nsxt.PolicyIntrusionServicePolicyRule

nsxt 3.12.0, May 18 26

Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware

Create PolicyIntrusionServicePolicyRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PolicyIntrusionServicePolicyRule(name: string, args: PolicyIntrusionServicePolicyRuleArgs, opts?: CustomResourceOptions);

@overload
def PolicyIntrusionServicePolicyRule(resource_name: str,
                                     args: PolicyIntrusionServicePolicyRuleInitArgs,
                                     opts: Optional[ResourceOptions] = None)

@overload
def PolicyIntrusionServicePolicyRule(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     display_name: Optional[str] = None,
                                     sequence_number: Optional[float] = None,
                                     policy_path: Optional[str] = None,
                                     ids_profiles: Optional[Sequence[str]] = None,
                                     notes: Optional[str] = None,
                                     policy_intrusion_service_policy_rule_id: Optional[str] = None,
                                     disabled: Optional[bool] = None,
                                     destinations_excluded: Optional[bool] = None,
                                     destination_groups: Optional[Sequence[str]] = None,
                                     ip_version: Optional[str] = None,
                                     log_label: Optional[str] = None,
                                     logged: Optional[bool] = None,
                                     action: Optional[str] = None,
                                     nsx_id: Optional[str] = None,
                                     oversubscription: Optional[str] = None,
                                     direction: Optional[str] = None,
                                     description: Optional[str] = None,
                                     profiles: Optional[Sequence[str]] = None,
                                     scopes: Optional[Sequence[str]] = None,
                                     context: Optional[PolicyIntrusionServicePolicyRuleContextArgs] = None,
                                     service_entries: Optional[PolicyIntrusionServicePolicyRuleServiceEntriesArgs] = None,
                                     services: Optional[Sequence[str]] = None,
                                     source_groups: Optional[Sequence[str]] = None,
                                     sources_excluded: Optional[bool] = None,
                                     tags: Optional[Sequence[PolicyIntrusionServicePolicyRuleTagArgs]] = None)

func NewPolicyIntrusionServicePolicyRule(ctx *Context, name string, args PolicyIntrusionServicePolicyRuleArgs, opts ...ResourceOption) (*PolicyIntrusionServicePolicyRule, error)

public PolicyIntrusionServicePolicyRule(string name, PolicyIntrusionServicePolicyRuleArgs args, CustomResourceOptions? opts = null)

public PolicyIntrusionServicePolicyRule(String name, PolicyIntrusionServicePolicyRuleArgs args)
public PolicyIntrusionServicePolicyRule(String name, PolicyIntrusionServicePolicyRuleArgs args, CustomResourceOptions options)

type: nsxt:PolicyIntrusionServicePolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "nsxt_policyintrusionservicepolicyrule" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args PolicyIntrusionServicePolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyIntrusionServicePolicyRuleInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyIntrusionServicePolicyRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyIntrusionServicePolicyRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyIntrusionServicePolicyRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var policyIntrusionServicePolicyRuleResource = new Nsxt.PolicyIntrusionServicePolicyRule("policyIntrusionServicePolicyRuleResource", new()
{
    DisplayName = "string",
    SequenceNumber = 0,
    PolicyPath = "string",
    IdsProfiles = new[]
    {
        "string",
    },
    Notes = "string",
    PolicyIntrusionServicePolicyRuleId = "string",
    Disabled = false,
    DestinationsExcluded = false,
    DestinationGroups = new[]
    {
        "string",
    },
    IpVersion = "string",
    LogLabel = "string",
    Logged = false,
    Action = "string",
    NsxId = "string",
    Oversubscription = "string",
    Direction = "string",
    Description = "string",
    Profiles = new[]
    {
        "string",
    },
    Scopes = new[]
    {
        "string",
    },
    Context = new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleContextArgs
    {
        ProjectId = "string",
    },
    ServiceEntries = new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesArgs
    {
        AlgorithmEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs
            {
                Algorithm = "string",
                DestinationPort = "string",
                Description = "string",
                DisplayName = "string",
                SourcePorts = new[]
                {
                    "string",
                },
            },
        },
        EtherTypeEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs
            {
                EtherType = 0,
                Description = "string",
                DisplayName = "string",
            },
        },
        IcmpEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs
            {
                Protocol = "string",
                Description = "string",
                DisplayName = "string",
                IcmpCode = "string",
                IcmpType = "string",
            },
        },
        IgmpEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs
            {
                Description = "string",
                DisplayName = "string",
            },
        },
        IpProtocolEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs
            {
                Protocol = 0,
                Description = "string",
                DisplayName = "string",
            },
        },
        L4PortSetEntries = new[]
        {
            new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs
            {
                Protocol = "string",
                Description = "string",
                DestinationPorts = new[]
                {
                    "string",
                },
                DisplayName = "string",
                SourcePorts = new[]
                {
                    "string",
                },
            },
        },
    },
    Services = new[]
    {
        "string",
    },
    SourceGroups = new[]
    {
        "string",
    },
    SourcesExcluded = false,
    Tags = new[]
    {
        new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
});

