Docs Home
nsxt 3.8.1 published on Wednesday, Apr 30, 2025 by vmware
nsxt.PolicyPredefinedSecurityPolicy
Explore with Pulumi AI
This resource provides a method to modify default Security Policy and its rules. This can be default layer2 policy or default layer3 policy. Maximum one resource for each type should exist in your configuration.
NOTE: An absolute path, such as
/infra/domains/default/security-policies/default-layer3-section, can be provided for this resource (this approach will work slightly faster, as the roundtrip for data source retrieval will be spared) In the example below a data source is used in order to pull the predefined policy.
This resource is applicable to NSX Global Manager, NSX Policy Manager and VMC.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const defaultL3 = nsxt.getPolicySecurityPolicy({
isDefault: true,
category: "Application",
});
const test = new nsxt.PolicyPredefinedSecurityPolicy("test", {
path: defaultL3.then(defaultL3 => defaultL3.path),
tags: [{
scope: "color",
tag: "orange",
}],
rules: [
{
displayName: "allow_icmp",
destinationGroups: [
nsxt_policy_group.cats.path,
nsxt_policy_group.dogs.path,
],
action: "ALLOW",
services: [nsxt_policy_service.icmp.path],
logged: true,
},
{
displayName: "allow_udp",
sourceGroups: [nsxt_policy_group.fish.path],
sourcesExcluded: true,
scopes: [nsxt_policy_group.aquarium.path],
action: "ALLOW",
services: [nsxt_policy_service.udp.path],
logged: true,
disabled: true,
},
],
defaultRule: {
action: "DROP",
},
});
import pulumi
import pulumi_nsxt as nsxt
default_l3 = nsxt.get_policy_security_policy(is_default=True,
category="Application")
test = nsxt.PolicyPredefinedSecurityPolicy("test",
path=default_l3.path,
tags=[{
"scope": "color",
"tag": "orange",
}],
rules=[
{
"display_name": "allow_icmp",
"destination_groups": [
nsxt_policy_group["cats"]["path"],
nsxt_policy_group["dogs"]["path"],
],
"action": "ALLOW",
"services": [nsxt_policy_service["icmp"]["path"]],
"logged": True,
},
{
"display_name": "allow_udp",
"source_groups": [nsxt_policy_group["fish"]["path"]],
"sources_excluded": True,
"scopes": [nsxt_policy_group["aquarium"]["path"]],
"action": "ALLOW",
"services": [nsxt_policy_service["udp"]["path"]],
"logged": True,
"disabled": True,
},
],
default_rule={
"action": "DROP",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultL3, err := nsxt.LookupPolicySecurityPolicy(ctx, &nsxt.LookupPolicySecurityPolicyArgs{
IsDefault: pulumi.BoolRef(true),
Category: pulumi.StringRef("Application"),
}, nil)
if err != nil {
return err
}
_, err = nsxt.NewPolicyPredefinedSecurityPolicy(ctx, "test", &nsxt.PolicyPredefinedSecurityPolicyArgs{
Path: pulumi.String(defaultL3.Path),
Tags: nsxt.PolicyPredefinedSecurityPolicyTagArray{
&nsxt.PolicyPredefinedSecurityPolicyTagArgs{
Scope: pulumi.String("color"),
Tag: pulumi.String("orange"),
},
},
Rules: nsxt.PolicyPredefinedSecurityPolicyRuleArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_icmp"),
DestinationGroups: pulumi.StringArray{
nsxt_policy_group.Cats.Path,
nsxt_policy_group.Dogs.Path,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Icmp.Path,
},
Logged: pulumi.Bool(true),
},
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_udp"),
SourceGroups: pulumi.StringArray{
nsxt_policy_group.Fish.Path,
},
SourcesExcluded: pulumi.Bool(true),
Scopes: pulumi.StringArray{
nsxt_policy_group.Aquarium.Path,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Udp.Path,
},
Logged: pulumi.Bool(true),
Disabled: pulumi.Bool(true),
},
},
DefaultRule: &nsxt.PolicyPredefinedSecurityPolicyDefaultRuleArgs{
Action: pulumi.String("DROP"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var defaultL3 = Nsxt.GetPolicySecurityPolicy.Invoke(new()
{
IsDefault = true,
Category = "Application",
});
var test = new Nsxt.PolicyPredefinedSecurityPolicy("test", new()
{
Path = defaultL3.Apply(getPolicySecurityPolicyResult => getPolicySecurityPolicyResult.Path),
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyTagArgs
{
Scope = "color",
Tag = "orange",
},
},
Rules = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_icmp",
DestinationGroups = new[]
{
nsxt_policy_group.Cats.Path,
nsxt_policy_group.Dogs.Path,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Icmp.Path,
},
Logged = true,
},
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_udp",
SourceGroups = new[]
{
nsxt_policy_group.Fish.Path,
},
SourcesExcluded = true,
Scopes = new[]
{
nsxt_policy_group.Aquarium.Path,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Udp.Path,
},
Logged = true,
Disabled = true,
},
},
DefaultRule = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs
{
Action = "DROP",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicySecurityPolicyArgs;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicy;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicyArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyTagArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyRuleArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var defaultL3 = NsxtFunctions.getPolicySecurityPolicy(GetPolicySecurityPolicyArgs.builder()
.isDefault(true)
.category("Application")
.build());
var test = new PolicyPredefinedSecurityPolicy("test", PolicyPredefinedSecurityPolicyArgs.builder()
.path(defaultL3.applyValue(getPolicySecurityPolicyResult -> getPolicySecurityPolicyResult.path()))
.tags(PolicyPredefinedSecurityPolicyTagArgs.builder()
.scope("color")
.tag("orange")
.build())
.rules(
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_icmp")
.destinationGroups(
nsxt_policy_group.cats().path(),
nsxt_policy_group.dogs().path())
.action("ALLOW")
.services(nsxt_policy_service.icmp().path())
.logged(true)
.build(),
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_udp")
.sourceGroups(nsxt_policy_group.fish().path())
.sourcesExcluded(true)
.scopes(nsxt_policy_group.aquarium().path())
.action("ALLOW")
.services(nsxt_policy_service.udp().path())
.logged(true)
.disabled(true)
.build())
.defaultRule(PolicyPredefinedSecurityPolicyDefaultRuleArgs.builder()
.action("DROP")
.build())
.build());
}
}
resources:
test:
type: nsxt:PolicyPredefinedSecurityPolicy
properties:
path: ${defaultL3.path}
tags:
- scope: color
tag: orange
rules:
- displayName: allow_icmp
destinationGroups:
- ${nsxt_policy_group.cats.path}
- ${nsxt_policy_group.dogs.path}
action: ALLOW
services:
- ${nsxt_policy_service.icmp.path}
logged: true
- displayName: allow_udp
sourceGroups:
- ${nsxt_policy_group.fish.path}
sourcesExcluded: true
scopes:
- ${nsxt_policy_group.aquarium.path}
action: ALLOW
services:
- ${nsxt_policy_service.udp.path}
logged: true
disabled: true
defaultRule:
action: DROP
variables:
defaultL3:
fn::invoke:
function: nsxt:getPolicySecurityPolicy
arguments:
isDefault: true
category: Application
Multi-Tenancy
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
const demoproj = nsxt.getPolicyProject({
displayName: "demoproj",
});
