Oracle Cloud Infrastructure v0.19.0, May 26 23

oci.NetworkFirewall.getNetworkFirewallPolicy

Explore with Pulumi AI

This data source provides details about a specific Network Firewall Policy resource in Oracle Cloud Infrastructure Network Firewall service.

Gets a NetworkFirewallPolicy given the network firewall policy identifier.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testNetworkFirewallPolicy = Oci.NetworkFirewall.GetNetworkFirewallPolicy.Invoke(new()
    {
        NetworkFirewallPolicyId = oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
    });

});

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/NetworkFirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := NetworkFirewall.GetNetworkFirewallPolicy(ctx, &networkfirewall.GetNetworkFirewallPolicyArgs{
			NetworkFirewallPolicyId: oci_network_firewall_network_firewall_policy.Test_network_firewall_policy.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallFunctions;
import com.pulumi.oci.NetworkFirewall.inputs.GetNetworkFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testNetworkFirewallPolicy = NetworkFirewallFunctions.getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs.builder()
            .networkFirewallPolicyId(oci_network_firewall_network_firewall_policy.test_network_firewall_policy().id())
            .build());

    }
}

import pulumi
import pulumi_oci as oci

test_network_firewall_policy = oci.NetworkFirewall.get_network_firewall_policy(network_firewall_policy_id=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testNetworkFirewallPolicy = oci.NetworkFirewall.getNetworkFirewallPolicy({
    networkFirewallPolicyId: oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id,
});

variables:
  testNetworkFirewallPolicy:
    fn::invoke:
      Function: oci:NetworkFirewall:getNetworkFirewallPolicy
      Arguments:
        networkFirewallPolicyId: ${oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id}

Using getNetworkFirewallPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNetworkFirewallPolicy(args: GetNetworkFirewallPolicyArgs, opts?: InvokeOptions): Promise<GetNetworkFirewallPolicyResult>
function getNetworkFirewallPolicyOutput(args: GetNetworkFirewallPolicyOutputArgs, opts?: InvokeOptions): Output<GetNetworkFirewallPolicyResult>

def get_network_firewall_policy(network_firewall_policy_id: Optional[str] = None,
                                opts: Optional[InvokeOptions] = None) -> GetNetworkFirewallPolicyResult
def get_network_firewall_policy_output(network_firewall_policy_id: Optional[pulumi.Input[str]] = None,
                                opts: Optional[InvokeOptions] = None) -> Output[GetNetworkFirewallPolicyResult]

func GetNetworkFirewallPolicy(ctx *Context, args *GetNetworkFirewallPolicyArgs, opts ...InvokeOption) (*GetNetworkFirewallPolicyResult, error)
func GetNetworkFirewallPolicyOutput(ctx *Context, args *GetNetworkFirewallPolicyOutputArgs, opts ...InvokeOption) GetNetworkFirewallPolicyResultOutput

> Note: This function is named GetNetworkFirewallPolicy in the Go SDK.

public static class GetNetworkFirewallPolicy 
{
    public static Task<GetNetworkFirewallPolicyResult> InvokeAsync(GetNetworkFirewallPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetNetworkFirewallPolicyResult> Invoke(GetNetworkFirewallPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetNetworkFirewallPolicyResult> getNetworkFirewallPolicy(GetNetworkFirewallPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: oci:NetworkFirewall/getNetworkFirewallPolicy:getNetworkFirewallPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

NetworkFirewallPolicyId string: Unique Network Firewall Policy identifier

NetworkFirewallPolicyId string: Unique Network Firewall Policy identifier

networkFirewallPolicyId String: Unique Network Firewall Policy identifier

networkFirewallPolicyId string: Unique Network Firewall Policy identifier

network_firewall_policy_id str: Unique Network Firewall Policy identifier

networkFirewallPolicyId String: Unique Network Firewall Policy identifier

getNetworkFirewallPolicy Result

The following output properties are available:

ApplicationLists List<GetNetworkFirewallPolicyApplicationList>: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
CompartmentId string: The OCID of the compartment containing the NetworkFirewall Policy.
DecryptionProfiles List<GetNetworkFirewallPolicyDecryptionProfile>: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
DecryptionRules List<GetNetworkFirewallPolicyDecryptionRule>: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
DefinedTags Dictionary<string, object>: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
DisplayName string: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
FreeformTags Dictionary<string, object>: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
Id string: The OCID of the resource - Network Firewall Policy.
IpAddressLists List<GetNetworkFirewallPolicyIpAddressList>: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
IsFirewallAttached bool: To determine if any Network Firewall is associated with this Network Firewall Policy.
LifecycleDetails string: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
MappedSecrets List<GetNetworkFirewallPolicyMappedSecret>: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
NetworkFirewallPolicyId string
SecurityRules List<GetNetworkFirewallPolicySecurityRule>: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
State string: The current state of the Network Firewall Policy.
SystemTags Dictionary<string, object>: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
TimeCreated string: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeUpdated string: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
UrlLists List<GetNetworkFirewallPolicyUrlList>: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

ApplicationLists []GetNetworkFirewallPolicyApplicationList: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
CompartmentId string: The OCID of the compartment containing the NetworkFirewall Policy.
DecryptionProfiles []GetNetworkFirewallPolicyDecryptionProfile: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
DecryptionRules []GetNetworkFirewallPolicyDecryptionRule: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
DefinedTags map[string]interface{}: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
DisplayName string: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
FreeformTags map[string]interface{}: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
Id string: The OCID of the resource - Network Firewall Policy.
IpAddressLists []GetNetworkFirewallPolicyIpAddressList: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
IsFirewallAttached bool: To determine if any Network Firewall is associated with this Network Firewall Policy.
LifecycleDetails string: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
MappedSecrets []GetNetworkFirewallPolicyMappedSecret: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
NetworkFirewallPolicyId string
SecurityRules []GetNetworkFirewallPolicySecurityRule: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
State string: The current state of the Network Firewall Policy.
SystemTags map[string]interface{}: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
TimeCreated string: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeUpdated string: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
UrlLists []GetNetworkFirewallPolicyUrlList: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<GetPolicyApplicationList>: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
compartmentId String: The OCID of the compartment containing the NetworkFirewall Policy.
decryptionProfiles List<GetPolicyDecryptionProfile>: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
decryptionRules List<GetPolicyDecryptionRule>: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
definedTags Map<String,Object>: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
displayName String: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
freeformTags Map<String,Object>: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
id String: The OCID of the resource - Network Firewall Policy.
ipAddressLists List<GetPolicyIpAddressList>: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
isFirewallAttached Boolean: To determine if any Network Firewall is associated with this Network Firewall Policy.
lifecycleDetails String: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
mappedSecrets List<GetPolicyMappedSecret>: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
networkFirewallPolicyId String
securityRules List<GetPolicySecurityRule>: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
state String: The current state of the Network Firewall Policy.
systemTags Map<String,Object>: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
timeCreated String: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeUpdated String: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
urlLists List<GetPolicyUrlList>: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists GetNetworkFirewallPolicyApplicationList[]: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
compartmentId string: The OCID of the compartment containing the NetworkFirewall Policy.
decryptionProfiles GetNetworkFirewallPolicyDecryptionProfile[]: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
decryptionRules GetNetworkFirewallPolicyDecryptionRule[]: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
definedTags {[key: string]: any}: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
displayName string: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
freeformTags {[key: string]: any}: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
id string: The OCID of the resource - Network Firewall Policy.
ipAddressLists GetNetworkFirewallPolicyIpAddressList[]: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
isFirewallAttached boolean: To determine if any Network Firewall is associated with this Network Firewall Policy.
lifecycleDetails string: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
mappedSecrets GetNetworkFirewallPolicyMappedSecret[]: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
networkFirewallPolicyId string
securityRules GetNetworkFirewallPolicySecurityRule[]: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
state string: The current state of the Network Firewall Policy.
systemTags {[key: string]: any}: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
timeCreated string: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeUpdated string: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
urlLists GetNetworkFirewallPolicyUrlList[]: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

