Docs Home
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks
panos.SecurityPolicy
Explore with Pulumi AI
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.panos.DeviceGroup;
import com.pulumi.panos.DeviceGroupArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationPanoramaArgs;
import com.pulumi.panos.SecurityPolicy;
import com.pulumi.panos.SecurityPolicyArgs;
import com.pulumi.panos.inputs.SecurityPolicyLocationArgs;
import com.pulumi.panos.inputs.SecurityPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DeviceGroup("example", DeviceGroupArgs.builder()
.location(DeviceGroupLocationArgs.builder()
.panorama()
.build())
.build());
// Manages the entire security policy
var name = new SecurityPolicy("name", SecurityPolicyArgs.builder()
.location(SecurityPolicyLocationArgs.builder()
.device_group(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.rules(SecurityPolicyRuleArgs.builder()
.name("rule-1")
.sourceZones("any")
.sourceAddresses("1.1.1.1")
.destinationZones("any")
.destinationAddresses("172.0.0.0/8")
.services("any")
.applications("any")
.build())
.build());
}
}
resources:
# Manages the entire security policy
name:
type: panos:SecurityPolicy
properties:
location:
device_group:
name: ${example.name}
rules:
- name: rule-1
sourceZones:
- any
sourceAddresses:
- 1.1.1.1
destinationZones:
- any
destinationAddresses:
- 172.0.0.0/8
services:
- any
applications:
- any
example:
type: panos:DeviceGroup
properties:
location:
panorama: {}
Create SecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityPolicy(name: string, args: SecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def SecurityPolicy(resource_name: str,
args: SecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[SecurityPolicyLocationArgs] = None,
rules: Optional[Sequence[SecurityPolicyRuleArgs]] = None)func NewSecurityPolicy(ctx *Context, name string, args SecurityPolicyArgs, opts ...ResourceOption) (*SecurityPolicy, error)public SecurityPolicy(string name, SecurityPolicyArgs args, CustomResourceOptions? opts = null)
public SecurityPolicy(String name, SecurityPolicyArgs args)
public SecurityPolicy(String name, SecurityPolicyArgs args, CustomResourceOptions options)
type: panos:SecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securityPolicyResource = new Panos.SecurityPolicy("securityPolicyResource", new()
{
Location = new Panos.Inputs.SecurityPolicyLocationArgs
{
DeviceGroup = new Panos.Inputs.SecurityPolicyLocationDeviceGroupArgs
{
Name = "string",
PanoramaDevice = "string",
Rulebase = "string",
},
Shared = new Panos.Inputs.SecurityPolicyLocationSharedArgs
{
Rulebase = "string",
},
Vsys = new Panos.Inputs.SecurityPolicyLocationVsysArgs
{
Name = "string",
NgfwDevice = "string",
},
},
Rules = new[]
{
new Panos.Inputs.SecurityPolicyRuleArgs
{
Name = "string",
NegateDestination = false,
NegateSource = false,
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationHips = new[]
{
"string",
},
DestinationZones = new[]
{
"string",
},
DisableInspect = false,
DisableServerResponseInspection = false,
Disabled = false,
GroupTag = "string",
IcmpUnreachable = false,
LogEnd = false,
LogSetting = "string",
LogStart = false,
Categories = new[]
{
"string",
},
Applications = new[]
{
"string",
},
Qos = new Panos.Inputs.SecurityPolicyRuleQosArgs
{
Marking = new Panos.Inputs.SecurityPolicyRuleQosMarkingArgs
{
FollowC2sFlow = null,
IpDscp = "string",
IpPrecedence = "string",
},
},
ProfileSetting = new Panos.Inputs.SecurityPolicyRuleProfileSettingArgs
{
Groups = new[]
{
"string",
},
Profiles = new Panos.Inputs.SecurityPolicyRuleProfileSettingProfilesArgs
{
DataFilterings = new[]
{
"string",
},
FileBlockings = new[]
{
"string",
},
Gtps = new[]
{
"string",
},
Sctps = new[]
{
"string",
},
Spywares = new[]
{
"string",
},
UrlFilterings = new[]
{
"string",
},
Viri = new[]
{
"string",
},
Vulnerabilities = new[]
{
"string",
},
WildfireAnalyses = new[]
{
"string",
},
},
},
Action = "string",
RuleType = "string",