const defaultL3 = nsxt.getPolicySecurityPolicy({
isDefault: true,
category: "Application",
});
const test = new nsxt.PolicyPredefinedSecurityPolicy("test", {
context: {
projectId: demoproj.then(demoproj => demoproj.id),
},
path: defaultL3.then(defaultL3 => defaultL3.path),
tags: [{
scope: "color",
tag: "orange",
}],
rules: [
{
displayName: "allow_icmp",
destinationGroups: [
nsxt_policy_group.cats.path,
nsxt_policy_group.dogs.path,
],
action: "ALLOW",
services: [nsxt_policy_service.icmp.path],
logged: true,
},
{
displayName: "allow_udp",
sourceGroups: [nsxt_policy_group.fish.path],
sourcesExcluded: true,
scopes: [nsxt_policy_group.aquarium.path],
action: "ALLOW",
services: [nsxt_policy_service.udp.path],
logged: true,
disabled: true,
},
],
defaultRule: {
action: "DROP",
},
});
import pulumi
import pulumi_nsxt as nsxt
demoproj = nsxt.get_policy_project(display_name="demoproj")
default_l3 = nsxt.get_policy_security_policy(is_default=True,
category="Application")
test = nsxt.PolicyPredefinedSecurityPolicy("test",
context={
"project_id": demoproj.id,
},
path=default_l3.path,
tags=[{
"scope": "color",
"tag": "orange",
}],
rules=[
{
"display_name": "allow_icmp",
"destination_groups": [
nsxt_policy_group["cats"]["path"],
nsxt_policy_group["dogs"]["path"],
],
"action": "ALLOW",
"services": [nsxt_policy_service["icmp"]["path"]],
"logged": True,
},
{
"display_name": "allow_udp",
"source_groups": [nsxt_policy_group["fish"]["path"]],
"sources_excluded": True,
"scopes": [nsxt_policy_group["aquarium"]["path"]],
"action": "ALLOW",
"services": [nsxt_policy_service["udp"]["path"]],
"logged": True,
"disabled": True,
},
],
default_rule={
"action": "DROP",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/nsxt/v3/nsxt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
demoproj, err := nsxt.LookupPolicyProject(ctx, &nsxt.LookupPolicyProjectArgs{
DisplayName: pulumi.StringRef("demoproj"),
}, nil)
if err != nil {
return err
}
defaultL3, err := nsxt.LookupPolicySecurityPolicy(ctx, &nsxt.LookupPolicySecurityPolicyArgs{
IsDefault: pulumi.BoolRef(true),
Category: pulumi.StringRef("Application"),
}, nil)
if err != nil {
return err
}
_, err = nsxt.NewPolicyPredefinedSecurityPolicy(ctx, "test", &nsxt.PolicyPredefinedSecurityPolicyArgs{
Context: &nsxt.PolicyPredefinedSecurityPolicyContextArgs{
ProjectId: pulumi.String(demoproj.Id),
},
Path: pulumi.String(defaultL3.Path),
Tags: nsxt.PolicyPredefinedSecurityPolicyTagArray{
&nsxt.PolicyPredefinedSecurityPolicyTagArgs{
Scope: pulumi.String("color"),
Tag: pulumi.String("orange"),
},
},
Rules: nsxt.PolicyPredefinedSecurityPolicyRuleArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_icmp"),
DestinationGroups: pulumi.StringArray{
nsxt_policy_group.Cats.Path,
nsxt_policy_group.Dogs.Path,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Icmp.Path,
},
Logged: pulumi.Bool(true),
},
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("allow_udp"),
SourceGroups: pulumi.StringArray{
nsxt_policy_group.Fish.Path,
},
SourcesExcluded: pulumi.Bool(true),
Scopes: pulumi.StringArray{
nsxt_policy_group.Aquarium.Path,
},
Action: pulumi.String("ALLOW"),
Services: pulumi.StringArray{
nsxt_policy_service.Udp.Path,
},
Logged: pulumi.Bool(true),
Disabled: pulumi.Bool(true),
},
},
DefaultRule: &nsxt.PolicyPredefinedSecurityPolicyDefaultRuleArgs{
Action: pulumi.String("DROP"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
var demoproj = Nsxt.GetPolicyProject.Invoke(new()
{
DisplayName = "demoproj",
});
var defaultL3 = Nsxt.GetPolicySecurityPolicy.Invoke(new()
{
IsDefault = true,
Category = "Application",
});
var test = new Nsxt.PolicyPredefinedSecurityPolicy("test", new()
{
Context = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyContextArgs
{
ProjectId = demoproj.Apply(getPolicyProjectResult => getPolicyProjectResult.Id),
},
Path = defaultL3.Apply(getPolicySecurityPolicyResult => getPolicySecurityPolicyResult.Path),
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyTagArgs
{
Scope = "color",
Tag = "orange",
},
},
Rules = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_icmp",
DestinationGroups = new[]
{
nsxt_policy_group.Cats.Path,
nsxt_policy_group.Dogs.Path,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Icmp.Path,
},
Logged = true,
},
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "allow_udp",
SourceGroups = new[]
{
nsxt_policy_group.Fish.Path,
},
SourcesExcluded = true,
Scopes = new[]
{
nsxt_policy_group.Aquarium.Path,
},
Action = "ALLOW",
Services = new[]
{
nsxt_policy_service.Udp.Path,
},
Logged = true,
Disabled = true,
},
},
DefaultRule = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs
{
Action = "DROP",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nsxt.NsxtFunctions;
import com.pulumi.nsxt.inputs.GetPolicyProjectArgs;
import com.pulumi.nsxt.inputs.GetPolicySecurityPolicyArgs;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicy;
import com.pulumi.nsxt.PolicyPredefinedSecurityPolicyArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyContextArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyTagArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyRuleArgs;
import com.pulumi.nsxt.inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var demoproj = NsxtFunctions.getPolicyProject(GetPolicyProjectArgs.builder()
.displayName("demoproj")
.build());
final var defaultL3 = NsxtFunctions.getPolicySecurityPolicy(GetPolicySecurityPolicyArgs.builder()
.isDefault(true)
.category("Application")
.build());
var test = new PolicyPredefinedSecurityPolicy("test", PolicyPredefinedSecurityPolicyArgs.builder()
.context(PolicyPredefinedSecurityPolicyContextArgs.builder()
.projectId(demoproj.applyValue(getPolicyProjectResult -> getPolicyProjectResult.id()))
.build())
.path(defaultL3.applyValue(getPolicySecurityPolicyResult -> getPolicySecurityPolicyResult.path()))
.tags(PolicyPredefinedSecurityPolicyTagArgs.builder()
.scope("color")
.tag("orange")
.build())
.rules(
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_icmp")
.destinationGroups(
nsxt_policy_group.cats().path(),
nsxt_policy_group.dogs().path())
.action("ALLOW")
.services(nsxt_policy_service.icmp().path())
.logged(true)
.build(),
PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("allow_udp")
.sourceGroups(nsxt_policy_group.fish().path())
.sourcesExcluded(true)
.scopes(nsxt_policy_group.aquarium().path())
.action("ALLOW")
.services(nsxt_policy_service.udp().path())
.logged(true)
.disabled(true)
.build())
.defaultRule(PolicyPredefinedSecurityPolicyDefaultRuleArgs.builder()
.action("DROP")
.build())
.build());
}
}
resources:
test:
type: nsxt:PolicyPredefinedSecurityPolicy
properties:
context:
projectId: ${demoproj.id}
path: ${defaultL3.path}
tags:
- scope: color
tag: orange
rules:
- displayName: allow_icmp
destinationGroups:
- ${nsxt_policy_group.cats.path}
- ${nsxt_policy_group.dogs.path}
action: ALLOW
services:
- ${nsxt_policy_service.icmp.path}
logged: true
