Viewing docs for panos 2.0.10
published on Thursday, Apr 9, 2026 by paloaltonetworks
published on Thursday, Apr 9, 2026 by paloaltonetworks
Viewing docs for panos 2.0.10
published on Thursday, Apr 9, 2026 by paloaltonetworks
published on Thursday, Apr 9, 2026 by paloaltonetworks
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as panos from "@pulumi/panos";
const exampleDeviceGroup = new panos.DeviceGroup("example", {
location: {
panorama: {},
},
name: "example-device-group",
});
// Basic authentication policy rule in device group
const example = new panos.AuthenticationPolicy("example", {
location: {
deviceGroup: {
name: exampleDeviceGroup.name,
},
},
rules: [{
name: "require-auth-web-access",
sourceZones: ["trust"],
sourceAddresses: ["any"],
destinationZones: ["untrust"],
destinationAddresses: ["any"],
services: [
"service-http",
"service-https",
],
authenticationEnforcement: "auth-profile-captive-portal",
timeout: 120,
logAuthenticationTimeout: true,
}],
});
import pulumi
import pulumi_panos as panos
example_device_group = panos.DeviceGroup("example",
location={
"panorama": {},
},
name="example-device-group")
# Basic authentication policy rule in device group
example = panos.AuthenticationPolicy("example",
location={
"device_group": {
"name": example_device_group.name,
},
},
rules=[{
"name": "require-auth-web-access",
"source_zones": ["trust"],
"source_addresses": ["any"],
"destination_zones": ["untrust"],
"destination_addresses": ["any"],
"services": [
"service-http",
"service-https",
],
"authentication_enforcement": "auth-profile-captive-portal",
"timeout": 120,
"log_authentication_timeout": True,
}])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/panos/v2/panos"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDeviceGroup, err := panos.NewDeviceGroup(ctx, "example", &panos.DeviceGroupArgs{
Location: &panos.DeviceGroupLocationArgs{
Panorama: &panos.DeviceGroupLocationPanoramaArgs{},
},
Name: pulumi.String("example-device-group"),
})
if err != nil {
return err
}
// Basic authentication policy rule in device group
_, err = panos.NewAuthenticationPolicy(ctx, "example", &panos.AuthenticationPolicyArgs{
Location: &panos.AuthenticationPolicyLocationArgs{
DeviceGroup: &panos.AuthenticationPolicyLocationDeviceGroupArgs{
Name: exampleDeviceGroup.Name,
},
},
Rules: panos.AuthenticationPolicyRuleArray{
&panos.AuthenticationPolicyRuleArgs{
Name: pulumi.String("require-auth-web-access"),
SourceZones: pulumi.StringArray{
pulumi.String("trust"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("any"),
},
DestinationZones: pulumi.StringArray{
pulumi.String("untrust"),
},
DestinationAddresses: pulumi.StringArray{
pulumi.String("any"),
},
Services: pulumi.StringArray{
pulumi.String("service-http"),
pulumi.String("service-https"),
},
AuthenticationEnforcement: pulumi.String("auth-profile-captive-portal"),
Timeout: pulumi.Float64(120),
LogAuthenticationTimeout: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Panos = Pulumi.Panos;
return await Deployment.RunAsync(() =>
{
var exampleDeviceGroup = new Panos.DeviceGroup("example", new()
{
Location = new Panos.Inputs.DeviceGroupLocationArgs
{
Panorama = null,
},
Name = "example-device-group",
});
// Basic authentication policy rule in device group
var example = new Panos.AuthenticationPolicy("example", new()
{
Location = new Panos.Inputs.AuthenticationPolicyLocationArgs
{
DeviceGroup = new Panos.Inputs.AuthenticationPolicyLocationDeviceGroupArgs
{
Name = exampleDeviceGroup.Name,
},
},
Rules = new[]
{
new Panos.Inputs.AuthenticationPolicyRuleArgs
{
Name = "require-auth-web-access",
SourceZones = new[]
{
"trust",
},
SourceAddresses = new[]
{
"any",
},
DestinationZones = new[]
{
"untrust",
},
DestinationAddresses = new[]
{
"any",
},
Services = new[]
{
"service-http",
"service-https",
},
AuthenticationEnforcement = "auth-profile-captive-portal",
Timeout = 120,
LogAuthenticationTimeout = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.panos.DeviceGroup;
import com.pulumi.panos.DeviceGroupArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationPanoramaArgs;