Schedule = "string",
Services = new[]
{
"string",
},
SourceAddresses = new[]
{
"string",
},
SourceHips = new[]
{
"string",
},
SourceImeis = new[]
{
"string",
},
SourceImsis = new[]
{
"string",
},
SourceNwSlices = new[]
{
"string",
},
SourceUsers = new[]
{
"string",
},
SourceZones = new[]
{
"string",
},
Tags = new[]
{
"string",
},
Target = new Panos.Inputs.SecurityPolicyRuleTargetArgs
{
Devices = new[]
{
new Panos.Inputs.SecurityPolicyRuleTargetDeviceArgs
{
Name = "string",
Vsys = new[]
{
new Panos.Inputs.SecurityPolicyRuleTargetDeviceVsyArgs
{
Name = "string",
},
},
},
},
Negate = false,
Tags = new[]
{
"string",
},
},
},
},
});
example, err := panos.NewSecurityPolicy(ctx, "securityPolicyResource", &panos.SecurityPolicyArgs{
Location: &panos.SecurityPolicyLocationArgs{
DeviceGroup: &panos.SecurityPolicyLocationDeviceGroupArgs{
Name: pulumi.String("string"),
PanoramaDevice: pulumi.String("string"),
Rulebase: pulumi.String("string"),
},
Shared: &panos.SecurityPolicyLocationSharedArgs{
Rulebase: pulumi.String("string"),
},
Vsys: &panos.SecurityPolicyLocationVsysArgs{
Name: pulumi.String("string"),
NgfwDevice: pulumi.String("string"),
},
},
Rules: panos.SecurityPolicyRuleArray{
&panos.SecurityPolicyRuleArgs{
Name: pulumi.String("string"),
NegateDestination: pulumi.Bool(false),
NegateSource: pulumi.Bool(false),
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationHips: pulumi.StringArray{
pulumi.String("string"),
},
DestinationZones: pulumi.StringArray{
pulumi.String("string"),
},
DisableInspect: pulumi.Bool(false),
DisableServerResponseInspection: pulumi.Bool(false),
Disabled: pulumi.Bool(false),
GroupTag: pulumi.String("string"),
IcmpUnreachable: pulumi.Bool(false),
LogEnd: pulumi.Bool(false),
LogSetting: pulumi.String("string"),
LogStart: pulumi.Bool(false),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Applications: pulumi.StringArray{
pulumi.String("string"),
},
Qos: &panos.SecurityPolicyRuleQosArgs{
Marking: &panos.SecurityPolicyRuleQosMarkingArgs{
FollowC2sFlow: &panos.SecurityPolicyRuleQosMarkingFollowC2sFlowArgs{},
IpDscp: pulumi.String("string"),
IpPrecedence: pulumi.String("string"),
},
},
ProfileSetting: &panos.SecurityPolicyRuleProfileSettingArgs{
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Profiles: &panos.SecurityPolicyRuleProfileSettingProfilesArgs{
DataFilterings: pulumi.StringArray{
pulumi.String("string"),
},
FileBlockings: pulumi.StringArray{
pulumi.String("string"),
},
Gtps: pulumi.StringArray{
pulumi.String("string"),
},
Sctps: pulumi.StringArray{
pulumi.String("string"),
},
Spywares: pulumi.StringArray{
pulumi.String("string"),
},
UrlFilterings: pulumi.StringArray{
pulumi.String("string"),
},
Viri: pulumi.StringArray{
pulumi.String("string"),
},
Vulnerabilities: pulumi.StringArray{
pulumi.String("string"),
},
WildfireAnalyses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Action: pulumi.String("string"),
RuleType: pulumi.String("string"),
Schedule: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceHips: pulumi.StringArray{
pulumi.String("string"),
},
SourceImeis: pulumi.StringArray{
pulumi.String("string"),
},
SourceImsis: pulumi.StringArray{
pulumi.String("string"),
},
SourceNwSlices: pulumi.StringArray{
pulumi.String("string"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("string"),
},
SourceZones: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Target: &panos.SecurityPolicyRuleTargetArgs{
Devices: panos.SecurityPolicyRuleTargetDeviceArray{
&panos.SecurityPolicyRuleTargetDeviceArgs{
Name: pulumi.String("string"),
Vsys: panos.SecurityPolicyRuleTargetDeviceVsyArray{
&panos.SecurityPolicyRuleTargetDeviceVsyArgs{
Name: pulumi.String("string"),
},
},
},
},
Negate: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
})
var securityPolicyResource = new SecurityPolicy("securityPolicyResource", SecurityPolicyArgs.builder()
.location(SecurityPolicyLocationArgs.builder()
.deviceGroup(SecurityPolicyLocationDeviceGroupArgs.builder()