- displayName: allow_udp
sourceGroups:
- ${nsxt_policy_group.fish.path}
sourcesExcluded: true
scopes:
- ${nsxt_policy_group.aquarium.path}
action: ALLOW
services:
- ${nsxt_policy_service.udp.path}
logged: true
disabled: true
defaultRule:
action: DROP
variables:
demoproj:
fn::invoke:
function: nsxt:getPolicyProject
arguments:
displayName: demoproj
defaultL3:
fn::invoke:
function: nsxt:getPolicySecurityPolicy
arguments:
isDefault: true
category: Application
Create PolicyPredefinedSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyPredefinedSecurityPolicy(name: string, args: PolicyPredefinedSecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def PolicyPredefinedSecurityPolicy(resource_name: str,
args: PolicyPredefinedSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyPredefinedSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
path: Optional[str] = None,
context: Optional[PolicyPredefinedSecurityPolicyContextArgs] = None,
default_rule: Optional[PolicyPredefinedSecurityPolicyDefaultRuleArgs] = None,
description: Optional[str] = None,
policy_predefined_security_policy_id: Optional[str] = None,
rules: Optional[Sequence[PolicyPredefinedSecurityPolicyRuleArgs]] = None,
tags: Optional[Sequence[PolicyPredefinedSecurityPolicyTagArgs]] = None)func NewPolicyPredefinedSecurityPolicy(ctx *Context, name string, args PolicyPredefinedSecurityPolicyArgs, opts ...ResourceOption) (*PolicyPredefinedSecurityPolicy, error)public PolicyPredefinedSecurityPolicy(string name, PolicyPredefinedSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public PolicyPredefinedSecurityPolicy(String name, PolicyPredefinedSecurityPolicyArgs args)
public PolicyPredefinedSecurityPolicy(String name, PolicyPredefinedSecurityPolicyArgs args, CustomResourceOptions options)
type: nsxt:PolicyPredefinedSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyPredefinedSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyPredefinedSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyPredefinedSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyPredefinedSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyPredefinedSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyPredefinedSecurityPolicyResource = new Nsxt.PolicyPredefinedSecurityPolicy("policyPredefinedSecurityPolicyResource", new()
{
Path = "string",
Context = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyContextArgs
{
ProjectId = "string",
},
DefaultRule = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleArgs
{
Action = "string",
Context = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleContextArgs
{
ProjectId = "string",
},
Description = "string",
LogLabel = "string",
Logged = false,
NsxId = "string",
Path = "string",
Revision = 0,
Scope = "string",
SequenceNumber = 0,
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyDefaultRuleTagArgs
{
Scope = "string",
Tag = "string",
},
},
},
Description = "string",
PolicyPredefinedSecurityPolicyId = "string",
Rules = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleArgs
{
DisplayName = "string",
Notes = "string",
Path = "string",
DestinationsExcluded = false,
Direction = "string",
Disabled = false,
Description = "string",
IpVersion = "string",
LogLabel = "string",
Logged = false,
Profiles = new[]
{
"string",
},
DestinationGroups = new[]
{
"string",
},
NsxId = "string",
Action = "string",
Revision = 0,
RuleId = 0,
Scopes = new[]
{
"string",
},
SequenceNumber = 0,
ServiceEntries = new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesArgs
{
AlgorithmEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntryArgs
{
Algorithm = "string",
DestinationPort = "string",
Description = "string",
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
EtherTypeEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntryArgs
{
EtherType = 0,
Description = "string",
DisplayName = "string",
},
},
IcmpEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntryArgs
{
Protocol = "string",
Description = "string",
DisplayName = "string",
IcmpCode = "string",
IcmpType = "string",
},
},
IgmpEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntryArgs
{
Description = "string",
DisplayName = "string",
},
},
IpProtocolEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntryArgs
{
Protocol = 0,
Description = "string",
DisplayName = "string",
},
},
L4PortSetEntries = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntryArgs
{
Protocol = "string",
Description = "string",
DestinationPorts = new[]
{
"string",
},
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
},
Services = new[]
{
"string",
},
SourceGroups = new[]
{
"string",
},
SourcesExcluded = false,
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyRuleTagArgs
{
Scope = "string",
Tag = "string",
},
},
},
},
Tags = new[]
{
new Nsxt.Inputs.PolicyPredefinedSecurityPolicyTagArgs
{
Scope = "string",
Tag = "string",
},
},
});
example, err := nsxt.NewPolicyPredefinedSecurityPolicy(ctx, "policyPredefinedSecurityPolicyResource", &nsxt.PolicyPredefinedSecurityPolicyArgs{
Path: pulumi.String("string"),
Context: &nsxt.PolicyPredefinedSecurityPolicyContextArgs{
ProjectId: pulumi.String("string"),
},
DefaultRule: &nsxt.PolicyPredefinedSecurityPolicyDefaultRuleArgs{
Action: pulumi.String("string"),
Context: &nsxt.PolicyPredefinedSecurityPolicyDefaultRuleContextArgs{
ProjectId: pulumi.String("string"),
},
Description: pulumi.String("string"),
LogLabel: pulumi.String("string"),
Logged: pulumi.Bool(false),
NsxId: pulumi.String("string"),
Path: pulumi.String("string"),
Revision: pulumi.Float64(0),
Scope: pulumi.String("string"),
SequenceNumber: pulumi.Float64(0),
Tags: nsxt.PolicyPredefinedSecurityPolicyDefaultRuleTagArray{
&nsxt.PolicyPredefinedSecurityPolicyDefaultRuleTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
PolicyPredefinedSecurityPolicyId: pulumi.String("string"),
Rules: nsxt.PolicyPredefinedSecurityPolicyRuleArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleArgs{
DisplayName: pulumi.String("string"),
Notes: pulumi.String("string"),
Path: pulumi.String("string"),
DestinationsExcluded: pulumi.Bool(false),
Direction: pulumi.String("string"),
Disabled: pulumi.Bool(false),
Description: pulumi.String("string"),
IpVersion: pulumi.String("string"),
LogLabel: pulumi.String("string"),
Logged: pulumi.Bool(false),
Profiles: pulumi.StringArray{
pulumi.String("string"),
},
DestinationGroups: pulumi.StringArray{
pulumi.String("string"),
},
NsxId: pulumi.String("string"),
Action: pulumi.String("string"),
Revision: pulumi.Float64(0),
RuleId: pulumi.Float64(0),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SequenceNumber: pulumi.Float64(0),
ServiceEntries: &nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesArgs{
AlgorithmEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntryArgs{
Algorithm: pulumi.String("string"),
DestinationPort: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EtherTypeEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntryArgs{