import com.pulumi.panos.AuthenticationPolicy;
import com.pulumi.panos.AuthenticationPolicyArgs;
import com.pulumi.panos.inputs.AuthenticationPolicyLocationArgs;
import com.pulumi.panos.inputs.AuthenticationPolicyLocationDeviceGroupArgs;
import com.pulumi.panos.inputs.AuthenticationPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDeviceGroup = new DeviceGroup("exampleDeviceGroup", DeviceGroupArgs.builder()
.location(DeviceGroupLocationArgs.builder()
.panorama(DeviceGroupLocationPanoramaArgs.builder()
.build())
.build())
.name("example-device-group")
.build());
// Basic authentication policy rule in device group
var example = new AuthenticationPolicy("example", AuthenticationPolicyArgs.builder()
.location(AuthenticationPolicyLocationArgs.builder()
.deviceGroup(AuthenticationPolicyLocationDeviceGroupArgs.builder()
.name(exampleDeviceGroup.name())
.build())
.build())
.rules(AuthenticationPolicyRuleArgs.builder()
.name("require-auth-web-access")
.sourceZones("trust")
.sourceAddresses("any")
.destinationZones("untrust")
.destinationAddresses("any")
.services(
"service-http",
"service-https")
.authenticationEnforcement("auth-profile-captive-portal")
.timeout(120.0)
.logAuthenticationTimeout(true)
.build())
.build());
}
}
resources:
# Basic authentication policy rule in device group
example:
type: panos:AuthenticationPolicy
properties:
location:
deviceGroup:
name: ${exampleDeviceGroup.name}
rules:
- name: require-auth-web-access
sourceZones:
- trust
sourceAddresses:
- any
destinationZones:
- untrust
destinationAddresses:
- any
services:
- service-http
- service-https
authenticationEnforcement: auth-profile-captive-portal
timeout: 120
logAuthenticationTimeout: true
exampleDeviceGroup:
type: panos:DeviceGroup
name: example
properties:
location:
panorama: {}
name: example-device-group
Create AuthenticationPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthenticationPolicy(name: string, args: AuthenticationPolicyArgs, opts?: CustomResourceOptions);@overload
def AuthenticationPolicy(resource_name: str,
args: AuthenticationPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthenticationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[AuthenticationPolicyLocationArgs] = None,
rules: Optional[Sequence[AuthenticationPolicyRuleArgs]] = None)func NewAuthenticationPolicy(ctx *Context, name string, args AuthenticationPolicyArgs, opts ...ResourceOption) (*AuthenticationPolicy, error)public AuthenticationPolicy(string name, AuthenticationPolicyArgs args, CustomResourceOptions? opts = null)
public AuthenticationPolicy(String name, AuthenticationPolicyArgs args)
public AuthenticationPolicy(String name, AuthenticationPolicyArgs args, CustomResourceOptions options)
type: panos:AuthenticationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthenticationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthenticationPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthenticationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthenticationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthenticationPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authenticationPolicyResource = new Panos.Index.AuthenticationPolicy("authenticationPolicyResource", new()
{
Location = new Panos.Inputs.AuthenticationPolicyLocationArgs
{
DeviceGroup = new Panos.Inputs.AuthenticationPolicyLocationDeviceGroupArgs
{
Name = "string",
PanoramaDevice = "string",
Rulebase = "string",
},
Shared = new Panos.Inputs.AuthenticationPolicyLocationSharedArgs
{
Rulebase = "string",
},
Vsys = new Panos.Inputs.AuthenticationPolicyLocationVsysArgs
{
Name = "string",
NgfwDevice = "string",
},
},
Rules = new[]
{
new Panos.Inputs.AuthenticationPolicyRuleArgs
{
Name = "string",
DestinationZones = new[]
{
"string",
},
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationHips = new[]
{
"string",
},
AuthenticationEnforcement = "string",
Disabled = false,
GroupTag = "string",
LogAuthenticationTimeout = false,
Categories = new[]
{
"string",
},
LogSetting = "string",
Services = new[]
{
"string",
},
NegateSource = false,
NegateDestination = false,
SourceAddresses = new[]
{
"string",
},