example, err := nsxt.NewPolicyIntrusionServicePolicyRule(ctx, "policyIntrusionServicePolicyRuleResource", &nsxt.PolicyIntrusionServicePolicyRuleArgs{
	DisplayName:    pulumi.String("string"),
	SequenceNumber: pulumi.Float64(0),
	PolicyPath:     pulumi.String("string"),
	IdsProfiles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Notes:                              pulumi.String("string"),
	PolicyIntrusionServicePolicyRuleId: pulumi.String("string"),
	Disabled:                           pulumi.Bool(false),
	DestinationsExcluded:               pulumi.Bool(false),
	DestinationGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	IpVersion:        pulumi.String("string"),
	LogLabel:         pulumi.String("string"),
	Logged:           pulumi.Bool(false),
	Action:           pulumi.String("string"),
	NsxId:            pulumi.String("string"),
	Oversubscription: pulumi.String("string"),
	Direction:        pulumi.String("string"),
	Description:      pulumi.String("string"),
	Profiles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Scopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Context: &nsxt.PolicyIntrusionServicePolicyRuleContextArgs{
		ProjectId: pulumi.String("string"),
	},
	ServiceEntries: &nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesArgs{
		AlgorithmEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs{
				Algorithm:       pulumi.String("string"),
				DestinationPort: pulumi.String("string"),
				Description:     pulumi.String("string"),
				DisplayName:     pulumi.String("string"),
				SourcePorts: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		EtherTypeEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs{
				EtherType:   pulumi.Float64(0),
				Description: pulumi.String("string"),
				DisplayName: pulumi.String("string"),
			},
		},
		IcmpEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs{
				Protocol:    pulumi.String("string"),
				Description: pulumi.String("string"),
				DisplayName: pulumi.String("string"),
				IcmpCode:    pulumi.String("string"),
				IcmpType:    pulumi.String("string"),
			},
		},
		IgmpEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs{
				Description: pulumi.String("string"),
				DisplayName: pulumi.String("string"),
			},
		},
		IpProtocolEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs{
				Protocol:    pulumi.Float64(0),
				Description: pulumi.String("string"),
				DisplayName: pulumi.String("string"),
			},
		},
		L4PortSetEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArray{
			&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs{
				Protocol:    pulumi.String("string"),
				Description: pulumi.String("string"),
				DestinationPorts: pulumi.StringArray{
					pulumi.String("string"),
				},
				DisplayName: pulumi.String("string"),
				SourcePorts: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
	},
	Services: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourcesExcluded: pulumi.Bool(false),
	Tags: nsxt.PolicyIntrusionServicePolicyRuleTagArray{
		&nsxt.PolicyIntrusionServicePolicyRuleTagArgs{
			Scope: pulumi.String("string"),
			Tag:   pulumi.String("string"),
		},
	},
})

resource "nsxt_policyintrusionservicepolicyrule" "policyIntrusionServicePolicyRuleResource" {
  display_name                            = "string"
  sequence_number                         = 0
  policy_path                             = "string"
  ids_profiles                            = ["string"]
  notes                                   = "string"
  policy_intrusion_service_policy_rule_id = "string"
  disabled                                = false
  destinations_excluded                   = false
  destination_groups                      = ["string"]
  ip_version                              = "string"
  log_label                               = "string"
  logged                                  = false
  action                                  = "string"
  nsx_id                                  = "string"
  oversubscription                        = "string"
  direction                               = "string"
  description                             = "string"
  profiles                                = ["string"]
  scopes                                  = ["string"]
  context = {
    project_id = "string"
  }
  service_entries = {
    algorithm_entries = [{
      "algorithm"       = "string"
      "destinationPort" = "string"
      "description"     = "string"
      "displayName"     = "string"
      "sourcePorts"     = ["string"]
    }]
    ether_type_entries = [{
      "etherType"   = 0
      "description" = "string"
      "displayName" = "string"
    }]
    icmp_entries = [{
      "protocol"    = "string"
      "description" = "string"
      "displayName" = "string"
      "icmpCode"    = "string"
      "icmpType"    = "string"
    }]
    igmp_entries = [{
      "description" = "string"
      "displayName" = "string"
    }]
    ip_protocol_entries = [{
      "protocol"    = 0
      "description" = "string"
      "displayName" = "string"
    }]
    l4_port_set_entries = [{
      "protocol"         = "string"
      "description"      = "string"
      "destinationPorts" = ["string"]
      "displayName"      = "string"
      "sourcePorts"      = ["string"]
    }]
  }
  services         = ["string"]
  source_groups    = ["string"]
  sources_excluded = false
  tags {
    scope = "string"
    tag   = "string"
  }
}

var policyIntrusionServicePolicyRuleResource = new PolicyIntrusionServicePolicyRule("policyIntrusionServicePolicyRuleResource", PolicyIntrusionServicePolicyRuleArgs.builder()
    .displayName("string")
    .sequenceNumber(0.0)
    .policyPath("string")
    .idsProfiles("string")
    .notes("string")
    .policyIntrusionServicePolicyRuleId("string")
    .disabled(false)
    .destinationsExcluded(false)
    .destinationGroups("string")
    .ipVersion("string")
    .logLabel("string")
    .logged(false)
    .action("string")
    .nsxId("string")
    .oversubscription("string")
    .direction("string")
    .description("string")
    .profiles("string")
    .scopes("string")
    .context(PolicyIntrusionServicePolicyRuleContextArgs.builder()
        .projectId("string")
        .build())
    .serviceEntries(PolicyIntrusionServicePolicyRuleServiceEntriesArgs.builder()
        .algorithmEntries(PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs.builder()
            .algorithm("string")
            .destinationPort("string")
            .description("string")
            .displayName("string")
            .sourcePorts("string")
            .build())
        .etherTypeEntries(PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs.builder()
            .etherType(0.0)
            .description("string")
            .displayName("string")
            .build())
        .icmpEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs.builder()
            .protocol("string")
            .description("string")
            .displayName("string")
            .icmpCode("string")
            .icmpType("string")
            .build())
        .igmpEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs.builder()
            .description("string")
            .displayName("string")
            .build())
        .ipProtocolEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs.builder()
            .protocol(0.0)
            .description("string")
            .displayName("string")
            .build())
        .l4PortSetEntries(PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs.builder()
            .protocol("string")
            .description("string")
            .destinationPorts("string")
            .displayName("string")
            .sourcePorts("string")
            .build())
        .build())
    .services("string")
    .sourceGroups("string")
    .sourcesExcluded(false)
    .tags(PolicyIntrusionServicePolicyRuleTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .build());