EtherType: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IcmpEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
IcmpCode: pulumi.String("string"),
IcmpType: pulumi.String("string"),
},
},
IgmpEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntryArgs{
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IpProtocolEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntryArgs{
Protocol: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
L4PortSetEntries: nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntryArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceGroups: pulumi.StringArray{
pulumi.String("string"),
},
SourcesExcluded: pulumi.Bool(false),
Tags: nsxt.PolicyPredefinedSecurityPolicyRuleTagArray{
&nsxt.PolicyPredefinedSecurityPolicyRuleTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
},
},
Tags: nsxt.PolicyPredefinedSecurityPolicyTagArray{
&nsxt.PolicyPredefinedSecurityPolicyTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
})
var policyPredefinedSecurityPolicyResource = new PolicyPredefinedSecurityPolicy("policyPredefinedSecurityPolicyResource", PolicyPredefinedSecurityPolicyArgs.builder()
.path("string")
.context(PolicyPredefinedSecurityPolicyContextArgs.builder()
.projectId("string")
.build())
.defaultRule(PolicyPredefinedSecurityPolicyDefaultRuleArgs.builder()
.action("string")
.context(PolicyPredefinedSecurityPolicyDefaultRuleContextArgs.builder()
.projectId("string")
.build())
.description("string")
.logLabel("string")
.logged(false)
.nsxId("string")
.path("string")
.revision(0)
.scope("string")
.sequenceNumber(0)
.tags(PolicyPredefinedSecurityPolicyDefaultRuleTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build())
.description("string")
.policyPredefinedSecurityPolicyId("string")
.rules(PolicyPredefinedSecurityPolicyRuleArgs.builder()
.displayName("string")
.notes("string")
.path("string")
.destinationsExcluded(false)
.direction("string")
.disabled(false)
.description("string")
.ipVersion("string")
.logLabel("string")
.logged(false)
.profiles("string")
.destinationGroups("string")
.nsxId("string")
.action("string")
.revision(0)
.ruleId(0)
.scopes("string")
.sequenceNumber(0)
.serviceEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesArgs.builder()
.algorithmEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntryArgs.builder()
.algorithm("string")
.destinationPort("string")
.description("string")
.displayName("string")
.sourcePorts("string")
.build())
.etherTypeEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntryArgs.builder()
.etherType(0)
.description("string")
.displayName("string")
.build())
.icmpEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntryArgs.builder()
.protocol("string")
.description("string")
.displayName("string")
.icmpCode("string")
.icmpType("string")
.build())
.igmpEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntryArgs.builder()
.description("string")
.displayName("string")
.build())
.ipProtocolEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntryArgs.builder()
.protocol(0)
.description("string")
.displayName("string")
.build())
.l4PortSetEntries(PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntryArgs.builder()
.protocol("string")
.description("string")
.destinationPorts("string")
.displayName("string")
.sourcePorts("string")
.build())
.build())
.services("string")
.sourceGroups("string")
.sourcesExcluded(false)
.tags(PolicyPredefinedSecurityPolicyRuleTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build())
.tags(PolicyPredefinedSecurityPolicyTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build());
policy_predefined_security_policy_resource = nsxt.PolicyPredefinedSecurityPolicy("policyPredefinedSecurityPolicyResource",
path="string",
context={
"project_id": "string",
},
default_rule={
"action": "string",
"context": {
"project_id": "string",
},
"description": "string",
"log_label": "string",
"logged": False,
"nsx_id": "string",
"path": "string",
"revision": 0,
"scope": "string",
"sequence_number": 0,
"tags": [{
"scope": "string",
"tag": "string",
}],
},
description="string",
policy_predefined_security_policy_id="string",
rules=[{
"display_name": "string",
"notes": "string",
"path": "string",
"destinations_excluded": False,
"direction": "string",
"disabled": False,
"description": "string",
"ip_version": "string",
"log_label": "string",
"logged": False,
"profiles": ["string"],
"destination_groups": ["string"],
"nsx_id": "string",
"action": "string",
"revision": 0,
"rule_id": 0,
"scopes": ["string"],
"sequence_number": 0,
"service_entries": {
"algorithm_entries": [{
"algorithm": "string",
"destination_port": "string",
"description": "string",
"display_name": "string",
"source_ports": ["string"],
}],
"ether_type_entries": [{
"ether_type": 0,
"description": "string",
"display_name": "string",
}],
"icmp_entries": [{
"protocol": "string",
"description": "string",
"display_name": "string",
"icmp_code": "string",
"icmp_type": "string",
}],
"igmp_entries": [{
"description": "string",
"display_name": "string",
}],
"ip_protocol_entries": [{
"protocol": 0,
"description": "string",
"display_name": "string",
}],
"l4_port_set_entries": [{
"protocol": "string",
"description": "string",
"destination_ports": ["string"],
"display_name": "string",
"source_ports": ["string"],
}],
},
"services": ["string"],
"source_groups": ["string"],
"sources_excluded": False,
"tags": [{
"scope": "string",
"tag": "string",
}],
}],
tags=[{
"scope": "string",
"tag": "string",
}])
const policyPredefinedSecurityPolicyResource = new nsxt.PolicyPredefinedSecurityPolicy("policyPredefinedSecurityPolicyResource", {
path: "string",
context: {
projectId: "string",
},
defaultRule: {
action: "string",
context: {
projectId: "string",
},
description: "string",
logLabel: "string",
logged: false,
nsxId: "string",
path: "string",
revision: 0,
scope: "string",
sequenceNumber: 0,
tags: [{
scope: "string",
tag: "string",
}],
},
description: "string",
policyPredefinedSecurityPolicyId: "string",
rules: [{
displayName: "string",
notes: "string",
path: "string",
destinationsExcluded: false,
direction: "string",
disabled: false,
description: "string",
ipVersion: "string",
logLabel: "string",
logged: false,
profiles: ["string"],
destinationGroups: ["string"],
nsxId: "string",
action: "string",
revision: 0,
ruleId: 0,
scopes: ["string"],
sequenceNumber: 0,
serviceEntries: {
algorithmEntries: [{
algorithm: "string",
destinationPort: "string",
description: "string",
displayName: "string",
sourcePorts: ["string"],
}],
etherTypeEntries: [{
etherType: 0,
description: "string",
displayName: "string",
}],
icmpEntries: [{
protocol: "string",
description: "string",
displayName: "string",
icmpCode: "string",
icmpType: "string",
}],
igmpEntries: [{
description: "string",
displayName: "string",
}],
ipProtocolEntries: [{
protocol: 0,
description: "string",
displayName: "string",
}],