application_lists GetNetworkFirewallPolicyApplicationList]: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
compartment_id str: The OCID of the compartment containing the NetworkFirewall Policy.
decryption_profiles GetNetworkFirewallPolicyDecryptionProfile]: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
decryption_rules GetNetworkFirewallPolicyDecryptionRule]: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
defined_tags Mapping[str, Any]: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
display_name str: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
freeform_tags Mapping[str, Any]: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
id str: The OCID of the resource - Network Firewall Policy.
ip_address_lists GetNetworkFirewallPolicyIpAddressList]: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
is_firewall_attached bool: To determine if any Network Firewall is associated with this Network Firewall Policy.
lifecycle_details str: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
mapped_secrets GetNetworkFirewallPolicyMappedSecret]: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
network_firewall_policy_id str
security_rules GetNetworkFirewallPolicySecurityRule]: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
state str: The current state of the Network Firewall Policy.
system_tags Mapping[str, Any]: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
time_created str: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
time_updated str: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
url_lists GetNetworkFirewallPolicyUrlList]: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<Property Map>: Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.
compartmentId String: The OCID of the compartment containing the NetworkFirewall Policy.
decryptionProfiles List<Property Map>: Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.
decryptionRules List<Property Map>: List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
definedTags Map<Any>: Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}
displayName String: A user-friendly optional name for the firewall policy. Avoid entering confidential information.
freeformTags Map<Any>: Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}
id String: The OCID of the resource - Network Firewall Policy.
ipAddressLists List<Property Map>: Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.
isFirewallAttached Boolean: To determine if any Network Firewall is associated with this Network Firewall Policy.
lifecycleDetails String: A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.
mappedSecrets List<Property Map>: Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.
networkFirewallPolicyId String
securityRules List<Property Map>: List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.
state String: The current state of the Network Firewall Policy.
systemTags Map<Any>: Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
timeCreated String: The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeUpdated String: The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
urlLists List<Property Map>: Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

Supporting Types

GetNetworkFirewallPolicyApplicationList

ApplicationListName string
ApplicationValues List<GetNetworkFirewallPolicyApplicationListApplicationValue>

ApplicationListName string
ApplicationValues []GetNetworkFirewallPolicyApplicationListApplicationValue

applicationListName String
applicationValues List<GetPolicyApplicationListApplicationValue>

applicationListName string
applicationValues GetNetworkFirewallPolicyApplicationListApplicationValue[]

application_list_name str
application_values GetNetworkFirewallPolicyApplicationListApplicationValue]

applicationListName String
applicationValues List<Property Map>

GetNetworkFirewallPolicyApplicationListApplicationValue

IcmpCode int
IcmpType int
MaximumPort int
MinimumPort int
Type string: Type of the secrets mapped based on the policy.

IcmpCode int
IcmpType int
MaximumPort int
MinimumPort int
Type string: Type of the secrets mapped based on the policy.

icmpCode Integer
icmpType Integer
maximumPort Integer
minimumPort Integer
type String: Type of the secrets mapped based on the policy.

icmpCode number
icmpType number
maximumPort number
minimumPort number
type string: Type of the secrets mapped based on the policy.

icmp_code int
icmp_type int
maximum_port int
minimum_port int
type str: Type of the secrets mapped based on the policy.

icmpCode Number
icmpType Number
maximumPort Number
minimumPort Number
type String: Type of the secrets mapped based on the policy.

GetNetworkFirewallPolicyDecryptionProfile

AreCertificateExtensionsRestricted bool: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
IsAutoIncludeAltName bool: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
IsExpiredCertificateBlocked bool: Whether to block sessions if server's certificate is expired.
IsOutOfCapacityBlocked bool: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
IsRevocationStatusTimeoutBlocked bool: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
IsUnknownRevocationStatusBlocked bool: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
IsUnsupportedCipherBlocked bool: Whether to block sessions if SSL cipher suite is not supported.
IsUnsupportedVersionBlocked bool: Whether to block sessions if SSL version is not supported.
IsUntrustedIssuerBlocked bool: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
Key string
Type string: Type of the secrets mapped based on the policy.