policy_intrusion_service_policy_rule_resource = nsxt.PolicyIntrusionServicePolicyRule("policyIntrusionServicePolicyRuleResource",
    display_name="string",
    sequence_number=float(0),
    policy_path="string",
    ids_profiles=["string"],
    notes="string",
    policy_intrusion_service_policy_rule_id="string",
    disabled=False,
    destinations_excluded=False,
    destination_groups=["string"],
    ip_version="string",
    log_label="string",
    logged=False,
    action="string",
    nsx_id="string",
    oversubscription="string",
    direction="string",
    description="string",
    profiles=["string"],
    scopes=["string"],
    context={
        "project_id": "string",
    },
    service_entries={
        "algorithm_entries": [{
            "algorithm": "string",
            "destination_port": "string",
            "description": "string",
            "display_name": "string",
            "source_ports": ["string"],
        }],
        "ether_type_entries": [{
            "ether_type": float(0),
            "description": "string",
            "display_name": "string",
        }],
        "icmp_entries": [{
            "protocol": "string",
            "description": "string",
            "display_name": "string",
            "icmp_code": "string",
            "icmp_type": "string",
        }],
        "igmp_entries": [{
            "description": "string",
            "display_name": "string",
        }],
        "ip_protocol_entries": [{
            "protocol": float(0),
            "description": "string",
            "display_name": "string",
        }],
        "l4_port_set_entries": [{
            "protocol": "string",
            "description": "string",
            "destination_ports": ["string"],
            "display_name": "string",
            "source_ports": ["string"],
        }],
    },
    services=["string"],
    source_groups=["string"],
    sources_excluded=False,
    tags=[{
        "scope": "string",
        "tag": "string",
    }])

const policyIntrusionServicePolicyRuleResource = new nsxt.PolicyIntrusionServicePolicyRule("policyIntrusionServicePolicyRuleResource", {
    displayName: "string",
    sequenceNumber: 0,
    policyPath: "string",
    idsProfiles: ["string"],
    notes: "string",
    policyIntrusionServicePolicyRuleId: "string",
    disabled: false,
    destinationsExcluded: false,
    destinationGroups: ["string"],
    ipVersion: "string",
    logLabel: "string",
    logged: false,
    action: "string",
    nsxId: "string",
    oversubscription: "string",
    direction: "string",
    description: "string",
    profiles: ["string"],
    scopes: ["string"],
    context: {
        projectId: "string",
    },
    serviceEntries: {
        algorithmEntries: [{
            algorithm: "string",
            destinationPort: "string",
            description: "string",
            displayName: "string",
            sourcePorts: ["string"],
        }],
        etherTypeEntries: [{
            etherType: 0,
            description: "string",
            displayName: "string",
        }],
        icmpEntries: [{
            protocol: "string",
            description: "string",
            displayName: "string",
            icmpCode: "string",
            icmpType: "string",
        }],
        igmpEntries: [{
            description: "string",
            displayName: "string",
        }],
        ipProtocolEntries: [{
            protocol: 0,
            description: "string",
            displayName: "string",
        }],
        l4PortSetEntries: [{
            protocol: "string",
            description: "string",
            destinationPorts: ["string"],
            displayName: "string",
            sourcePorts: ["string"],
        }],
    },
    services: ["string"],
    sourceGroups: ["string"],
    sourcesExcluded: false,
    tags: [{
        scope: "string",
        tag: "string",
    }],
});

type: nsxt:PolicyIntrusionServicePolicyRule
properties:
    action: string
    context:
        projectId: string
    description: string
    destinationGroups:
        - string
    destinationsExcluded: false
    direction: string
    disabled: false
    displayName: string
    idsProfiles:
        - string
    ipVersion: string
    logLabel: string
    logged: false
    notes: string
    nsxId: string
    oversubscription: string
    policyIntrusionServicePolicyRuleId: string
    policyPath: string
    profiles:
        - string
    scopes:
        - string
    sequenceNumber: 0
    serviceEntries:
        algorithmEntries:
            - algorithm: string
              description: string
              destinationPort: string
              displayName: string
              sourcePorts:
                - string
        etherTypeEntries:
            - description: string
              displayName: string
              etherType: 0
        icmpEntries:
            - description: string
              displayName: string
              icmpCode: string
              icmpType: string
              protocol: string
        igmpEntries:
            - description: string
              displayName: string
        ipProtocolEntries:
            - description: string
              displayName: string
              protocol: 0
        l4PortSetEntries:
            - description: string
              destinationPorts:
                - string
              displayName: string
              protocol: string
              sourcePorts:
                - string
    services:
        - string
    sourceGroups:
        - string
    sourcesExcluded: false
    tags:
        - scope: string
          tag: string

PolicyIntrusionServicePolicyRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyIntrusionServicePolicyRule resource accepts the following input properties:

DisplayName string: Display name of the resource.
IdsProfiles List<string>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
PolicyPath string: Path of the Intrusion Service Policy this rule belongs to.
SequenceNumber double: Sequence number to determine the order of rule processing within the parent policy.
Action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
Context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
DestinationsExcluded bool: A boolean value indicating negation of destination groups. Default is false.
Direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Default is false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
Logged bool: A boolean flag to enable packet logging. Default is false.
Notes string: Text for additional notes on changes for this rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
PolicyIntrusionServicePolicyRuleId string: ID of the resource.
Profiles List<string>: List of profiles
Scopes List<string>: Set of policy object paths where the rule is applied for East-West traffic inspection.
ServiceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
Services List<string>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
SourcesExcluded bool: A boolean value indicating negation of source groups. Default is false.
Tags List<PolicyIntrusionServicePolicyRuleTag>: A list of scope + tag pairs to associate with this rule.