l4PortSetEntries: [{
protocol: "string",
description: "string",
destinationPorts: ["string"],
displayName: "string",
sourcePorts: ["string"],
}],
},
services: ["string"],
sourceGroups: ["string"],
sourcesExcluded: false,
tags: [{
scope: "string",
tag: "string",
}],
}],
tags: [{
scope: "string",
tag: "string",
}],
});
type: nsxt:PolicyPredefinedSecurityPolicy
properties:
context:
projectId: string
defaultRule:
action: string
context:
projectId: string
description: string
logLabel: string
logged: false
nsxId: string
path: string
revision: 0
scope: string
sequenceNumber: 0
tags:
- scope: string
tag: string
description: string
path: string
policyPredefinedSecurityPolicyId: string
rules:
- action: string
description: string
destinationGroups:
- string
destinationsExcluded: false
direction: string
disabled: false
displayName: string
ipVersion: string
logLabel: string
logged: false
notes: string
nsxId: string
path: string
profiles:
- string
revision: 0
ruleId: 0
scopes:
- string
sequenceNumber: 0
serviceEntries:
algorithmEntries:
- algorithm: string
description: string
destinationPort: string
displayName: string
sourcePorts:
- string
etherTypeEntries:
- description: string
displayName: string
etherType: 0
icmpEntries:
- description: string
displayName: string
icmpCode: string
icmpType: string
protocol: string
igmpEntries:
- description: string
displayName: string
ipProtocolEntries:
- description: string
displayName: string
protocol: 0
l4PortSetEntries:
- description: string
destinationPorts:
- string
displayName: string
protocol: string
sourcePorts:
- string
services:
- string
sourceGroups:
- string
sourcesExcluded: false
tags:
- scope: string
tag: string
tags:
- scope: string
tag: string
PolicyPredefinedSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyPredefinedSecurityPolicy resource accepts the following input properties:
- Path string
- Policy path for the predefined Security Policy to modify.
- Context
Policy
Predefined Security Policy Context - The context which the object belongs to
- Default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - Description string
- Description of the resource.
- Policy
Predefined stringSecurity Policy Id - Rules
List<Policy
Predefined Security Policy Rule> - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
List<Policy
Predefined Security Policy Tag> - A list of scope + tag pairs to associate with this Security Policy.
- Path string
- Policy path for the predefined Security Policy to modify.
- Context
Policy
Predefined Security Policy Context Args - The context which the object belongs to
- Default
Rule PolicyPredefined Security Policy Default Rule Args - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - Description string
- Description of the resource.
- Policy
Predefined stringSecurity Policy Id - Rules
[]Policy
Predefined Security Policy Rule Args - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
[]Policy
Predefined Security Policy Tag Args - A list of scope + tag pairs to associate with this Security Policy.
- path String
- Policy path for the predefined Security Policy to modify.
- context
Policy
Predefined Security Policy Context - The context which the object belongs to
- default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description String
- Description of the resource.
- policy
Predefined StringSecurity Policy Id - rules
List<Policy
Predefined Security Policy Rule> - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
List<Policy
Predefined Security Policy Tag> - A list of scope + tag pairs to associate with this Security Policy.
- path string
- Policy path for the predefined Security Policy to modify.
- context
Policy
Predefined Security Policy Context - The context which the object belongs to
- default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description string
- Description of the resource.
- policy
Predefined stringSecurity Policy Id - rules
Policy
Predefined Security Policy Rule[] - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
Policy
Predefined Security Policy Tag[] - A list of scope + tag pairs to associate with this Security Policy.
- path str
- Policy path for the predefined Security Policy to modify.
- context
Policy
Predefined Security Policy Context Args - The context which the object belongs to
- default_
rule PolicyPredefined Security Policy Default Rule Args - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description str
- Description of the resource.
- policy_
predefined_ strsecurity_ policy_ id - rules
Sequence[Policy
Predefined Security Policy Rule Args] - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
Sequence[Policy
Predefined Security Policy Tag Args] - A list of scope + tag pairs to associate with this Security Policy.
- path String
- Policy path for the predefined Security Policy to modify.
- context Property Map
- The context which the object belongs to
- default
Rule Property Map - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description String
- Description of the resource.
- policy
Predefined StringSecurity Policy Id - rules List<Property Map>
- A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
- List<Property Map>
- A list of scope + tag pairs to associate with this Security Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyPredefinedSecurityPolicy resource produces the following output properties:
Look up Existing PolicyPredefinedSecurityPolicy Resource
Get an existing PolicyPredefinedSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyPredefinedSecurityPolicyState, opts?: CustomResourceOptions): PolicyPredefinedSecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
context: Optional[PolicyPredefinedSecurityPolicyContextArgs] = None,
default_rule: Optional[PolicyPredefinedSecurityPolicyDefaultRuleArgs] = None,
description: Optional[str] = None,
path: Optional[str] = None,
policy_predefined_security_policy_id: Optional[str] = None,
revision: Optional[float] = None,
rules: Optional[Sequence[PolicyPredefinedSecurityPolicyRuleArgs]] = None,
tags: Optional[Sequence[PolicyPredefinedSecurityPolicyTagArgs]] = None) -> PolicyPredefinedSecurityPolicyfunc GetPolicyPredefinedSecurityPolicy(ctx *Context, name string, id IDInput, state *PolicyPredefinedSecurityPolicyState, opts ...ResourceOption) (*PolicyPredefinedSecurityPolicy, error)public static PolicyPredefinedSecurityPolicy Get(string name, Input<string> id, PolicyPredefinedSecurityPolicyState? state, CustomResourceOptions? opts = null)public static PolicyPredefinedSecurityPolicy get(String name, Output<String> id, PolicyPredefinedSecurityPolicyState state, CustomResourceOptions options)resources: _: type: nsxt:PolicyPredefinedSecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Context
Policy
Predefined Security Policy Context - The context which the object belongs to
- Default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - Description string
- Description of the resource.