.name("string")
.panoramaDevice("string")
.rulebase("string")
.build())
.shared(SecurityPolicyLocationSharedArgs.builder()
.rulebase("string")
.build())
.vsys(SecurityPolicyLocationVsysArgs.builder()
.name("string")
.ngfwDevice("string")
.build())
.build())
.rules(SecurityPolicyRuleArgs.builder()
.name("string")
.negateDestination(false)
.negateSource(false)
.description("string")
.destinationAddresses("string")
.destinationHips("string")
.destinationZones("string")
.disableInspect(false)
.disableServerResponseInspection(false)
.disabled(false)
.groupTag("string")
.icmpUnreachable(false)
.logEnd(false)
.logSetting("string")
.logStart(false)
.categories("string")
.applications("string")
.qos(SecurityPolicyRuleQosArgs.builder()
.marking(SecurityPolicyRuleQosMarkingArgs.builder()
.followC2sFlow()
.ipDscp("string")
.ipPrecedence("string")
.build())
.build())
.profileSetting(SecurityPolicyRuleProfileSettingArgs.builder()
.groups("string")
.profiles(SecurityPolicyRuleProfileSettingProfilesArgs.builder()
.dataFilterings("string")
.fileBlockings("string")
.gtps("string")
.sctps("string")
.spywares("string")
.urlFilterings("string")
.viri("string")
.vulnerabilities("string")
.wildfireAnalyses("string")
.build())
.build())
.action("string")
.ruleType("string")
.schedule("string")
.services("string")
.sourceAddresses("string")
.sourceHips("string")
.sourceImeis("string")
.sourceImsis("string")
.sourceNwSlices("string")
.sourceUsers("string")
.sourceZones("string")
.tags("string")
.target(SecurityPolicyRuleTargetArgs.builder()
.devices(SecurityPolicyRuleTargetDeviceArgs.builder()
.name("string")
.vsys(SecurityPolicyRuleTargetDeviceVsyArgs.builder()
.name("string")
.build())
.build())
.negate(false)
.tags("string")
.build())
.build())
.build());
security_policy_resource = panos.SecurityPolicy("securityPolicyResource",
location={
"device_group": {
"name": "string",
"panorama_device": "string",
"rulebase": "string",
},
"shared": {
"rulebase": "string",
},
"vsys": {
"name": "string",
"ngfw_device": "string",
},
},
rules=[{
"name": "string",
"negate_destination": False,
"negate_source": False,
"description": "string",
"destination_addresses": ["string"],
"destination_hips": ["string"],
"destination_zones": ["string"],
"disable_inspect": False,
"disable_server_response_inspection": False,
"disabled": False,
"group_tag": "string",
"icmp_unreachable": False,
"log_end": False,
"log_setting": "string",
"log_start": False,
"categories": ["string"],
"applications": ["string"],
"qos": {
"marking": {
"follow_c2s_flow": {},
"ip_dscp": "string",
"ip_precedence": "string",
},
},
"profile_setting": {
"groups": ["string"],
"profiles": {
"data_filterings": ["string"],
"file_blockings": ["string"],
"gtps": ["string"],
"sctps": ["string"],
"spywares": ["string"],
"url_filterings": ["string"],
"viri": ["string"],
"vulnerabilities": ["string"],
"wildfire_analyses": ["string"],
},
},
"action": "string",
"rule_type": "string",
"schedule": "string",
"services": ["string"],
"source_addresses": ["string"],
"source_hips": ["string"],
"source_imeis": ["string"],
"source_imsis": ["string"],
"source_nw_slices": ["string"],
"source_users": ["string"],
"source_zones": ["string"],
"tags": ["string"],
"target": {
"devices": [{
"name": "string",
"vsys": [{
"name": "string",
}],
}],
"negate": False,
"tags": ["string"],
},
}])
const securityPolicyResource = new panos.SecurityPolicy("securityPolicyResource", {
location: {
deviceGroup: {
name: "string",
panoramaDevice: "string",
rulebase: "string",
},
shared: {
rulebase: "string",
},
vsys: {
name: "string",
ngfwDevice: "string",
},
},
rules: [{
name: "string",
negateDestination: false,
negateSource: false,
description: "string",
destinationAddresses: ["string"],
destinationHips: ["string"],
destinationZones: ["string"],
disableInspect: false,
disableServerResponseInspection: false,
disabled: false,
groupTag: "string",
icmpUnreachable: false,
logEnd: false,
logSetting: "string",
logStart: false,