DisplayName string: Display name of the resource.
IdsProfiles []string: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
PolicyPath string: Path of the Intrusion Service Policy this rule belongs to.
SequenceNumber float64: Sequence number to determine the order of rule processing within the parent policy.
Action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
Context PolicyIntrusionServicePolicyRuleContextArgs: The context which the object belongs to. If not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
DestinationsExcluded bool: A boolean value indicating negation of destination groups. Default is false.
Direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Default is false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
Logged bool: A boolean flag to enable packet logging. Default is false.
Notes string: Text for additional notes on changes for this rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
PolicyIntrusionServicePolicyRuleId string: ID of the resource.
Profiles []string: List of profiles
Scopes []string: Set of policy object paths where the rule is applied for East-West traffic inspection.
ServiceEntries PolicyIntrusionServicePolicyRuleServiceEntriesArgs: List of services to match
Services []string: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
SourcesExcluded bool: A boolean value indicating negation of source groups. Default is false.
Tags []PolicyIntrusionServicePolicyRuleTagArgs: A list of scope + tag pairs to associate with this rule.

display_name string: Display name of the resource.
ids_profiles list(string): Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
policy_path string: Path of the Intrusion Service Policy this rule belongs to.
sequence_number number: Sequence number to determine the order of rule processing within the parent policy.
action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context object: The context which the object belongs to. If not provided, it will be derived from policy_path.
description string: Description of the resource.
destination_groups list(string): Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinations_excluded bool: A boolean value indicating negation of destination groups. Default is false.
direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Default is false.
ip_version string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
log_label string: Additional information (string) which will be propagated to the rule syslog for this rule.
logged bool: A boolean flag to enable packet logging. Default is false.
notes string: Text for additional notes on changes for this rule.
nsx_id string: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
policy_intrusion_service_policy_rule_id string: ID of the resource.
profiles list(string): List of profiles
scopes list(string): Set of policy object paths where the rule is applied for East-West traffic inspection.
service_entries object: List of services to match
services list(string): Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
source_groups list(string): Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sources_excluded bool: A boolean value indicating negation of source groups. Default is false.
tags list(object): A list of scope + tag pairs to associate with this rule.

displayName String: Display name of the resource.
idsProfiles List<String>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
policyPath String: Path of the Intrusion Service Policy this rule belongs to.
sequenceNumber Double: Sequence number to determine the order of rule processing within the parent policy.
action String: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded Boolean: A boolean value indicating negation of destination groups. Default is false.
direction String: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Default is false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog for this rule.
logged Boolean: A boolean flag to enable packet logging. Default is false.
notes String: Text for additional notes on changes for this rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription String: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
policyIntrusionServicePolicyRuleId String: ID of the resource.
profiles List<String>: List of profiles
scopes List<String>: Set of policy object paths where the rule is applied for East-West traffic inspection.
serviceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
services List<String>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded Boolean: A boolean value indicating negation of source groups. Default is false.
tags List<PolicyIntrusionServicePolicyRuleTag>: A list of scope + tag pairs to associate with this rule.

displayName string: Display name of the resource.
idsProfiles string[]: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
policyPath string: Path of the Intrusion Service Policy this rule belongs to.
sequenceNumber number: Sequence number to determine the order of rule processing within the parent policy.
action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded boolean: A boolean value indicating negation of destination groups. Default is false.
direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled boolean: A boolean value to indicate the rule is disabled. Default is false.
ipVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
logged boolean: A boolean flag to enable packet logging. Default is false.
notes string: Text for additional notes on changes for this rule.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
policyIntrusionServicePolicyRuleId string: ID of the resource.
profiles string[]: List of profiles
scopes string[]: Set of policy object paths where the rule is applied for East-West traffic inspection.
serviceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
services string[]: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded boolean: A boolean value indicating negation of source groups. Default is false.
tags PolicyIntrusionServicePolicyRuleTag[]: A list of scope + tag pairs to associate with this rule.

display_name str: Display name of the resource.
ids_profiles Sequence[str]: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
policy_path str: Path of the Intrusion Service Policy this rule belongs to.
sequence_number float: Sequence number to determine the order of rule processing within the parent policy.
action str: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContextArgs: The context which the object belongs to. If not provided, it will be derived from policy_path.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinations_excluded bool: A boolean value indicating negation of destination groups. Default is false.
direction str: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Default is false.
ip_version str: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
log_label str: Additional information (string) which will be propagated to the rule syslog for this rule.
logged bool: A boolean flag to enable packet logging. Default is false.
notes str: Text for additional notes on changes for this rule.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription str: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
policy_intrusion_service_policy_rule_id str: ID of the resource.
profiles Sequence[str]: List of profiles
scopes Sequence[str]: Set of policy object paths where the rule is applied for East-West traffic inspection.
service_entries PolicyIntrusionServicePolicyRuleServiceEntriesArgs: List of services to match
services Sequence[str]: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sources_excluded bool: A boolean value indicating negation of source groups. Default is false.
tags Sequence[PolicyIntrusionServicePolicyRuleTagArgs]: A list of scope + tag pairs to associate with this rule.

displayName String: Display name of the resource.
idsProfiles List<String>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
policyPath String: Path of the Intrusion Service Policy this rule belongs to.
sequenceNumber Number: Sequence number to determine the order of rule processing within the parent policy.
action String: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context Property Map: The context which the object belongs to. If not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded Boolean: A boolean value indicating negation of destination groups. Default is false.
direction String: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Default is false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog for this rule.
logged Boolean: A boolean flag to enable packet logging. Default is false.
notes String: Text for additional notes on changes for this rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription String: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
policyIntrusionServicePolicyRuleId String: ID of the resource.
profiles List<String>: List of profiles
scopes List<String>: Set of policy object paths where the rule is applied for East-West traffic inspection.
serviceEntries Property Map: List of services to match
services List<String>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded Boolean: A boolean value indicating negation of source groups. Default is false.
tags List<Property Map>: A list of scope + tag pairs to associate with this rule.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyIntrusionServicePolicyRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server.
rule_id number: Unique positive number that is assigned by the system and is useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.

id str: The provider-assigned unique ID for this managed resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.