- Path string
- Policy path for the predefined Security Policy to modify.
- Policy
Predefined stringSecurity Policy Id - Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rules
List<Policy
Predefined Security Policy Rule> - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
List<Policy
Predefined Security Policy Tag> - A list of scope + tag pairs to associate with this Security Policy.
- Context
Policy
Predefined Security Policy Context Args - The context which the object belongs to
- Default
Rule PolicyPredefined Security Policy Default Rule Args - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - Description string
- Description of the resource.
- Path string
- Policy path for the predefined Security Policy to modify.
- Policy
Predefined stringSecurity Policy Id - Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rules
[]Policy
Predefined Security Policy Rule Args - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
[]Policy
Predefined Security Policy Tag Args - A list of scope + tag pairs to associate with this Security Policy.
- context
Policy
Predefined Security Policy Context - The context which the object belongs to
- default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description String
- Description of the resource.
- path String
- Policy path for the predefined Security Policy to modify.
- policy
Predefined StringSecurity Policy Id - revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
List<Policy
Predefined Security Policy Rule> - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
List<Policy
Predefined Security Policy Tag> - A list of scope + tag pairs to associate with this Security Policy.
- context
Policy
Predefined Security Policy Context - The context which the object belongs to
- default
Rule PolicyPredefined Security Policy Default Rule - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description string
- Description of the resource.
- path string
- Policy path for the predefined Security Policy to modify.
- policy
Predefined stringSecurity Policy Id - revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
Policy
Predefined Security Policy Rule[] - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
Policy
Predefined Security Policy Tag[] - A list of scope + tag pairs to associate with this Security Policy.
- context
Policy
Predefined Security Policy Context Args - The context which the object belongs to
- default_
rule PolicyPredefined Security Policy Default Rule Args - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description str
- Description of the resource.
- path str
- Policy path for the predefined Security Policy to modify.
- policy_
predefined_ strsecurity_ policy_ id - revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
Sequence[Policy
Predefined Security Policy Rule Args] - A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
-
Sequence[Policy
Predefined Security Policy Tag Args] - A list of scope + tag pairs to associate with this Security Policy.
- context Property Map
- The context which the object belongs to
- default
Rule Property Map - A repeatable block to modify default rules for the Security Policy in a
DEFAULTcategory. Each rule includes the following fields: - description String
- Description of the resource.
- path String
- Policy path for the predefined Security Policy to modify.
- policy
Predefined StringSecurity Policy Id - revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules List<Property Map>
- A repeatable block to specify rules for the Security Policy. This setting is applicable to non-Default policies only. Each rule includes the following fields:
- List<Property Map>
- A list of scope + tag pairs to associate with this Security Policy.
Supporting Types
PolicyPredefinedSecurityPolicyContext, PolicyPredefinedSecurityPolicyContextArgs
- Project
Id string - The ID of the project which the object belongs to
- Project
Id string - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
- project
Id string - The ID of the project which the object belongs to
- project_
id str - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
PolicyPredefinedSecurityPolicyDefaultRule, PolicyPredefinedSecurityPolicyDefaultRuleArgs
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - Context
Policy
Predefined Security Policy Default Rule Context - The context which the object belongs to
- Description string
- Description of the resource.
- Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Nsx
Id string - NSX ID for this resource
- Path string
- Policy path for the predefined Security Policy to modify.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Scope string
- Scope for this rule
- Sequence
Number double - Sequence number of the this rule, is defined by order of rules in the list.
-
List<Policy
Predefined Security Policy Default Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - Context
Policy
Predefined Security Policy Default Rule Context - The context which the object belongs to
- Description string
- Description of the resource.
- Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Nsx
Id string - NSX ID for this resource
- Path string
- Policy path for the predefined Security Policy to modify.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Scope string
- Scope for this rule
- Sequence
Number float64 - Sequence number of the this rule, is defined by order of rules in the list.
-
[]Policy
Predefined Security Policy Default Rule Tag - A list of scope + tag pairs to associate with this Rule.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - context
Policy
Predefined Security Policy Default Rule Context - The context which the object belongs to
- description String
- Description of the resource.
- log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- nsx
Id String - NSX ID for this resource
- path String
- Policy path for the predefined Security Policy to modify.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- scope String
- Scope for this rule
- sequence
Number Double - Sequence number of the this rule, is defined by order of rules in the list.
-
List<Policy
Predefined Security Policy Default Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - context
Policy
Predefined Security Policy Default Rule Context - The context which the object belongs to
- description string
- Description of the resource.
- log
Label string - Additional information (string) which will be propagated to the rule syslog.
- logged boolean
- A boolean flag to enable packet logging.
- nsx
Id string - NSX ID for this resource
- path string
- Policy path for the predefined Security Policy to modify.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- scope string
- Scope for this rule
- sequence
Number number - Sequence number of the this rule, is defined by order of rules in the list.
-
Policy
Predefined Security Policy Default Rule Tag[] - A list of scope + tag pairs to associate with this Rule.
- action str
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - context
Policy
Predefined Security Policy Default Rule Context - The context which the object belongs to
- description str
- Description of the resource.
- log_
label str - Additional information (string) which will be propagated to the rule syslog.
- logged bool
- A boolean flag to enable packet logging.
- nsx_
id str - NSX ID for this resource
- path str
- Policy path for the predefined Security Policy to modify.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- scope str
- Scope for this rule
- sequence_
number float - Sequence number of the this rule, is defined by order of rules in the list.
-
Sequence[Policy
Predefined Security Policy Default Rule Tag] - A list of scope + tag pairs to associate with this Rule.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Note thatREJECTaction is not applicable for L2 policy. - context Property Map
- The context which the object belongs to
- description String
- Description of the resource.
- log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- nsx
Id String - NSX ID for this resource
- path String
- Policy path for the predefined Security Policy to modify.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- scope String
- Scope for this rule
- sequence
Number Number - Sequence number of the this rule, is defined by order of rules in the list.
- List<Property Map>
- A list of scope + tag pairs to associate with this Rule.