AreCertificateExtensionsRestricted bool: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
IsAutoIncludeAltName bool: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
IsExpiredCertificateBlocked bool: Whether to block sessions if server's certificate is expired.
IsOutOfCapacityBlocked bool: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
IsRevocationStatusTimeoutBlocked bool: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
IsUnknownRevocationStatusBlocked bool: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
IsUnsupportedCipherBlocked bool: Whether to block sessions if SSL cipher suite is not supported.
IsUnsupportedVersionBlocked bool: Whether to block sessions if SSL version is not supported.
IsUntrustedIssuerBlocked bool: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
Key string
Type string: Type of the secrets mapped based on the policy.

areCertificateExtensionsRestricted Boolean: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
isAutoIncludeAltName Boolean: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
isExpiredCertificateBlocked Boolean: Whether to block sessions if server's certificate is expired.
isOutOfCapacityBlocked Boolean: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
isRevocationStatusTimeoutBlocked Boolean: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
isUnknownRevocationStatusBlocked Boolean: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
isUnsupportedCipherBlocked Boolean: Whether to block sessions if SSL cipher suite is not supported.
isUnsupportedVersionBlocked Boolean: Whether to block sessions if SSL version is not supported.
isUntrustedIssuerBlocked Boolean: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
key String
type String: Type of the secrets mapped based on the policy.

areCertificateExtensionsRestricted boolean: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
isAutoIncludeAltName boolean: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
isExpiredCertificateBlocked boolean: Whether to block sessions if server's certificate is expired.
isOutOfCapacityBlocked boolean: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
isRevocationStatusTimeoutBlocked boolean: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
isUnknownRevocationStatusBlocked boolean: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
isUnsupportedCipherBlocked boolean: Whether to block sessions if SSL cipher suite is not supported.
isUnsupportedVersionBlocked boolean: Whether to block sessions if SSL version is not supported.
isUntrustedIssuerBlocked boolean: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
key string
type string: Type of the secrets mapped based on the policy.

are_certificate_extensions_restricted bool: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
is_auto_include_alt_name bool: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
is_expired_certificate_blocked bool: Whether to block sessions if server's certificate is expired.
is_out_of_capacity_blocked bool: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
is_revocation_status_timeout_blocked bool: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
is_unknown_revocation_status_blocked bool: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
is_unsupported_cipher_blocked bool: Whether to block sessions if SSL cipher suite is not supported.
is_unsupported_version_blocked bool: Whether to block sessions if SSL version is not supported.
is_untrusted_issuer_blocked bool: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
key str
type str: Type of the secrets mapped based on the policy.

areCertificateExtensionsRestricted Boolean: Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.
isAutoIncludeAltName Boolean: Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.
isExpiredCertificateBlocked Boolean: Whether to block sessions if server's certificate is expired.
isOutOfCapacityBlocked Boolean: Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.
isRevocationStatusTimeoutBlocked Boolean: Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).
isUnknownRevocationStatusBlocked Boolean: Whether to block sessions if the revocation status check for server's certificate results in "unknown".
isUnsupportedCipherBlocked Boolean: Whether to block sessions if SSL cipher suite is not supported.
isUnsupportedVersionBlocked Boolean: Whether to block sessions if SSL version is not supported.
isUntrustedIssuerBlocked Boolean: Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).
key String
type String: Type of the secrets mapped based on the policy.

GetNetworkFirewallPolicyDecryptionRule

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Conditions List<GetNetworkFirewallPolicyDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Conditions []GetNetworkFirewallPolicyDecryptionRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions List<GetPolicyDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions GetNetworkFirewallPolicyDecryptionRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile string

The name of the decryption profile to use.

name string

Name for the Security rule, must be unique within the policy.

secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action str

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions GetNetworkFirewallPolicyDecryptionRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryption_profile str

The name of the decryption profile to use.

name str

Name for the Security rule, must be unique within the policy.

secret str

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

GetNetworkFirewallPolicyDecryptionRuleCondition

Destinations List<string>: An array of IP address list names to be evaluated against the traffic destination address.
Sources List<string>: An array of IP address list names to be evaluated against the traffic source address.