Look up Existing PolicyIntrusionServicePolicyRule Resource

Get an existing PolicyIntrusionServicePolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyIntrusionServicePolicyRuleState, opts?: CustomResourceOptions): PolicyIntrusionServicePolicyRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        context: Optional[PolicyIntrusionServicePolicyRuleContextArgs] = None,
        description: Optional[str] = None,
        destination_groups: Optional[Sequence[str]] = None,
        destinations_excluded: Optional[bool] = None,
        direction: Optional[str] = None,
        disabled: Optional[bool] = None,
        display_name: Optional[str] = None,
        ids_profiles: Optional[Sequence[str]] = None,
        ip_version: Optional[str] = None,
        log_label: Optional[str] = None,
        logged: Optional[bool] = None,
        notes: Optional[str] = None,
        nsx_id: Optional[str] = None,
        oversubscription: Optional[str] = None,
        path: Optional[str] = None,
        policy_intrusion_service_policy_rule_id: Optional[str] = None,
        policy_path: Optional[str] = None,
        profiles: Optional[Sequence[str]] = None,
        revision: Optional[float] = None,
        rule_id: Optional[float] = None,
        scopes: Optional[Sequence[str]] = None,
        sequence_number: Optional[float] = None,
        service_entries: Optional[PolicyIntrusionServicePolicyRuleServiceEntriesArgs] = None,
        services: Optional[Sequence[str]] = None,
        source_groups: Optional[Sequence[str]] = None,
        sources_excluded: Optional[bool] = None,
        tags: Optional[Sequence[PolicyIntrusionServicePolicyRuleTagArgs]] = None) -> PolicyIntrusionServicePolicyRule

func GetPolicyIntrusionServicePolicyRule(ctx *Context, name string, id IDInput, state *PolicyIntrusionServicePolicyRuleState, opts ...ResourceOption) (*PolicyIntrusionServicePolicyRule, error)

public static PolicyIntrusionServicePolicyRule Get(string name, Input<string> id, PolicyIntrusionServicePolicyRuleState? state, CustomResourceOptions? opts = null)

public static PolicyIntrusionServicePolicyRule get(String name, Output<String> id, PolicyIntrusionServicePolicyRuleState state, CustomResourceOptions options)

resources:  _:    type: nsxt:PolicyIntrusionServicePolicyRule    get:      id: ${id}

import {
  to = nsxt_policyintrusionservicepolicyrule.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
Context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
DestinationsExcluded bool: A boolean value indicating negation of destination groups. Default is false.
Direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Default is false.
DisplayName string: Display name of the resource.
IdsProfiles List<string>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
Logged bool: A boolean flag to enable packet logging. Default is false.
Notes string: Text for additional notes on changes for this rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
Path string: The NSX path of the policy resource.
PolicyIntrusionServicePolicyRuleId string: ID of the resource.
PolicyPath string: Path of the Intrusion Service Policy this rule belongs to.
Profiles List<string>: List of profiles
Revision double: Indicates current revision number of the object as seen by NSX-T API server.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.
Scopes List<string>: Set of policy object paths where the rule is applied for East-West traffic inspection.
SequenceNumber double: Sequence number to determine the order of rule processing within the parent policy.
ServiceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
Services List<string>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
SourcesExcluded bool: A boolean value indicating negation of source groups. Default is false.
Tags List<PolicyIntrusionServicePolicyRuleTag>: A list of scope + tag pairs to associate with this rule.

Action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
Context PolicyIntrusionServicePolicyRuleContextArgs: The context which the object belongs to. If not provided, it will be derived from policy_path.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
DestinationsExcluded bool: A boolean value indicating negation of destination groups. Default is false.
Direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Default is false.
DisplayName string: Display name of the resource.
IdsProfiles []string: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
Logged bool: A boolean flag to enable packet logging. Default is false.
Notes string: Text for additional notes on changes for this rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
Path string: The NSX path of the policy resource.
PolicyIntrusionServicePolicyRuleId string: ID of the resource.
PolicyPath string: Path of the Intrusion Service Policy this rule belongs to.
Profiles []string: List of profiles
Revision float64: Indicates current revision number of the object as seen by NSX-T API server.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.
Scopes []string: Set of policy object paths where the rule is applied for East-West traffic inspection.
SequenceNumber float64: Sequence number to determine the order of rule processing within the parent policy.
ServiceEntries PolicyIntrusionServicePolicyRuleServiceEntriesArgs: List of services to match
Services []string: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
SourcesExcluded bool: A boolean value indicating negation of source groups. Default is false.
Tags []PolicyIntrusionServicePolicyRuleTagArgs: A list of scope + tag pairs to associate with this rule.

action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context object: The context which the object belongs to. If not provided, it will be derived from policy_path.
description string: Description of the resource.
destination_groups list(string): Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinations_excluded bool: A boolean value indicating negation of destination groups. Default is false.
direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Default is false.
display_name string: Display name of the resource.
ids_profiles list(string): Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
ip_version string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
log_label string: Additional information (string) which will be propagated to the rule syslog for this rule.
logged bool: A boolean flag to enable packet logging. Default is false.
notes string: Text for additional notes on changes for this rule.
nsx_id string: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
path string: The NSX path of the policy resource.
policy_intrusion_service_policy_rule_id string: ID of the resource.
policy_path string: Path of the Intrusion Service Policy this rule belongs to.
profiles list(string): List of profiles
revision number: Indicates current revision number of the object as seen by NSX-T API server.
rule_id number: Unique positive number that is assigned by the system and is useful for debugging.
scopes list(string): Set of policy object paths where the rule is applied for East-West traffic inspection.
sequence_number number: Sequence number to determine the order of rule processing within the parent policy.
service_entries object: List of services to match
services list(string): Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
source_groups list(string): Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sources_excluded bool: A boolean value indicating negation of source groups. Default is false.
tags list(object): A list of scope + tag pairs to associate with this rule.