SourceHips = new[]
{
"string",
},
SourceUsers = new[]
{
"string",
},
SourceZones = new[]
{
"string",
},
Tags = new[]
{
"string",
},
Target = new Panos.Inputs.AuthenticationPolicyRuleTargetArgs
{
Devices = new[]
{
new Panos.Inputs.AuthenticationPolicyRuleTargetDeviceArgs
{
Name = "string",
Vsys = new[]
{
new Panos.Inputs.AuthenticationPolicyRuleTargetDeviceVsyArgs
{
Name = "string",
},
},
},
},
Negate = false,
Tags = new[]
{
"string",
},
},
Timeout = 0,
},
},
});
example, err := panos.NewAuthenticationPolicy(ctx, "authenticationPolicyResource", &panos.AuthenticationPolicyArgs{
Location: &panos.AuthenticationPolicyLocationArgs{
DeviceGroup: &panos.AuthenticationPolicyLocationDeviceGroupArgs{
Name: pulumi.String("string"),
PanoramaDevice: pulumi.String("string"),
Rulebase: pulumi.String("string"),
},
Shared: &panos.AuthenticationPolicyLocationSharedArgs{
Rulebase: pulumi.String("string"),
},
Vsys: &panos.AuthenticationPolicyLocationVsysArgs{
Name: pulumi.String("string"),
NgfwDevice: pulumi.String("string"),
},
},
Rules: panos.AuthenticationPolicyRuleArray{
&panos.AuthenticationPolicyRuleArgs{
Name: pulumi.String("string"),
DestinationZones: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationHips: pulumi.StringArray{
pulumi.String("string"),
},
AuthenticationEnforcement: pulumi.String("string"),
Disabled: pulumi.Bool(false),
GroupTag: pulumi.String("string"),
LogAuthenticationTimeout: pulumi.Bool(false),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
LogSetting: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
NegateSource: pulumi.Bool(false),
NegateDestination: pulumi.Bool(false),
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceHips: pulumi.StringArray{
pulumi.String("string"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("string"),
},
SourceZones: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Target: &panos.AuthenticationPolicyRuleTargetArgs{
Devices: panos.AuthenticationPolicyRuleTargetDeviceArray{
&panos.AuthenticationPolicyRuleTargetDeviceArgs{
Name: pulumi.String("string"),
Vsys: panos.AuthenticationPolicyRuleTargetDeviceVsyArray{
&panos.AuthenticationPolicyRuleTargetDeviceVsyArgs{
Name: pulumi.String("string"),
},
},
},
},
Negate: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
Timeout: pulumi.Float64(0),
},
},
})
var authenticationPolicyResource = new AuthenticationPolicy("authenticationPolicyResource", AuthenticationPolicyArgs.builder()
.location(AuthenticationPolicyLocationArgs.builder()
.deviceGroup(AuthenticationPolicyLocationDeviceGroupArgs.builder()
.name("string")
.panoramaDevice("string")
.rulebase("string")
.build())
.shared(AuthenticationPolicyLocationSharedArgs.builder()
.rulebase("string")
.build())
.vsys(AuthenticationPolicyLocationVsysArgs.builder()
.name("string")
.ngfwDevice("string")
.build())
.build())
.rules(AuthenticationPolicyRuleArgs.builder()
.name("string")
.destinationZones("string")
.description("string")
.destinationAddresses("string")
.destinationHips("string")
.authenticationEnforcement("string")
.disabled(false)
.groupTag("string")
.logAuthenticationTimeout(false)
.categories("string")
.logSetting("string")
.services("string")
.negateSource(false)
.negateDestination(false)
.sourceAddresses("string")
.sourceHips("string")
.sourceUsers("string")
.sourceZones("string")
.tags("string")
.target(AuthenticationPolicyRuleTargetArgs.builder()
.devices(AuthenticationPolicyRuleTargetDeviceArgs.builder()
.name("string")
.vsys(AuthenticationPolicyRuleTargetDeviceVsyArgs.builder()
.name("string")
.build())
.build())
.negate(false)
.tags("string")
.build())
.timeout(0.0)
.build())
.build());
authentication_policy_resource = panos.AuthenticationPolicy("authenticationPolicyResource",
location={
"device_group": {
"name": "string",
"panorama_device": "string",
"rulebase": "string",
},
"shared": {
"rulebase": "string",
},
"vsys": {
"name": "string",
"ngfw_device": "string",
},
},
rules=[{
"name": "string",
"destination_zones": ["string"],
"description": "string",
"destination_addresses": ["string"],
"destination_hips": ["string"],
"authentication_enforcement": "string",
"disabled": False,
