - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Display
Name string - Display name of the resource.
- Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Path string
- The NSX path of the policy resource.
- Policy
Gateway stringPolicy Rule Id - Policy
Path string - Security or Gateway Policy path
- Profiles []string
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id float64 - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes []string
- List of policy paths where the rule is applied.
- Sequence
Number float64 - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- Service
Entries PolicyGateway Policy Rule Service Entries Args - Set of explicit protocol/port service definition
- Services []string
- List of services to match.
- Source
Groups []string - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
[]Policy
Gateway Policy Rule Tag Args - A list of scope + tag pairs to associate with this Rule.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context - Resource context
- description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - display
Name String - Display name of the resource.
- ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- path String
- The NSX path of the policy resource.
- policy
Gateway StringPolicy Rule Id - policy
Path String - Security or Gateway Policy path
- profiles List<String>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Double - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy paths where the rule is applied.
- sequence
Number Double - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
-
List<Policy
Gateway Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context - Resource context
- description string
- Description of the resource.
- destination
Groups string[] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded boolean - A boolean value indicating negation of destination groups.
- direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - display
Name string - Display name of the resource.
- ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label string - Additional information (string) which will be propagated to the rule syslog.
- logged boolean
- A boolean flag to enable packet logging.
- notes string
- Text for additional notes on changes for the rule.
- nsx
Id string - NSX ID for this resource
- path string
- The NSX path of the policy resource.
- policy
Gateway stringPolicy Rule Id - policy
Path string - Security or Gateway Policy path
- profiles string[]
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes string[]
- List of policy paths where the rule is applied.
- sequence
Number number - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- service
Entries PolicyGateway Policy Rule Service Entries - Set of explicit protocol/port service definition
- services string[]
- List of services to match.
- source
Groups string[] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded boolean - Negation of source groups
-
Policy
Gateway Policy Rule Tag[] - A list of scope + tag pairs to associate with this Rule.
- action str
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context
Policy
Gateway Policy Rule Context Args - Resource context
- description str
- Description of the resource.
- destination_
groups Sequence[str] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations_
excluded bool - A boolean value indicating negation of destination groups.
- direction str
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - display_
name str - Display name of the resource.
- ip_
version str - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log_
label str - Additional information (string) which will be propagated to the rule syslog.
- logged bool
- A boolean flag to enable packet logging.
- notes str
- Text for additional notes on changes for the rule.
- nsx_
id str - NSX ID for this resource
- path str
- The NSX path of the policy resource.
- policy_
gateway_ strpolicy_ rule_ id - policy_
path str - Security or Gateway Policy path
- profiles Sequence[str]
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule_
id float - Unique positive number that is assigned by the system and is useful for debugging.
- scopes Sequence[str]
- List of policy paths where the rule is applied.
- sequence_
number float - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- service_
entries PolicyGateway Policy Rule Service Entries Args - Set of explicit protocol/port service definition
- services Sequence[str]
- List of services to match.
- source_
groups Sequence[str] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources_
excluded bool - Negation of source groups
-
Sequence[Policy
Gateway Policy Rule Tag Args] - A list of scope + tag pairs to associate with this Rule.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. - context Property Map
- Resource context
- description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - display
Name String - Display name of the resource.
- ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- path String
- The NSX path of the policy resource.
- policy
Gateway StringPolicy Rule Id - policy
Path String - Security or Gateway Policy path
- profiles List<String>
- A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy paths where the rule is applied.
- sequence
Number Number - It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
- service
Entries Property Map - Set of explicit protocol/port service definition
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
- List<Property Map>
- A list of scope + tag pairs to associate with this Rule.
Supporting Types
PolicyGatewayPolicyRuleContext, PolicyGatewayPolicyRuleContextArgs
- Project
Id string - Id of the project which the resource belongs to.
- Project
Id string - Id of the project which the resource belongs to.
- project
Id String - Id of the project which the resource belongs to.
- project
Id string - Id of the project which the resource belongs to.
- project_
id str - Id of the project which the resource belongs to.
- project
Id String - Id of the project which the resource belongs to.