action String: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded Boolean: A boolean value indicating negation of destination groups. Default is false.
direction String: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Default is false.
displayName String: Display name of the resource.
idsProfiles List<String>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog for this rule.
logged Boolean: A boolean flag to enable packet logging. Default is false.
notes String: Text for additional notes on changes for this rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription String: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
path String: The NSX path of the policy resource.
policyIntrusionServicePolicyRuleId String: ID of the resource.
policyPath String: Path of the Intrusion Service Policy this rule belongs to.
profiles List<String>: List of profiles
revision Double: Indicates current revision number of the object as seen by NSX-T API server.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: Set of policy object paths where the rule is applied for East-West traffic inspection.
sequenceNumber Double: Sequence number to determine the order of rule processing within the parent policy.
serviceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
services List<String>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded Boolean: A boolean value indicating negation of source groups. Default is false.
tags List<PolicyIntrusionServicePolicyRuleTag>: A list of scope + tag pairs to associate with this rule.

action string: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContext: The context which the object belongs to. If not provided, it will be derived from policy_path.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded boolean: A boolean value indicating negation of destination groups. Default is false.
direction string: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled boolean: A boolean value to indicate the rule is disabled. Default is false.
displayName string: Display name of the resource.
idsProfiles string[]: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
ipVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel string: Additional information (string) which will be propagated to the rule syslog for this rule.
logged boolean: A boolean flag to enable packet logging. Default is false.
notes string: Text for additional notes on changes for this rule.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription string: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
path string: The NSX path of the policy resource.
policyIntrusionServicePolicyRuleId string: ID of the resource.
policyPath string: Path of the Intrusion Service Policy this rule belongs to.
profiles string[]: List of profiles
revision number: Indicates current revision number of the object as seen by NSX-T API server.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.
scopes string[]: Set of policy object paths where the rule is applied for East-West traffic inspection.
sequenceNumber number: Sequence number to determine the order of rule processing within the parent policy.
serviceEntries PolicyIntrusionServicePolicyRuleServiceEntries: List of services to match
services string[]: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded boolean: A boolean value indicating negation of source groups. Default is false.
tags PolicyIntrusionServicePolicyRuleTag[]: A list of scope + tag pairs to associate with this rule.

action str: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context PolicyIntrusionServicePolicyRuleContextArgs: The context which the object belongs to. If not provided, it will be derived from policy_path.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinations_excluded bool: A boolean value indicating negation of destination groups. Default is false.
direction str: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Default is false.
display_name str: Display name of the resource.
ids_profiles Sequence[str]: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
ip_version str: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
log_label str: Additional information (string) which will be propagated to the rule syslog for this rule.
logged bool: A boolean flag to enable packet logging. Default is false.
notes str: Text for additional notes on changes for this rule.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription str: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
path str: The NSX path of the policy resource.
policy_intrusion_service_policy_rule_id str: ID of the resource.
policy_path str: Path of the Intrusion Service Policy this rule belongs to.
profiles Sequence[str]: List of profiles
revision float: Indicates current revision number of the object as seen by NSX-T API server.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.
scopes Sequence[str]: Set of policy object paths where the rule is applied for East-West traffic inspection.
sequence_number float: Sequence number to determine the order of rule processing within the parent policy.
service_entries PolicyIntrusionServicePolicyRuleServiceEntriesArgs: List of services to match
services Sequence[str]: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sources_excluded bool: A boolean value indicating negation of source groups. Default is false.
tags Sequence[PolicyIntrusionServicePolicyRuleTagArgs]: A list of scope + tag pairs to associate with this rule.

action String: Rule action for intrusion detection/prevention. One of DETECT, DETECT_PREVENT, or EXEMPT. Default is DETECT. Note: EXEMPT action is only available from NSX version 9.1.0 onwards and allows traffic to bypass intrusion detection/prevention.
context Property Map: The context which the object belongs to. If not provided, it will be derived from policy_path.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
destinationsExcluded Boolean: A boolean value indicating negation of destination groups. Default is false.
direction String: The traffic direction for the rule. Must be one of: IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Default is false.
displayName String: Display name of the resource.
idsProfiles List<String>: Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Default is IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog for this rule.
logged Boolean: A boolean flag to enable packet logging. Default is false.
notes String: Text for additional notes on changes for this rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
oversubscription String: Action to take when IDPS engine is oversubscribed. One of BYPASSED, DROPPED or INHERIT_GLOBAL. Default is INHERIT_GLOBAL. BYPASSED: Traffic bypasses IDPS when oversubscribed. DROPPED: Traffic is dropped when oversubscribed. INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings.
path String: The NSX path of the policy resource.
policyIntrusionServicePolicyRuleId String: ID of the resource.
policyPath String: Path of the Intrusion Service Policy this rule belongs to.
profiles List<String>: List of profiles
revision Number: Indicates current revision number of the object as seen by NSX-T API server.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: Set of policy object paths where the rule is applied for East-West traffic inspection.
sequenceNumber Number: Sequence number to determine the order of rule processing within the parent policy.
serviceEntries Property Map: List of services to match
services List<String>: Set of service paths to match for this rule. An empty set can be used to specify ANY. Default is ANY.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify ANY. Default is ANY.
sourcesExcluded Boolean: A boolean value indicating negation of source groups. Default is false.
tags List<Property Map>: A list of scope + tag pairs to associate with this rule.