"group_tag": "string",
"log_authentication_timeout": False,
"categories": ["string"],
"log_setting": "string",
"services": ["string"],
"negate_source": False,
"negate_destination": False,
"source_addresses": ["string"],
"source_hips": ["string"],
"source_users": ["string"],
"source_zones": ["string"],
"tags": ["string"],
"target": {
"devices": [{
"name": "string",
"vsys": [{
"name": "string",
}],
}],
"negate": False,
"tags": ["string"],
},
"timeout": 0,
}])
const authenticationPolicyResource = new panos.AuthenticationPolicy("authenticationPolicyResource", {
location: {
deviceGroup: {
name: "string",
panoramaDevice: "string",
rulebase: "string",
},
shared: {
rulebase: "string",
},
vsys: {
name: "string",
ngfwDevice: "string",
},
},
rules: [{
name: "string",
destinationZones: ["string"],
description: "string",
destinationAddresses: ["string"],
destinationHips: ["string"],
authenticationEnforcement: "string",
disabled: false,
groupTag: "string",
logAuthenticationTimeout: false,
categories: ["string"],
logSetting: "string",
services: ["string"],
negateSource: false,
negateDestination: false,
sourceAddresses: ["string"],
sourceHips: ["string"],
sourceUsers: ["string"],
sourceZones: ["string"],
tags: ["string"],
target: {
devices: [{
name: "string",
vsys: [{
name: "string",
}],
}],
negate: false,
tags: ["string"],
},
timeout: 0,
}],
});
type: panos:AuthenticationPolicy
properties:
location:
deviceGroup:
name: string
panoramaDevice: string
rulebase: string
shared:
rulebase: string
vsys:
name: string
ngfwDevice: string
rules:
- authenticationEnforcement: string
categories:
- string
description: string
destinationAddresses:
- string
destinationHips:
- string
destinationZones:
- string
disabled: false
groupTag: string
logAuthenticationTimeout: false
logSetting: string
name: string
negateDestination: false
negateSource: false
services:
- string
sourceAddresses:
- string
sourceHips:
- string
sourceUsers:
- string
sourceZones:
- string
tags:
- string
target:
devices:
- name: string
vsys:
- name: string
negate: false
tags:
- string
timeout: 0
AuthenticationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthenticationPolicy resource accepts the following input properties:
- Location
Authentication
Policy Location - The location of this object.
- Rules
List<Authentication
Policy Rule>
- Location
Authentication
Policy Location Args - The location of this object.
- Rules
[]Authentication
Policy Rule Args
- location
Authentication
Policy Location - The location of this object.
- rules
List<Authentication
Policy Rule>
- location
Authentication
Policy Location - The location of this object.
- rules
Authentication
Policy Rule[]
- location
Authentication
Policy Location Args - The location of this object.
- rules
Sequence[Authentication
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthenticationPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AuthenticationPolicy Resource
Get an existing AuthenticationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthenticationPolicyState, opts?: CustomResourceOptions): AuthenticationPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
location: Optional[AuthenticationPolicyLocationArgs] = None,
rules: Optional[Sequence[AuthenticationPolicyRuleArgs]] = None) -> AuthenticationPolicyfunc GetAuthenticationPolicy(ctx *Context, name string, id IDInput, state *AuthenticationPolicyState, opts ...ResourceOption) (*AuthenticationPolicy, error)public static AuthenticationPolicy Get(string name, Input<string> id, AuthenticationPolicyState? state, CustomResourceOptions? opts = null)public static AuthenticationPolicy get(String name, Output<String> id, AuthenticationPolicyState state, CustomResourceOptions options)resources: _: type: panos:AuthenticationPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Location
Authentication
Policy Location - The location of this object.
- Rules
List<Authentication
Policy Rule>
- Location
Authentication
Policy Location Args - The location of this object.
- Rules
[]Authentication
Policy Rule Args
- location
Authentication
Policy Location - The location of this object.