PolicyGatewayPolicyRuleServiceEntries, PolicyGatewayPolicyRuleServiceEntriesArgs
- Algorithm
Entries List<PolicyGateway Policy Rule Service Entries Algorithm Entry> - Set of Algorithm type service entries
- Ether
Type List<PolicyEntries Gateway Policy Rule Service Entries Ether Type Entry> - Set of Ether type service entries
- Icmp
Entries List<PolicyGateway Policy Rule Service Entries Icmp Entry> - Set of ICMP type service entries
- Igmp
Entries List<PolicyGateway Policy Rule Service Entries Igmp Entry> - Set of IGMP type service entries
- Ip
Protocol List<PolicyEntries Gateway Policy Rule Service Entries Ip Protocol Entry> - Set of IP Protocol type service entries
- L4Port
Set List<PolicyEntries Gateway Policy Rule Service Entries L4Port Set Entry> - Set of L4 ports set service entries
- Algorithm
Entries []PolicyGateway Policy Rule Service Entries Algorithm Entry - Set of Algorithm type service entries
- Ether
Type []PolicyEntries Gateway Policy Rule Service Entries Ether Type Entry - Set of Ether type service entries
- Icmp
Entries []PolicyGateway Policy Rule Service Entries Icmp Entry - Set of ICMP type service entries
- Igmp
Entries []PolicyGateway Policy Rule Service Entries Igmp Entry - Set of IGMP type service entries
- Ip
Protocol []PolicyEntries Gateway Policy Rule Service Entries Ip Protocol Entry - Set of IP Protocol type service entries
- L4Port
Set []PolicyEntries Gateway Policy Rule Service Entries L4Port Set Entry - Set of L4 ports set service entries
- algorithm
Entries List<PolicyGateway Policy Rule Service Entries Algorithm Entry> - Set of Algorithm type service entries
- ether
Type List<PolicyEntries Gateway Policy Rule Service Entries Ether Type Entry> - Set of Ether type service entries
- icmp
Entries List<PolicyGateway Policy Rule Service Entries Icmp Entry> - Set of ICMP type service entries
- igmp
Entries List<PolicyGateway Policy Rule Service Entries Igmp Entry> - Set of IGMP type service entries
- ip
Protocol List<PolicyEntries Gateway Policy Rule Service Entries Ip Protocol Entry> - Set of IP Protocol type service entries
- l4Port
Set List<PolicyEntries Gateway Policy Rule Service Entries L4Port Set Entry> - Set of L4 ports set service entries
- algorithm
Entries PolicyGateway Policy Rule Service Entries Algorithm Entry[] - Set of Algorithm type service entries
- ether
Type PolicyEntries Gateway Policy Rule Service Entries Ether Type Entry[] - Set of Ether type service entries
- icmp
Entries PolicyGateway Policy Rule Service Entries Icmp Entry[] - Set of ICMP type service entries
- igmp
Entries PolicyGateway Policy Rule Service Entries Igmp Entry[] - Set of IGMP type service entries
- ip
Protocol PolicyEntries Gateway Policy Rule Service Entries Ip Protocol Entry[] - Set of IP Protocol type service entries
- l4Port
Set PolicyEntries Gateway Policy Rule Service Entries L4Port Set Entry[] - Set of L4 ports set service entries
- algorithm_
entries Sequence[PolicyGateway Policy Rule Service Entries Algorithm Entry] - Set of Algorithm type service entries
- ether_
type_ Sequence[Policyentries Gateway Policy Rule Service Entries Ether Type Entry] - Set of Ether type service entries
- icmp_
entries Sequence[PolicyGateway Policy Rule Service Entries Icmp Entry] - Set of ICMP type service entries
- igmp_
entries Sequence[PolicyGateway Policy Rule Service Entries Igmp Entry] - Set of IGMP type service entries
- ip_
protocol_ Sequence[Policyentries Gateway Policy Rule Service Entries Ip Protocol Entry] - Set of IP Protocol type service entries
- l4_
port_ Sequence[Policyset_ entries Gateway Policy Rule Service Entries L4Port Set Entry] - Set of L4 ports set service entries
- algorithm
Entries List<Property Map> - Set of Algorithm type service entries
- ether
Type List<Property Map>Entries - Set of Ether type service entries
- icmp
Entries List<Property Map> - Set of ICMP type service entries
- igmp
Entries List<Property Map> - Set of IGMP type service entries
- ip
Protocol List<Property Map>Entries - Set of IP Protocol type service entries
- l4Port
Set List<Property Map>Entries - Set of L4 ports set service entries
PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntry, PolicyGatewayPolicyRuleServiceEntriesAlgorithmEntryArgs
- Algorithm string
- Algorithm:
FTPorTFTP - Destination
Port string - a single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Source
Ports List<string> - Set of source ports/ranges
- Algorithm string
- Algorithm:
FTPorTFTP - Destination
Port string - a single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Source
Ports []string - Set of source ports/ranges
- algorithm String
- Algorithm:
FTPorTFTP - destination
Port String - a single destination port
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
- source
Ports List<String> - Set of source ports/ranges
- algorithm string
- Algorithm:
FTPorTFTP - destination
Port string - a single destination port
- description string
- Description of the resource.
