Oracle Cloud Infrastructure

v0.5.0 published on Monday, Sep 12, 2022 by Pulumi

getNetworkFirewallPolicy

This data source provides details about a specific Network Firewall Policy resource in Oracle Cloud Infrastructure Network Firewall service.

Gets a NetworkFirewallPolicy given the network firewall policy identifier.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testNetworkFirewallPolicy = Oci.NetworkFirewall.GetNetworkFirewallPolicy.Invoke(new()
    {
        NetworkFirewallPolicyId = oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
    });

});
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/NetworkFirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := NetworkFirewall.GetNetworkFirewallPolicy(ctx, &networkfirewall.GetNetworkFirewallPolicyArgs{
			NetworkFirewallPolicyId: oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallFunctions;
import com.pulumi.oci.NetworkFirewall.inputs.GetNetworkFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testNetworkFirewallPolicy = NetworkFirewallFunctions.getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs.builder()
            .networkFirewallPolicyId(oci_network_firewall_network_firewall_policy.test_network_firewall_policy().id())
            .build());

    }
}
import pulumi
import pulumi_oci as oci

test_network_firewall_policy = oci.NetworkFirewall.get_network_firewall_policy(network_firewall_policy_id=oci_network_firewall_network_firewall_policy["test_network_firewall_policy"]["id"])
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testNetworkFirewallPolicy = oci.NetworkFirewall.getNetworkFirewallPolicy({
    networkFirewallPolicyId: oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id,
});
variables:
  testNetworkFirewallPolicy:
    Fn::Invoke:
      Function: oci:NetworkFirewall:getNetworkFirewallPolicy
      Arguments:
        networkFirewallPolicyId: ${oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id}

Using getNetworkFirewallPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNetworkFirewallPolicy(args: GetNetworkFirewallPolicyArgs, opts?: InvokeOptions): Promise<GetNetworkFirewallPolicyResult>
function getNetworkFirewallPolicyOutput(args: GetNetworkFirewallPolicyOutputArgs, opts?: InvokeOptions): Output<GetNetworkFirewallPolicyResult>
def get_network_firewall_policy(network_firewall_policy_id: Optional[str] = None,
                                opts: Optional[InvokeOptions] = None) -> GetNetworkFirewallPolicyResult
def get_network_firewall_policy_output(network_firewall_policy_id: Optional[pulumi.Input[str]] = None,
                                opts: Optional[InvokeOptions] = None) -> Output[GetNetworkFirewallPolicyResult]
func GetNetworkFirewallPolicy(ctx *Context, args *GetNetworkFirewallPolicyArgs, opts ...InvokeOption) (*GetNetworkFirewallPolicyResult, error)
func GetNetworkFirewallPolicyOutput(ctx *Context, args *GetNetworkFirewallPolicyOutputArgs, opts ...InvokeOption) GetNetworkFirewallPolicyResultOutput

> Note: This function is named GetNetworkFirewallPolicy in the Go SDK.

public static class GetNetworkFirewallPolicy 
{
    public static Task<GetNetworkFirewallPolicyResult> InvokeAsync(GetNetworkFirewallPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetNetworkFirewallPolicyResult> Invoke(GetNetworkFirewallPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetNetworkFirewallPolicyResult> getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: oci:NetworkFirewall/getNetworkFirewallPolicy:getNetworkFirewallPolicy
  Arguments:
    # Arguments dictionary

The following arguments are supported:

NetworkFirewallPolicyId string

Unique Network Firewall Policy identifier

NetworkFirewallPolicyId string

Unique Network Firewall Policy identifier

networkFirewallPolicyId String

Unique Network Firewall Policy identifier

networkFirewallPolicyId string

Unique Network Firewall Policy identifier

network_firewall_policy_id str

Unique Network Firewall Policy identifier

networkFirewallPolicyId String

Unique Network Firewall Policy identifier

getNetworkFirewallPolicy Result

The following output properties are available:

ApplicationLists List<GetNetworkFirewallPolicyApplicationList>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

CompartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

DecryptionProfiles List<GetNetworkFirewallPolicyDecryptionProfile>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

DecryptionRules List<GetNetworkFirewallPolicyDecryptionRule>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

DefinedTags Dictionary<string, object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

DisplayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

FreeformTags Dictionary<string, object>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

Id string

The OCID of the resource - Network Firewall Policy.

IpAddressLists List<GetNetworkFirewallPolicyIpAddressList>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

IsFirewallAttached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

LifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

MappedSecrets List<GetNetworkFirewallPolicyMappedSecret>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

NetworkFirewallPolicyId string
SecurityRules List<GetNetworkFirewallPolicySecurityRule>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

State string

The current state of the Network Firewall Policy.