- rules
List<Authentication
Policy Rule>
- location
Authentication
Policy Location - The location of this object.
- rules
Authentication
Policy Rule[]
- location
Authentication
Policy Location Args - The location of this object.
- rules
Sequence[Authentication
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Supporting Types
AuthenticationPolicyLocation, AuthenticationPolicyLocationArgs
- Device
Group AuthenticationPolicy Location Device Group - Located in a specific device group rulebase
-
Authentication
Policy Location Shared - Located in a shared rulebase
- Vsys
Authentication
Policy Location Vsys - Located in a specific vsys rulebase
- Device
Group AuthenticationPolicy Location Device Group - Located in a specific device group rulebase
-
Authentication
Policy Location Shared - Located in a shared rulebase
- Vsys
Authentication
Policy Location Vsys - Located in a specific vsys rulebase
- device
Group AuthenticationPolicy Location Device Group - Located in a specific device group rulebase
-
Authentication
Policy Location Shared - Located in a shared rulebase
- vsys
Authentication
Policy Location Vsys - Located in a specific vsys rulebase
- device
Group AuthenticationPolicy Location Device Group - Located in a specific device group rulebase
-
Authentication
Policy Location Shared - Located in a shared rulebase
- vsys
Authentication
Policy Location Vsys - Located in a specific vsys rulebase
- device_
group AuthenticationPolicy Location Device Group - Located in a specific device group rulebase
-
Authentication
Policy Location Shared - Located in a shared rulebase
- vsys
Authentication
Policy Location Vsys - Located in a specific vsys rulebase
- device
Group Property Map - Located in a specific device group rulebase
- Property Map
- Located in a shared rulebase
- vsys Property Map
- Located in a specific vsys rulebase
AuthenticationPolicyLocationDeviceGroup, AuthenticationPolicyLocationDeviceGroupArgs
- Name string
- The device group name
- Panorama
Device string - The panorama device
- Rulebase string
- The rulebase
- Name string
- The device group name
- Panorama
Device string - The panorama device
- Rulebase string
- The rulebase
- name String
- The device group name
- panorama
Device String - The panorama device
- rulebase String
- The rulebase
- name string
- The device group name
- panorama
Device string - The panorama device
- rulebase string
- The rulebase
- name str
- The device group name
- panorama_
device str - The panorama device
- rulebase str
- The rulebase
- name String
- The device group name
- panorama
Device String - The panorama device
- rulebase String
- The rulebase
AuthenticationPolicyLocationShared, AuthenticationPolicyLocationSharedArgs
- Rulebase string
- Rulebase name
- Rulebase string
- Rulebase name
- rulebase String
- Rulebase name
- rulebase string
- Rulebase name
- rulebase str
- Rulebase name
- rulebase String
- Rulebase name
AuthenticationPolicyLocationVsys, AuthenticationPolicyLocationVsysArgs
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
- name string
- The vsys name
- ngfw
Device string - The NGFW device
- name str
- The vsys name
- ngfw_
device str - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
AuthenticationPolicyRule, AuthenticationPolicyRuleArgs
- Name string
- Authentication
Enforcement string - Authentication enforcement object to use for authentication.
- Categories List<string>
- Description string
- Destination
Addresses List<string> - Destination
Hips List<string> - Destination
Zones List<string> - Disabled bool
- Disable the rule
- Group
Tag string - Log
Authentication boolTimeout - Log
Setting string - Log setting for forwarding authentication logs
- Negate
Destination bool - Negate
Source bool - Services List<string>
- Source
Addresses List<string> - Source
Hips List<string> - Source
Users List<string> - Source
Zones List<string> - List<string>
- Target
Authentication
Policy Rule Target - Timeout double
- expiration timer (minutes)
- Name string
- Authentication
Enforcement string - Authentication enforcement object to use for authentication.
- Categories []string
- Description string
- Destination
Addresses []string - Destination
Hips []string - Destination
Zones []string - Disabled bool
- Disable the rule
- Group
Tag string - Log
Authentication boolTimeout - Log
Setting string - Log setting for forwarding authentication logs
- Negate
Destination bool - Negate
Source bool - Services []string
- Source
Addresses []string - Source
Hips []string - Source
Users []string - Source
Zones []string - []string
- Target
Authentication
Policy Rule Target - Timeout float64
- expiration timer (minutes)
- name String
- authentication
Enforcement String - Authentication enforcement object to use for authentication.