PolicyPredefinedSecurityPolicyDefaultRuleContext, PolicyPredefinedSecurityPolicyDefaultRuleContextArgs
- Project
Id string - The ID of the project which the object belongs to
- Project
Id string - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
- project
Id string - The ID of the project which the object belongs to
- project_
id str - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
PolicyPredefinedSecurityPolicyDefaultRuleTag, PolicyPredefinedSecurityPolicyDefaultRuleTagArgs
PolicyPredefinedSecurityPolicyRule, PolicyPredefinedSecurityPolicyRuleArgs
- Display
Name string - Display name of the resource.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - Description string
- Description of the resource.
- Destination
Groups List<string> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Path string
- Policy path for the predefined Security Policy to modify.
- Profiles List<string>
- A list of profiles for the rule.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id double - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes List<string>
- List of policy paths where the rule is applied.
- Sequence
Number double - Sequence number of the this rule, is defined by order of rules in the list.
- Service
Entries PolicyPredefined Security Policy Rule Service Entries - List of services to match
- Services List<string>
- List of services to match.
- Source
Groups List<string> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
List<Policy
Predefined Security Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- Display
Name string - Display name of the resource.
- Action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - Description string
- Description of the resource.
- Destination
Groups []string - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Destinations
Excluded bool - A boolean value indicating negation of destination groups.
- Direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog.
- Logged bool
- A boolean flag to enable packet logging.
- Notes string
- Text for additional notes on changes for the rule.
- Nsx
Id string - NSX ID for this resource
- Path string
- Policy path for the predefined Security Policy to modify.
- Profiles []string
- A list of profiles for the rule.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id float64 - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes []string
- List of policy paths where the rule is applied.
- Sequence
Number float64 - Sequence number of the this rule, is defined by order of rules in the list.
- Service
Entries PolicyPredefined Security Policy Rule Service Entries - List of services to match
- Services []string
- List of services to match.
- Source
Groups []string - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- Sources
Excluded bool - Negation of source groups
-
[]Policy
Predefined Security Policy Rule Tag - A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- path String
- Policy path for the predefined Security Policy to modify.
- profiles List<String>
- A list of profiles for the rule.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Double - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy paths where the rule is applied.
- sequence
Number Double - Sequence number of the this rule, is defined by order of rules in the list.
- service
Entries PolicyPredefined Security Policy Rule Service Entries - List of services to match
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
-
List<Policy
Predefined Security Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- display
Name string - Display name of the resource.
- action string
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - description string
- Description of the resource.
- destination
Groups string[] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded boolean - A boolean value indicating negation of destination groups.
- direction string
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label string - Additional information (string) which will be propagated to the rule syslog.
- logged boolean
- A boolean flag to enable packet logging.
- notes string
- Text for additional notes on changes for the rule.
- nsx
Id string - NSX ID for this resource
- path string
- Policy path for the predefined Security Policy to modify.
- profiles string[]
- A list of profiles for the rule.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes string[]
- List of policy paths where the rule is applied.
- sequence
Number number - Sequence number of the this rule, is defined by order of rules in the list.
- service
Entries PolicyPredefined Security Policy Rule Service Entries - List of services to match
- services string[]
- List of services to match.
- source
Groups string[] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded boolean - Negation of source groups
-
Policy
Predefined Security Policy Rule Tag[] - A list of scope + tag pairs to associate with this Rule.
- display_
name str - Display name of the resource.
- action str
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - description str
- Description of the resource.
- destination_
groups Sequence[str] - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations_
excluded bool - A boolean value indicating negation of destination groups.
- direction str
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled bool
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip_
version str - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log_
label str - Additional information (string) which will be propagated to the rule syslog.
- logged bool
- A boolean flag to enable packet logging.
- notes str
- Text for additional notes on changes for the rule.
- nsx_
id str - NSX ID for this resource
- path str
- Policy path for the predefined Security Policy to modify.
- profiles Sequence[str]
- A list of profiles for the rule.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule_
id float - Unique positive number that is assigned by the system and is useful for debugging.
- scopes Sequence[str]
- List of policy paths where the rule is applied.
- sequence_
number float - Sequence number of the this rule, is defined by order of rules in the list.
- service_
entries PolicyPredefined Security Policy Rule Service Entries - List of services to match
- services Sequence[str]
- List of services to match.
- source_
groups Sequence[str] - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources_
excluded bool - Negation of source groups
-
Sequence[Policy
Predefined Security Policy Rule Tag] - A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- action String
- The action for the Rule. Must be one of:
ALLOW,DROPorREJECT. Defaults toALLOW. Note thatREJECTaction is not applicable for L2 policy. - description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- destinations
Excluded Boolean - A boolean value indicating negation of destination groups.
- direction String
- The traffic direction for the policy. Must be one of:
IN,OUTorIN_OUT. Defaults toIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Defaults to
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Defaults toIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog.
- logged Boolean
- A boolean flag to enable packet logging.
- notes String
- Text for additional notes on changes for the rule.
- nsx
Id String - NSX ID for this resource
- path String
- Policy path for the predefined Security Policy to modify.
- profiles List<String>
- A list of profiles for the rule.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- List of policy paths where the rule is applied.
- sequence
Number Number - Sequence number of the this rule, is defined by order of rules in the list.
- service
Entries Property Map - List of services to match
- services List<String>
- List of services to match.
- source
Groups List<String> - Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
- sources
Excluded Boolean - Negation of source groups
- List<Property Map>
- A list of scope + tag pairs to associate with this Rule.