Supporting Types

PolicyIntrusionServicePolicyRuleContext, PolicyIntrusionServicePolicyRuleContextArgs

ProjectId string: The ID of the project which the object belongs to

ProjectId string: The ID of the project which the object belongs to

project_id string: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

projectId string: The ID of the project which the object belongs to

project_id str: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

PolicyIntrusionServicePolicyRuleServiceEntries, PolicyIntrusionServicePolicyRuleServiceEntriesArgs

AlgorithmEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry>: Algorithm type service entry
EtherTypeEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry>: Ether type service entry
IcmpEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry>: ICMP type service entry
IgmpEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry>: IGMP type service entry
IpProtocolEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry>: IP Protocol type service entry
L4PortSetEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry>: L4 port set type service entry

AlgorithmEntries []PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry: Algorithm type service entry
EtherTypeEntries []PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry: Ether type service entry
IcmpEntries []PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry: ICMP type service entry
IgmpEntries []PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry: IGMP type service entry
IpProtocolEntries []PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry: IP Protocol type service entry
L4PortSetEntries []PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry: L4 port set type service entry

algorithm_entries list(object): Algorithm type service entry
ether_type_entries list(object): Ether type service entry
icmp_entries list(object): ICMP type service entry
igmp_entries list(object): IGMP type service entry
ip_protocol_entries list(object): IP Protocol type service entry
l4_port_set_entries list(object): L4 port set type service entry

algorithmEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry>: Algorithm type service entry
etherTypeEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry>: Ether type service entry
icmpEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry>: ICMP type service entry
igmpEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry>: IGMP type service entry
ipProtocolEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry>: IP Protocol type service entry
l4PortSetEntries List<PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry>: L4 port set type service entry

algorithmEntries PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry[]: Algorithm type service entry
etherTypeEntries PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry[]: Ether type service entry
icmpEntries PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry[]: ICMP type service entry
igmpEntries PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry[]: IGMP type service entry
ipProtocolEntries PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry[]: IP Protocol type service entry
l4PortSetEntries PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry[]: L4 port set type service entry

algorithm_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry]: Algorithm type service entry
ether_type_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry]: Ether type service entry
icmp_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry]: ICMP type service entry
igmp_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry]: IGMP type service entry
ip_protocol_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry]: IP Protocol type service entry
l4_port_set_entries Sequence[PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry]: L4 port set type service entry

algorithmEntries List<Property Map>: Algorithm type service entry
etherTypeEntries List<Property Map>: Ether type service entry
icmpEntries List<Property Map>: ICMP type service entry
igmpEntries List<Property Map>: IGMP type service entry
ipProtocolEntries List<Property Map>: IP Protocol type service entry
l4PortSetEntries List<Property Map>: L4 port set type service entry

PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry, PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs

Algorithm string: Algorithm
DestinationPort string: A single destination port
Description string: Description of the resource.
DisplayName string: Display name of the resource.
SourcePorts List<string>: Set of source ports or ranges

Algorithm string: Algorithm
DestinationPort string: A single destination port
Description string: Description of the resource.
DisplayName string: Display name of the resource.
SourcePorts []string: Set of source ports or ranges

algorithm string: Algorithm
destination_port string: A single destination port
description string: Description of the resource.
display_name string: Display name of the resource.
source_ports list(string): Set of source ports or ranges

algorithm String: Algorithm
destinationPort String: A single destination port
description String: Description of the resource.
displayName String: Display name of the resource.
sourcePorts List<String>: Set of source ports or ranges

algorithm string: Algorithm
destinationPort string: A single destination port
description string: Description of the resource.
displayName string: Display name of the resource.
sourcePorts string[]: Set of source ports or ranges

algorithm str: Algorithm
destination_port str: A single destination port
description str: Description of the resource.
display_name str: Display name of the resource.
source_ports Sequence[str]: Set of source ports or ranges

algorithm String: Algorithm
destinationPort String: A single destination port
description String: Description of the resource.
displayName String: Display name of the resource.
sourcePorts List<String>: Set of source ports or ranges

PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry, PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs

EtherType double: Type of the encapsulated protocol
Description string: Description of the resource.
DisplayName string: Display name of the resource.

EtherType float64: Type of the encapsulated protocol
Description string: Description of the resource.
DisplayName string: Display name of the resource.

ether_type number: Type of the encapsulated protocol
description string: Description of the resource.
display_name string: Display name of the resource.

etherType Double: Type of the encapsulated protocol
description String: Description of the resource.
displayName String: Display name of the resource.

etherType number: Type of the encapsulated protocol
description string: Description of the resource.
displayName string: Display name of the resource.

ether_type float: Type of the encapsulated protocol
description str: Description of the resource.
display_name str: Display name of the resource.

etherType Number: Type of the encapsulated protocol
description String: Description of the resource.
displayName String: Display name of the resource.

PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs

Protocol string: Version of ICMP protocol (ICMPv4/ICMPv6)
Description string: Description of the resource.
DisplayName string: Display name of the resource.
IcmpCode string: ICMP message code
IcmpType string: ICMP message type

Protocol string: Version of ICMP protocol (ICMPv4/ICMPv6)
Description string: Description of the resource.
DisplayName string: Display name of the resource.
IcmpCode string: ICMP message code
IcmpType string: ICMP message type

protocol string: Version of ICMP protocol (ICMPv4/ICMPv6)
description string: Description of the resource.
display_name string: Display name of the resource.
icmp_code string: ICMP message code
icmp_type string: ICMP message type

protocol String: Version of ICMP protocol (ICMPv4/ICMPv6)
description String: Description of the resource.
displayName String: Display name of the resource.
icmpCode String: ICMP message code
icmpType String: ICMP message type

protocol string: Version of ICMP protocol (ICMPv4/ICMPv6)
description string: Description of the resource.
displayName string: Display name of the resource.
icmpCode string: ICMP message code
icmpType string: ICMP message type

protocol str: Version of ICMP protocol (ICMPv4/ICMPv6)
description str: Description of the resource.
display_name str: Display name of the resource.
icmp_code str: ICMP message code
icmp_type str: ICMP message type

protocol String: Version of ICMP protocol (ICMPv4/ICMPv6)
description String: Description of the resource.
displayName String: Display name of the resource.
icmpCode String: ICMP message code
icmpType String: ICMP message type

PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs

Description string: Description of the resource.
DisplayName string: Display name of the resource.