Destinations []string: An array of IP address list names to be evaluated against the traffic destination address.
Sources []string: An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>: An array of IP address list names to be evaluated against the traffic destination address.
sources List<String>: An array of IP address list names to be evaluated against the traffic source address.

destinations string[]: An array of IP address list names to be evaluated against the traffic destination address.
sources string[]: An array of IP address list names to be evaluated against the traffic source address.

destinations Sequence[str]: An array of IP address list names to be evaluated against the traffic destination address.
sources Sequence[str]: An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>: An array of IP address list names to be evaluated against the traffic destination address.
sources List<String>: An array of IP address list names to be evaluated against the traffic source address.

GetNetworkFirewallPolicyIpAddressList

IpAddressListName string
IpAddressListValues List<string>

IpAddressListName string
IpAddressListValues []string

ipAddressListName String
ipAddressListValues List<String>

ipAddressListName string
ipAddressListValues string[]

ip_address_list_name str
ip_address_list_values Sequence[str]

ipAddressListName String
ipAddressListValues List<String>

GetNetworkFirewallPolicyMappedSecret

Key string
Type string: Type of the secrets mapped based on the policy.
VaultSecretId string: OCID for the Vault Secret to be used.
VersionNumber int: Version number of the secret to be used.

Key string
Type string: Type of the secrets mapped based on the policy.
VaultSecretId string: OCID for the Vault Secret to be used.
VersionNumber int: Version number of the secret to be used.

key String
type String: Type of the secrets mapped based on the policy.
vaultSecretId String: OCID for the Vault Secret to be used.
versionNumber Integer: Version number of the secret to be used.

key string
type string: Type of the secrets mapped based on the policy.
vaultSecretId string: OCID for the Vault Secret to be used.
versionNumber number: Version number of the secret to be used.

key str
type str: Type of the secrets mapped based on the policy.
vault_secret_id str: OCID for the Vault Secret to be used.
version_number int: Version number of the secret to be used.

key String
type String: Type of the secrets mapped based on the policy.
vaultSecretId String: OCID for the Vault Secret to be used.
versionNumber Number: Version number of the secret to be used.

GetNetworkFirewallPolicySecurityRule

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Conditions List<GetNetworkFirewallPolicySecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

Name string

Name for the Security rule, must be unique within the policy.

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Conditions []GetNetworkFirewallPolicySecurityRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

Name string

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions List<GetPolicySecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

name String

Name for the Security rule, must be unique within the policy.

action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions GetNetworkFirewallPolicySecurityRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

name string

Name for the Security rule, must be unique within the policy.

action str

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions GetNetworkFirewallPolicySecurityRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection str

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

name str

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

name String

Name for the Security rule, must be unique within the policy.

GetNetworkFirewallPolicySecurityRuleCondition

Applications List<string>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
Destinations List<string>: An array of IP address list names to be evaluated against the traffic destination address.
Sources List<string>: An array of IP address list names to be evaluated against the traffic source address.
Urls List<string>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

Applications []string: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
Destinations []string: An array of IP address list names to be evaluated against the traffic destination address.
Sources []string: An array of IP address list names to be evaluated against the traffic source address.
Urls []string: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinations List<String>: An array of IP address list names to be evaluated against the traffic destination address.
sources List<String>: An array of IP address list names to be evaluated against the traffic source address.
urls List<String>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications string[]: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinations string[]: An array of IP address list names to be evaluated against the traffic destination address.
sources string[]: An array of IP address list names to be evaluated against the traffic source address.
urls string[]: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications Sequence[str]: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinations Sequence[str]: An array of IP address list names to be evaluated against the traffic destination address.
sources Sequence[str]: An array of IP address list names to be evaluated against the traffic source address.
urls Sequence[str]: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinations List<String>: An array of IP address list names to be evaluated against the traffic destination address.
sources List<String>: An array of IP address list names to be evaluated against the traffic source address.
urls List<String>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.