PolicyPredefinedSecurityPolicyRuleServiceEntries, PolicyPredefinedSecurityPolicyRuleServiceEntriesArgs
- Algorithm
Entries List<PolicyPredefined Security Policy Rule Service Entries Algorithm Entry> - Algorithm type service entry
- Ether
Type List<PolicyEntries Predefined Security Policy Rule Service Entries Ether Type Entry> - Ether type service entry
- Icmp
Entries List<PolicyPredefined Security Policy Rule Service Entries Icmp Entry> - ICMP type service entry
- Igmp
Entries List<PolicyPredefined Security Policy Rule Service Entries Igmp Entry> - IGMP type service entry
- Ip
Protocol List<PolicyEntries Predefined Security Policy Rule Service Entries Ip Protocol Entry> - IP Protocol type service entry
- L4Port
Set List<PolicyEntries Predefined Security Policy Rule Service Entries L4Port Set Entry> - L4 port set type service entry
- Algorithm
Entries []PolicyPredefined Security Policy Rule Service Entries Algorithm Entry - Algorithm type service entry
- Ether
Type []PolicyEntries Predefined Security Policy Rule Service Entries Ether Type Entry - Ether type service entry
- Icmp
Entries []PolicyPredefined Security Policy Rule Service Entries Icmp Entry - ICMP type service entry
- Igmp
Entries []PolicyPredefined Security Policy Rule Service Entries Igmp Entry - IGMP type service entry
- Ip
Protocol []PolicyEntries Predefined Security Policy Rule Service Entries Ip Protocol Entry - IP Protocol type service entry
- L4Port
Set []PolicyEntries Predefined Security Policy Rule Service Entries L4Port Set Entry - L4 port set type service entry
- algorithm
Entries List<PolicyPredefined Security Policy Rule Service Entries Algorithm Entry> - Algorithm type service entry
- ether
Type List<PolicyEntries Predefined Security Policy Rule Service Entries Ether Type Entry> - Ether type service entry
- icmp
Entries List<PolicyPredefined Security Policy Rule Service Entries Icmp Entry> - ICMP type service entry
- igmp
Entries List<PolicyPredefined Security Policy Rule Service Entries Igmp Entry> - IGMP type service entry
- ip
Protocol List<PolicyEntries Predefined Security Policy Rule Service Entries Ip Protocol Entry> - IP Protocol type service entry
- l4Port
Set List<PolicyEntries Predefined Security Policy Rule Service Entries L4Port Set Entry> - L4 port set type service entry
- algorithm
Entries PolicyPredefined Security Policy Rule Service Entries Algorithm Entry[] - Algorithm type service entry
- ether
Type PolicyEntries Predefined Security Policy Rule Service Entries Ether Type Entry[] - Ether type service entry
- icmp
Entries PolicyPredefined Security Policy Rule Service Entries Icmp Entry[] - ICMP type service entry
- igmp
Entries PolicyPredefined Security Policy Rule Service Entries Igmp Entry[] - IGMP type service entry
- ip
Protocol PolicyEntries Predefined Security Policy Rule Service Entries Ip Protocol Entry[] - IP Protocol type service entry
- l4Port
Set PolicyEntries Predefined Security Policy Rule Service Entries L4Port Set Entry[] - L4 port set type service entry
- algorithm_
entries Sequence[PolicyPredefined Security Policy Rule Service Entries Algorithm Entry] - Algorithm type service entry
- ether_
type_ Sequence[Policyentries Predefined Security Policy Rule Service Entries Ether Type Entry] - Ether type service entry
- icmp_
entries Sequence[PolicyPredefined Security Policy Rule Service Entries Icmp Entry] - ICMP type service entry
- igmp_
entries Sequence[PolicyPredefined Security Policy Rule Service Entries Igmp Entry] - IGMP type service entry
- ip_
protocol_ Sequence[Policyentries Predefined Security Policy Rule Service Entries Ip Protocol Entry] - IP Protocol type service entry
- l4_
port_ Sequence[Policyset_ entries Predefined Security Policy Rule Service Entries L4Port Set Entry] - L4 port set type service entry
- algorithm
Entries List<Property Map> - Algorithm type service entry
- ether
Type List<Property Map>Entries - Ether type service entry
- icmp
Entries List<Property Map> - ICMP type service entry
- igmp
Entries List<Property Map> - IGMP type service entry
- ip
Protocol List<Property Map>Entries - IP Protocol type service entry
- l4Port
Set List<Property Map>Entries - L4 port set type service entry
PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesAlgorithmEntryArgs
- Algorithm string
- Algorithm
- Destination
Port string - A single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Source
Ports List<string> - Set of source ports or ranges
- Algorithm string
- Algorithm
- Destination
Port string - A single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Source
Ports []string - Set of source ports or ranges
- algorithm String
- Algorithm
- destination
Port String - A single destination port
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- source
Ports List<String> - Set of source ports or ranges
- algorithm string
- Algorithm
- destination
Port string - A single destination port
- description string
- Description of the resource.
- display
Name string - Display name for this resource
- source
Ports string[] - Set of source ports or ranges
- algorithm str
- Algorithm
- destination_
port str - A single destination port
- description str
- Description of the resource.
- display_
name str - Display name for this resource
- source_
ports Sequence[str] - Set of source ports or ranges
- algorithm String
- Algorithm
- destination
Port String - A single destination port
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- source
Ports List<String> - Set of source ports or ranges
PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesEtherTypeEntryArgs
- Ether
Type double - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Ether
Type float64 - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- ether
Type Double - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- ether
Type number - Type of the encapsulated protocol
- description string
- Description of the resource.
- display
Name string - Display name for this resource
- ether_
type float - Type of the encapsulated protocol
- description str
- Description of the resource.
- display_
name str - Display name for this resource
- ether
Type Number - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name for this resource
PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesIcmpEntryArgs
- Protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- Protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- protocol String
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
- protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description string
- Description of the resource.
- display
Name string - Display name for this resource
- icmp
Code string - ICMP message code
- icmp
Type string - ICMP message type
- protocol str
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description str
- Description of the resource.
- display_
name str - Display name for this resource
- icmp_
code str - ICMP message code
- icmp_
type str - ICMP message type
- protocol String
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesIgmpEntryArgs
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- description string
- Description of the resource.
- display
Name string - Display name for this resource
- description str
- Description of the resource.
- display_
name str - Display name for this resource
- description String
- Description of the resource.
- display
Name String - Display name for this resource
PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesIpProtocolEntryArgs
- Protocol double
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- Protocol float64
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name for this resource
- protocol Double
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name for this resource
- protocol number
- IP protocol number
- description string
- Description of the resource.
- display
Name string - Display name for this resource
- protocol float
- IP protocol number
- description str
- Description of the resource.
- display_
name str - Display name for this resource
- protocol Number
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name for this resource
PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntry, PolicyPredefinedSecurityPolicyRuleServiceEntriesL4PortSetEntryArgs
- Protocol string
- L4 Protocol
- Description string
- Description of the resource.
- Destination
Ports List<string> - Set of destination ports
- Display
Name string - Display name for this resource
- Source
Ports List<string> - Set of source ports
- Protocol string
- L4 Protocol
- Description string
- Description of the resource.
- Destination
Ports []string - Set of destination ports
- Display
Name string - Display name for this resource
- Source
Ports []string - Set of source ports
- protocol String
- L4 Protocol
- description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name for this resource
- source
Ports List<String> - Set of source ports
- protocol string
- L4 Protocol
- description string
- Description of the resource.
- destination
Ports string[] - Set of destination ports
- display
Name string - Display name for this resource
- source
Ports string[] - Set of source ports
- protocol str
- L4 Protocol
- description str
- Description of the resource.
- destination_
ports Sequence[str] - Set of destination ports
- display_
name str - Display name for this resource
- source_
ports Sequence[str] - Set of source ports
- protocol String
- L4 Protocol
- description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name for this resource
- source
Ports List<String> - Set of source ports
PolicyPredefinedSecurityPolicyRuleTag, PolicyPredefinedSecurityPolicyRuleTagArgs
PolicyPredefinedSecurityPolicyTag, PolicyPredefinedSecurityPolicyTagArgs
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.