categories: ["string"],
applications: ["string"],
qos: {
marking: {
followC2sFlow: {},
ipDscp: "string",
ipPrecedence: "string",
},
},
profileSetting: {
groups: ["string"],
profiles: {
dataFilterings: ["string"],
fileBlockings: ["string"],
gtps: ["string"],
sctps: ["string"],
spywares: ["string"],
urlFilterings: ["string"],
viri: ["string"],
vulnerabilities: ["string"],
wildfireAnalyses: ["string"],
},
},
action: "string",
ruleType: "string",
schedule: "string",
services: ["string"],
sourceAddresses: ["string"],
sourceHips: ["string"],
sourceImeis: ["string"],
sourceImsis: ["string"],
sourceNwSlices: ["string"],
sourceUsers: ["string"],
sourceZones: ["string"],
tags: ["string"],
target: {
devices: [{
name: "string",
vsys: [{
name: "string",
}],
}],
negate: false,
tags: ["string"],
},
}],
});
type: panos:SecurityPolicy
properties:
location:
deviceGroup:
name: string
panoramaDevice: string
rulebase: string
shared:
rulebase: string
vsys:
name: string
ngfwDevice: string
rules:
- action: string
applications:
- string
categories:
- string
description: string
destinationAddresses:
- string
destinationHips:
- string
destinationZones:
- string
disableInspect: false
disableServerResponseInspection: false
disabled: false
groupTag: string
icmpUnreachable: false
logEnd: false
logSetting: string
logStart: false
name: string
negateDestination: false
negateSource: false
profileSetting:
groups:
- string
profiles:
dataFilterings:
- string
fileBlockings:
- string
gtps:
- string
sctps:
- string
spywares:
- string
urlFilterings:
- string
viri:
- string
vulnerabilities:
- string
wildfireAnalyses:
- string
qos:
marking:
followC2sFlow: {}
ipDscp: string
ipPrecedence: string
ruleType: string
schedule: string
services:
- string
sourceAddresses:
- string
sourceHips:
- string
sourceImeis:
- string
sourceImsis:
- string
sourceNwSlices:
- string
sourceUsers:
- string
sourceZones:
- string
tags:
- string
target:
devices:
- name: string
vsys:
- name: string
negate: false
tags:
- string
SecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityPolicy resource accepts the following input properties:
- Location
Security
Policy Location - The location of this object.
- Rules
List<Security
Policy Rule>
- Location
Security
Policy Location Args - The location of this object.
- Rules
[]Security
Policy Rule Args
- location
Security
Policy Location - The location of this object.
- rules
List<Security
Policy Rule>
- location
Security
Policy Location - The location of this object.
- rules
Security
Policy Rule[]
- location
Security
Policy Location Args - The location of this object.
- rules
Sequence[Security
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecurityPolicy Resource
Get an existing SecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityPolicyState, opts?: CustomResourceOptions): SecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
location: Optional[SecurityPolicyLocationArgs] = None,
rules: Optional[Sequence[SecurityPolicyRuleArgs]] = None) -> SecurityPolicyfunc GetSecurityPolicy(ctx *Context, name string, id IDInput, state *SecurityPolicyState, opts ...ResourceOption) (*SecurityPolicy, error)public static SecurityPolicy Get(string name, Input<string> id, SecurityPolicyState? state, CustomResourceOptions? opts = null)public static SecurityPolicy get(String name, Output<String> id, SecurityPolicyState state, CustomResourceOptions options)resources: _: type: panos:SecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Location
Security
Policy Location - The location of this object.
- Rules
List<Security
Policy Rule>
- Location
Security
Policy Location Args - The location of this object.
- Rules
[]Security
Policy Rule Args
- location
Security
Policy Location - The location of this object.
- rules
List<Security
Policy Rule>
- location
Security
Policy Location - The location of this object.
- rules
Security
Policy Rule[]
- location
Security
Policy Location Args - The location of this object.