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disabled Boolean
- Disable the rule
- group
Tag String - log
Authentication BooleanTimeout - log
Setting String - Log setting for forwarding authentication logs
- negate
Destination Boolean - negate
Source Boolean - services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Users List<String> - source
Zones List<String> - List<String>
- target
Authentication
Policy Rule Target - timeout Double
- expiration timer (minutes)
- name string
- authentication
Enforcement string - Authentication enforcement object to use for authentication.
- categories string[]
- description string
- destination
Addresses string[] - destination
Hips string[] - destination
Zones string[] - disabled boolean
- Disable the rule
- group
Tag string - log
Authentication booleanTimeout - log
Setting string - Log setting for forwarding authentication logs
- negate
Destination boolean - negate
Source boolean - services string[]
- source
Addresses string[] - source
Hips string[] - source
Users string[] - source
Zones string[] - string[]
- target
Authentication
Policy Rule Target - timeout number
- expiration timer (minutes)
- name str
- authentication_
enforcement str - Authentication enforcement object to use for authentication.
- categories Sequence[str]
- description str
- destination_
addresses Sequence[str] - destination_
hips Sequence[str] - destination_
zones Sequence[str] - disabled bool
- Disable the rule
- group_
tag str - log_
authentication_ booltimeout - log_
setting str - Log setting for forwarding authentication logs
- negate_
destination bool - negate_
source bool - services Sequence[str]
- source_
addresses Sequence[str] - source_
hips Sequence[str] - source_
users Sequence[str] - source_
zones Sequence[str] - Sequence[str]
- target
Authentication
Policy Rule Target - timeout float
- expiration timer (minutes)
- name String
- authentication
Enforcement String - Authentication enforcement object to use for authentication.
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disabled Boolean
- Disable the rule
- group
Tag String - log
Authentication BooleanTimeout - log
Setting String - Log setting for forwarding authentication logs
- negate
Destination Boolean - negate
Source Boolean - services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Users List<String> - source
Zones List<String> - List<String>
- target Property Map
- timeout Number
- expiration timer (minutes)
AuthenticationPolicyRuleTarget, AuthenticationPolicyRuleTargetArgs
- Devices
List<Authentication
Policy Rule Target Device> - Negate bool
- Target to all but these specified devices and tags
- List<string>
- Devices
[]Authentication
Policy Rule Target Device - Negate bool
- Target to all but these specified devices and tags
- []string
- devices
List<Authentication
Policy Rule Target Device> - negate Boolean
- Target to all but these specified devices and tags
- List<String>
- devices
Authentication
Policy Rule Target Device[] - negate boolean
- Target to all but these specified devices and tags
- string[]
- devices
Sequence[Authentication
Policy Rule Target Device] - negate bool
- Target to all but these specified devices and tags
- Sequence[str]
- devices List<Property Map>
- negate Boolean
- Target to all but these specified devices and tags
- List<String>
AuthenticationPolicyRuleTargetDevice, AuthenticationPolicyRuleTargetDeviceArgs
- name String
- vsys List<Property Map>
AuthenticationPolicyRuleTargetDeviceVsy, AuthenticationPolicyRuleTargetDeviceVsyArgs
- Name string
- Name string
- name String
- name string
- name str
- name String
Import
#!/bin/bash
The entire authentication policy can be imported by providing the following base64 encoded object as the ID
{
location = {
device_group = {
name = "example-device-group"
rulebase = "pre-rulebase"
panorama_device = "localhost.localdomain"
}
}
names = [
"require-auth-web-access", <- the first rule in the policy
]
}
$ pulumi import panos:index/authenticationPolicy:AuthenticationPolicy example $(echo '{"location":{"device_group":{"name":"example-device-group","panorama_device":"localhost.localdomain","rulebase":"pre-rulebase"}},"names":["require-auth-web-access"]}' | base64)
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- panos paloaltonetworks/terraform-provider-panos
- License
- Notes
- This Pulumi package is based on the
panosTerraform Provider.
Viewing docs for panos 2.0.10
published on Thursday, Apr 9, 2026 by paloaltonetworks
published on Thursday, Apr 9, 2026 by paloaltonetworks