Description string: Description of the resource.
DisplayName string: Display name of the resource.

description string: Description of the resource.
display_name string: Display name of the resource.

description String: Description of the resource.
displayName String: Display name of the resource.

description string: Description of the resource.
displayName string: Display name of the resource.

description str: Description of the resource.
display_name str: Display name of the resource.

description String: Description of the resource.
displayName String: Display name of the resource.

PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs

Protocol double: IP protocol number
Description string: Description of the resource.
DisplayName string: Display name of the resource.

Protocol float64: IP protocol number
Description string: Description of the resource.
DisplayName string: Display name of the resource.

protocol number: IP protocol number
description string: Description of the resource.
display_name string: Display name of the resource.

protocol Double: IP protocol number
description String: Description of the resource.
displayName String: Display name of the resource.

protocol number: IP protocol number
description string: Description of the resource.
displayName string: Display name of the resource.

protocol float: IP protocol number
description str: Description of the resource.
display_name str: Display name of the resource.

protocol Number: IP protocol number
description String: Description of the resource.
displayName String: Display name of the resource.

PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry, PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs

Protocol string: L4 Protocol
Description string: Description of the resource.
DestinationPorts List<string>: Set of destination ports
DisplayName string: Display name of the resource.
SourcePorts List<string>: Set of source ports

Protocol string: L4 Protocol
Description string: Description of the resource.
DestinationPorts []string: Set of destination ports
DisplayName string: Display name of the resource.
SourcePorts []string: Set of source ports

protocol string: L4 Protocol
description string: Description of the resource.
destination_ports list(string): Set of destination ports
display_name string: Display name of the resource.
source_ports list(string): Set of source ports

protocol String: L4 Protocol
description String: Description of the resource.
destinationPorts List<String>: Set of destination ports
displayName String: Display name of the resource.
sourcePorts List<String>: Set of source ports

protocol string: L4 Protocol
description string: Description of the resource.
destinationPorts string[]: Set of destination ports
displayName string: Display name of the resource.
sourcePorts string[]: Set of source ports

protocol str: L4 Protocol
description str: Description of the resource.
destination_ports Sequence[str]: Set of destination ports
display_name str: Display name of the resource.
source_ports Sequence[str]: Set of source ports

protocol String: L4 Protocol
description String: Description of the resource.
destinationPorts List<String>: Set of destination ports
displayName String: Display name of the resource.
sourcePorts List<String>: Set of source ports

PolicyIntrusionServicePolicyRuleTag, PolicyIntrusionServicePolicyRuleTagArgs

Scope string: Set of policy object paths where the rule is applied for East-West traffic inspection.
Tag string: A list of scope + tag pairs to associate with this rule.

Scope string: Set of policy object paths where the rule is applied for East-West traffic inspection.
Tag string: A list of scope + tag pairs to associate with this rule.

scope string: Set of policy object paths where the rule is applied for East-West traffic inspection.
tag string: A list of scope + tag pairs to associate with this rule.

scope String: Set of policy object paths where the rule is applied for East-West traffic inspection.
tag String: A list of scope + tag pairs to associate with this rule.

scope string: Set of policy object paths where the rule is applied for East-West traffic inspection.
tag string: A list of scope + tag pairs to associate with this rule.

scope str: Set of policy object paths where the rule is applied for East-West traffic inspection.
tag str: A list of scope + tag pairs to associate with this rule.

scope String: Set of policy object paths where the rule is applied for East-West traffic inspection.
tag String: A list of scope + tag pairs to associate with this rule.

Package Details

Repository: nsxt vmware/terraform-provider-nsxt
License
Notes: This Pulumi package is based on the nsxt Terraform Provider.

Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware

Schema (JSON)

vmware/terraform-provider-nsxt

nsxt.PolicyIntrusionServicePolicyRule

On this page

On this page

Create PolicyIntrusionServicePolicyRule Resource

Constructor syntax

Parameters

Constructor example

PolicyIntrusionServicePolicyRule Resource Properties

Inputs

Outputs

Look up Existing PolicyIntrusionServicePolicyRule Resource

Supporting Types

PolicyIntrusionServicePolicyRuleContext, PolicyIntrusionServicePolicyRuleContextArgs

PolicyIntrusionServicePolicyRuleServiceEntries, PolicyIntrusionServicePolicyRuleServiceEntriesArgs

PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry, PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry, PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry, PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs

PolicyIntrusionServicePolicyRuleTag, PolicyIntrusionServicePolicyRuleTagArgs

Package Details

On this page

On this page

Try Pulumi Cloud free.
Your team will thank you.

nsxt.PolicyIntrusionServicePolicyRule

On this page

On this page

Create PolicyIntrusionServicePolicyRule Resource

Constructor syntax

Parameters

Constructor example

PolicyIntrusionServicePolicyRule Resource Properties

Inputs

Outputs

Look up Existing PolicyIntrusionServicePolicyRule Resource

Supporting Types

PolicyIntrusionServicePolicyRuleContext, PolicyIntrusionServicePolicyRuleContextArgs

PolicyIntrusionServicePolicyRuleServiceEntries, PolicyIntrusionServicePolicyRuleServiceEntriesArgs

PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry, PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry, PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs

PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry, PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs

PolicyIntrusionServicePolicyRuleTag, PolicyIntrusionServicePolicyRuleTagArgs

Package Details

On this page

On this page

Try Pulumi Cloud free.Your team will thank you.

Try Pulumi Cloud free.
Your team will thank you.