- rules
Sequence[Security
Policy Rule Args]
- location Property Map
- The location of this object.
- rules List<Property Map>
Supporting Types
SecurityPolicyLocation, SecurityPolicyLocationArgs
- Device
Group SecurityPolicy Location Device Group - Located in a specific device group.
-
Security
Policy Location Shared - Located in a shared rulebase
- Vsys
Security
Policy Location Vsys - Located in a specific vsys.
- Device
Group SecurityPolicy Location Device Group - Located in a specific device group.
-
Security
Policy Location Shared - Located in a shared rulebase
- Vsys
Security
Policy Location Vsys - Located in a specific vsys.
- device
Group SecurityPolicy Location Device Group - Located in a specific device group.
-
Security
Policy Location Shared - Located in a shared rulebase
- vsys
Security
Policy Location Vsys - Located in a specific vsys.
- device
Group SecurityPolicy Location Device Group - Located in a specific device group.
-
Security
Policy Location Shared - Located in a shared rulebase
- vsys
Security
Policy Location Vsys - Located in a specific vsys.
- device_
group SecurityPolicy Location Device Group - Located in a specific device group.
-
Security
Policy Location Shared - Located in a shared rulebase
- vsys
Security
Policy Location Vsys - Located in a specific vsys.
- device
Group Property Map - Located in a specific device group.
- Property Map
- Located in a shared rulebase
- vsys Property Map
- Located in a specific vsys.
SecurityPolicyLocationDeviceGroup, SecurityPolicyLocationDeviceGroupArgs
- Name string
- The device group.
- Panorama
Device string - The panorama device.
- Rulebase string
- The rulebase.
- Name string
- The device group.
- Panorama
Device string - The panorama device.
- Rulebase string
- The rulebase.
- name String
- The device group.
- panorama
Device String - The panorama device.
- rulebase String
- The rulebase.
- name string
- The device group.
- panorama
Device string - The panorama device.
- rulebase string
- The rulebase.
- name str
- The device group.
- panorama_
device str - The panorama device.
- rulebase str
- The rulebase.
- name String
- The device group.
- panorama
Device String - The panorama device.
- rulebase String
- The rulebase.
SecurityPolicyLocationShared, SecurityPolicyLocationSharedArgs
- Rulebase string
- Rulebase name
- Rulebase string
- Rulebase name
- rulebase String
- Rulebase name
- rulebase string
- Rulebase name
- rulebase str
- Rulebase name
- rulebase String
- Rulebase name
SecurityPolicyLocationVsys, SecurityPolicyLocationVsysArgs
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- Name string
- The vsys name
- Ngfw
Device string - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
- name string
- The vsys name
- ngfw
Device string - The NGFW device
- name str
- The vsys name
- ngfw_
device str - The NGFW device
- name String
- The vsys name
- ngfw
Device String - The NGFW device
SecurityPolicyRule, SecurityPolicyRuleArgs
- Name string
- Action string
- Applications List<string>
- Categories List<string>
- Description string
- Destination
Addresses List<string> - Destination
Hips List<string> - Destination
Zones List<string> - Disable
Inspect bool - Disable
Server boolResponse Inspection - Disable inspection of server side traffic
- Disabled bool
- Disable the rule
- Group
Tag string - Icmp
Unreachable bool - Send ICMP unreachable error when action is drop or reset
- Log
End bool - Log at session end (required for certain ACC tables)
- Log
Setting string - Log
Start bool - Log at session start
- Negate
Destination bool - Negate
Source bool - Profile
Setting SecurityPolicy Rule Profile Setting - Qos
Security
Policy Rule Qos - Rule
Type string - Schedule string
- Services List<string>
- Source
Addresses List<string> - Source
Hips List<string> - Source
Imeis List<string> - Source
Imsis List<string> - Source
Nw List<string>Slices - Source
Users List<string> - Source
Zones List<string> - List<string>
- Target
Security
Policy Rule Target
- Name string
- Action string
- Applications []string
- Categories []string
- Description string
- Destination
Addresses []string - Destination
Hips []string - Destination
Zones []string - Disable
Inspect bool - Disable
Server boolResponse Inspection - Disable inspection of server side traffic
- Disabled bool
- Disable the rule
- Group
Tag string - Icmp
Unreachable bool - Send ICMP unreachable error when action is drop or reset
- Log
End bool - Log at session end (required for certain ACC tables)
- Log
Setting string - Log
Start bool - Log at session start
- Negate