- display
Name string - Display name of the service entry
- source
Ports string[] - Set of source ports/ranges
- algorithm str
- Algorithm:
FTPorTFTP - destination_
port str - a single destination port
- description str
- Description of the resource.
- display_
name str - Display name of the service entry
- source_
ports Sequence[str] - Set of source ports/ranges
- algorithm String
- Algorithm:
FTPorTFTP - destination
Port String - a single destination port
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
- source
Ports List<String> - Set of source ports/ranges
PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntry, PolicyGatewayPolicyRuleServiceEntriesEtherTypeEntryArgs
- Ether
Type double - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Ether
Type float64 - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- ether
Type Double - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
- ether
Type number - Type of the encapsulated protocol
- description string
- Description of the resource.
- display
Name string - Display name of the service entry
- ether_
type float - Type of the encapsulated protocol
- description str
- Description of the resource.
- display_
name str - Display name of the service entry
- ether
Type Number - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
PolicyGatewayPolicyRuleServiceEntriesIcmpEntry, PolicyGatewayPolicyRuleServiceEntriesIcmpEntryArgs
- Protocol string
- Version of ICMP protocol:
ICMPv4orICMPv6 - Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- Protocol string
- Version of ICMP protocol:
ICMPv4orICMPv6 - Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- protocol String
- Version of ICMP protocol:
ICMPv4orICMPv6 - description String
- Description of the resource.
- display
Name String - Display name of the service entry
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
- protocol string
- Version of ICMP protocol:
ICMPv4orICMPv6 - description string
- Description of the resource.
- display
Name string - Display name of the service entry
- icmp
Code string - ICMP message code
- icmp
Type string - ICMP message type
- protocol str
- Version of ICMP protocol:
ICMPv4orICMPv6 - description str
- Description of the resource.
- display_
name str - Display name of the service entry
- icmp_
code str - ICMP message code
- icmp_
type str - ICMP message type
- protocol String
- Version of ICMP protocol:
ICMPv4orICMPv6 - description String
- Description of the resource.
- display
Name String - Display name of the service entry
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
PolicyGatewayPolicyRuleServiceEntriesIgmpEntry, PolicyGatewayPolicyRuleServiceEntriesIgmpEntryArgs
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
- description string
- Description of the resource.
- display
Name string - Display name of the service entry
- description str
- Description of the resource.
- display_
name str - Display name of the service entry
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntry, PolicyGatewayPolicyRuleServiceEntriesIpProtocolEntryArgs
- Protocol double
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- Protocol float64
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name of the service entry
- protocol Double
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
- protocol number
- IP protocol number
- description string
- Description of the resource.
- display
Name string - Display name of the service entry
- protocol float
- IP protocol number
- description str
- Description of the resource.
- display_
name str - Display name of the service entry
- protocol Number
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name of the service entry
PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntry, PolicyGatewayPolicyRuleServiceEntriesL4PortSetEntryArgs
- Protocol string
- L4 protocol:
TCPorUDP - Description string
- Description of the resource.
- Destination
Ports List<string> - Set of destination ports
- Display
Name string - Display name of the service entry
- Source
Ports List<string> - Set of source ports
- Protocol string
- L4 protocol:
TCPorUDP - Description string
- Description of the resource.
- Destination
Ports []string - Set of destination ports
- Display
Name string - Display name of the service entry
- Source
Ports []string - Set of source ports
- protocol String
- L4 protocol:
TCPorUDP - description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name of the service entry
- source
Ports List<String> - Set of source ports
- protocol string
- L4 protocol:
TCPorUDP - description string
- Description of the resource.
- destination
Ports string[] - Set of destination ports
- display
Name string - Display name of the service entry
- source
Ports string[] - Set of source ports
- protocol str
- L4 protocol:
TCPorUDP - description str
- Description of the resource.
- destination_
ports Sequence[str] - Set of destination ports
- display_
name str - Display name of the service entry
- source_
ports Sequence[str] - Set of source ports
- protocol String
- L4 protocol:
TCPorUDP - description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name of the service entry
- source
Ports List<String> - Set of source ports
PolicyGatewayPolicyRuleTag, PolicyGatewayPolicyRuleTagArgs
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
nsxt 3.11.0 published on Monday, Dec 15, 2025 by vmware