SystemTags Dictionary<string, object>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

TimeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

TimeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

UrlLists List<GetNetworkFirewallPolicyUrlList>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

ApplicationLists []GetNetworkFirewallPolicyApplicationList

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

CompartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

DecryptionProfiles []GetNetworkFirewallPolicyDecryptionProfile

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

DecryptionRules []GetNetworkFirewallPolicyDecryptionRule

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

DefinedTags map[string]interface{}

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

DisplayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

FreeformTags map[string]interface{}

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

Id string

The OCID of the resource - Network Firewall Policy.

IpAddressLists []GetNetworkFirewallPolicyIpAddressList

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

IsFirewallAttached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

LifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

MappedSecrets []GetNetworkFirewallPolicyMappedSecret

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

NetworkFirewallPolicyId string
SecurityRules []GetNetworkFirewallPolicySecurityRule

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

State string

The current state of the Network Firewall Policy.

SystemTags map[string]interface{}

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

TimeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

TimeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

UrlLists []GetNetworkFirewallPolicyUrlList

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<GetPolicyApplicationList>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId String

The OCID of the compartment containing the NetworkFirewall Policy.

decryptionProfiles List<GetPolicyDecryptionProfile>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules List<GetPolicyDecryptionRule>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags Map<String,Object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName String

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

freeformTags Map<String,Object>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id String

The OCID of the resource - Network Firewall Policy.

ipAddressLists List<GetPolicyIpAddressList>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached Boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails String

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets List<GetPolicyMappedSecret>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

networkFirewallPolicyId String
securityRules List<GetPolicySecurityRule>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state String

The current state of the Network Firewall Policy.

systemTags Map<String,Object>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated String

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated String

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists List<GetPolicyUrlList>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists GetNetworkFirewallPolicyApplicationList[]

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

decryptionProfiles GetNetworkFirewallPolicyDecryptionProfile[]

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules GetNetworkFirewallPolicyDecryptionRule[]

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags {[key: string]: any}

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

freeformTags {[key: string]: any}

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id string

The OCID of the resource - Network Firewall Policy.

ipAddressLists GetNetworkFirewallPolicyIpAddressList[]

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets GetNetworkFirewallPolicyMappedSecret[]

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

networkFirewallPolicyId string
securityRules GetNetworkFirewallPolicySecurityRule[]

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state string

The current state of the Network Firewall Policy.

systemTags {[key: string]: any}

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists GetNetworkFirewallPolicyUrlList[]

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

application_lists GetNetworkFirewallPolicyApplicationList]

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartment_id str

The OCID of the compartment containing the NetworkFirewall Policy.

decryption_profiles GetNetworkFirewallPolicyDecryptionProfile]

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryption_rules GetNetworkFirewallPolicyDecryptionRule]

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

defined_tags Mapping[str, Any]

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

display_name str

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

freeform_tags Mapping[str, Any]

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id str

The OCID of the resource - Network Firewall Policy.

ip_address_lists GetNetworkFirewallPolicyIpAddressList]

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

is_firewall_attached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycle_details str

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mapped_secrets GetNetworkFirewallPolicyMappedSecret]

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

network_firewall_policy_id str
security_rules GetNetworkFirewallPolicySecurityRule]

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state str

The current state of the Network Firewall Policy.

system_tags Mapping[str, Any]

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

time_created str

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

time_updated str

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

url_lists GetNetworkFirewallPolicyUrlList]

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<Property Map>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId String

The OCID of the compartment containing the NetworkFirewall Policy.

decryptionProfiles List<Property Map>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules List<Property Map>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags Map<Any>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName String

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

freeformTags Map<Any>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id String

The OCID of the resource - Network Firewall Policy.

ipAddressLists List<Property Map>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached Boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails String

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets List<Property Map>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

networkFirewallPolicyId String
securityRules List<Property Map>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state String

The current state of the Network Firewall Policy.

systemTags Map<Any>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated String

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated String

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists List<Property Map>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

Supporting Types

GetNetworkFirewallPolicyApplicationList

IcmpCode int
IcmpType int
Key string
MaximumPort int
MinimumPort int
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
IcmpCode int
IcmpType int
Key string
MaximumPort int
MinimumPort int
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode Integer
icmpType Integer
key String
maximumPort Integer
minimumPort Integer
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode number
icmpType number
key string
maximumPort number
minimumPort number
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmp_code int
icmp_type int
key str
maximum_port int
minimum_port int
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode Number
icmpType Number
key String
maximumPort Number
minimumPort Number
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

GetNetworkFirewallPolicyDecryptionProfile

AreCertificateExtensionsRestricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

IsAutoIncludeAltName bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

IsExpiredCertificateBlocked bool

Whether to block sessions if server's certificate is expired.

IsOutOfCapacityBlocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

IsRevocationStatusTimeoutBlocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

IsUnknownRevocationStatusBlocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

IsUnsupportedCipherBlocked bool

Whether to block sessions if SSL cipher suite is not supported.

IsUnsupportedVersionBlocked bool

Whether to block sessions if SSL version is not supported.

IsUntrustedIssuerBlocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
AreCertificateExtensionsRestricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

IsAutoIncludeAltName bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

IsExpiredCertificateBlocked bool

Whether to block sessions if server's certificate is expired.

IsOutOfCapacityBlocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

IsRevocationStatusTimeoutBlocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

IsUnknownRevocationStatusBlocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

IsUnsupportedCipherBlocked bool

Whether to block sessions if SSL cipher suite is not supported.

IsUnsupportedVersionBlocked bool

Whether to block sessions if SSL version is not supported.

IsUntrustedIssuerBlocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted Boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName Boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked Boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked Boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked Boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked Boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked Boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
are_certificate_extensions_restricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

is_auto_include_alt_name bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

is_expired_certificate_blocked bool

Whether to block sessions if server's certificate is expired.

is_out_of_capacity_blocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

is_revocation_status_timeout_blocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

is_unknown_revocation_status_blocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

is_unsupported_cipher_blocked bool

Whether to block sessions if SSL cipher suite is not supported.

is_unsupported_version_blocked bool

Whether to block sessions if SSL version is not supported.

is_untrusted_issuer_blocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted Boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName Boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked Boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked Boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked Boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked Boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked Boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

GetNetworkFirewallPolicyDecryptionRule

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions List<GetNetworkFirewallPolicyDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions []GetNetworkFirewallPolicyDecryptionRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<GetPolicyDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPolicyDecryptionRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile string

The name of the decryption profile to use.

name string

Name for the Security rule, must be unique within the policy.

secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action str

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPolicyDecryptionRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryption_profile str

The name of the decryption profile to use.

name str

Name for the Security rule, must be unique within the policy.

secret str

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

GetNetworkFirewallPolicyDecryptionRuleCondition

Destinations List<string>

An array of IP address list names to be evaluated against the traffic destination address.

Sources List<string>

An array of IP address list names to be evaluated against the traffic source address.

Destinations []string

An array of IP address list names to be evaluated against the traffic destination address.

Sources []string

An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

destinations string[]

An array of IP address list names to be evaluated against the traffic destination address.

sources string[]

An array of IP address list names to be evaluated against the traffic source address.

destinations Sequence[str]

An array of IP address list names to be evaluated against the traffic destination address.

sources Sequence[str]

An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

GetNetworkFirewallPolicyIpAddressList

GetNetworkFirewallPolicyMappedSecret

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
VaultSecretId string

OCID for the Vault Secret to be used.

VersionNumber int

Version number of the secret to be used.

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
VaultSecretId string

OCID for the Vault Secret to be used.

VersionNumber int

Version number of the secret to be used.

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId String

OCID for the Vault Secret to be used.

versionNumber Integer

Version number of the secret to be used.

key string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId string

OCID for the Vault Secret to be used.

versionNumber number

Version number of the secret to be used.

key str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vault_secret_id str

OCID for the Vault Secret to be used.

version_number int

Version number of the secret to be used.

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId String

OCID for the Vault Secret to be used.

versionNumber Number

Version number of the secret to be used.

GetNetworkFirewallPolicySecurityRule

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions List<GetNetworkFirewallPolicySecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
Name string

Name for the Security rule, must be unique within the policy.

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions []GetNetworkFirewallPolicySecurityRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
Name string

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<GetPolicySecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name String

Name for the Security rule, must be unique within the policy.

action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPolicySecurityRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name string

Name for the Security rule, must be unique within the policy.

action str

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPolicySecurityRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection str

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name str

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name String

Name for the Security rule, must be unique within the policy.

GetNetworkFirewallPolicySecurityRuleCondition

Applications List<string>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

Destinations List<string>

An array of IP address list names to be evaluated against the traffic destination address.

Sources List<string>

An array of IP address list names to be evaluated against the traffic source address.

Urls List<string>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

Applications []string

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

Destinations []string

An array of IP address list names to be evaluated against the traffic destination address.

Sources []string

An array of IP address list names to be evaluated against the traffic source address.

Urls []string

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

urls List<String>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications string[]

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations string[]

An array of IP address list names to be evaluated against the traffic destination address.

sources string[]

An array of IP address list names to be evaluated against the traffic source address.

urls string[]

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications Sequence[str]

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations Sequence[str]

An array of IP address list names to be evaluated against the traffic destination address.

sources Sequence[str]

An array of IP address list names to be evaluated against the traffic source address.

urls Sequence[str]

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

urls List<String>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

GetNetworkFirewallPolicyUrlList

Key string
Pattern string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
Key string
Pattern string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key String
pattern String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key string
pattern string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key str
pattern str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key String
pattern String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

Package Details

Repository
https://github.com/pulumi/pulumi-oci
License
Apache-2.0
Notes

This Pulumi package is based on the oci Terraform Provider.