Destination bool - Negate
Source bool - Profile
Setting SecurityPolicy Rule Profile Setting - Qos
Security
Policy Rule Qos - Rule
Type string - Schedule string
- Services []string
- Source
Addresses []string - Source
Hips []string - Source
Imeis []string - Source
Imsis []string - Source
Nw []stringSlices - Source
Users []string - Source
Zones []string - []string
- Target
Security
Policy Rule Target
- name String
- action String
- applications List<String>
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disable
Inspect Boolean - disable
Server BooleanResponse Inspection - Disable inspection of server side traffic
- disabled Boolean
- Disable the rule
- group
Tag String - icmp
Unreachable Boolean - Send ICMP unreachable error when action is drop or reset
- log
End Boolean - Log at session end (required for certain ACC tables)
- log
Setting String - log
Start Boolean - Log at session start
- negate
Destination Boolean - negate
Source Boolean - profile
Setting SecurityPolicy Rule Profile Setting - qos
Security
Policy Rule Qos - rule
Type String - schedule String
- services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Imeis List<String> - source
Imsis List<String> - source
Nw List<String>Slices - source
Users List<String> - source
Zones List<String> - List<String>
- target
Security
Policy Rule Target
- name string
- action string
- applications string[]
- categories string[]
- description string
- destination
Addresses string[] - destination
Hips string[] - destination
Zones string[] - disable
Inspect boolean - disable
Server booleanResponse Inspection - Disable inspection of server side traffic
- disabled boolean
- Disable the rule
- group
Tag string - icmp
Unreachable boolean - Send ICMP unreachable error when action is drop or reset
- log
End boolean - Log at session end (required for certain ACC tables)
- log
Setting string - log
Start boolean - Log at session start
- negate
Destination boolean - negate
Source boolean - profile
Setting SecurityPolicy Rule Profile Setting - qos
Security
Policy Rule Qos - rule
Type string - schedule string
- services string[]
- source
Addresses string[] - source
Hips string[] - source
Imeis string[] - source
Imsis string[] - source
Nw string[]Slices - source
Users string[] - source
Zones string[] - string[]
- target
Security
Policy Rule Target
- name str
- action str
- applications Sequence[str]
- categories Sequence[str]
- description str
- destination_
addresses Sequence[str] - destination_
hips Sequence[str] - destination_
zones Sequence[str] - disable_
inspect bool - disable_
server_ boolresponse_ inspection - Disable inspection of server side traffic
- disabled bool
- Disable the rule
- group_
tag str - icmp_
unreachable bool - Send ICMP unreachable error when action is drop or reset
- log_
end bool - Log at session end (required for certain ACC tables)
- log_
setting str - log_
start bool - Log at session start
- negate_
destination bool - negate_
source bool - profile_
setting SecurityPolicy Rule Profile Setting - qos
Security
Policy Rule Qos - rule_
type str - schedule str
- services Sequence[str]
- source_
addresses Sequence[str] - source_
hips Sequence[str] - source_
imeis Sequence[str] - source_
imsis Sequence[str] - source_
nw_ Sequence[str]slices - source_
users Sequence[str] - source_
zones Sequence[str] - Sequence[str]
- target
Security
Policy Rule Target
- name String
- action String
- applications List<String>
- categories List<String>
- description String
- destination
Addresses List<String> - destination
Hips List<String> - destination
Zones List<String> - disable
Inspect Boolean - disable
Server BooleanResponse Inspection - Disable inspection of server side traffic
- disabled Boolean
- Disable the rule
- group
Tag String - icmp
Unreachable Boolean - Send ICMP unreachable error when action is drop or reset
- log
End Boolean - Log at session end (required for certain ACC tables)
- log
Setting String - log
Start Boolean - Log at session start
- negate
Destination Boolean - negate
Source Boolean - profile
Setting Property Map - qos Property Map
- rule
Type String - schedule String
- services List<String>
- source
Addresses List<String> - source
Hips List<String> - source
Imeis List<String> - source
Imsis List<String> - source
Nw List<String>Slices - source
Users List<String> - source
Zones List<String> - List<String>
- target Property Map
SecurityPolicyRuleProfileSetting, SecurityPolicyRuleProfileSettingArgs
- Groups List<string>
- Profiles
Security
Policy Rule Profile Setting Profiles
- groups List<String>
- profiles
Security
Policy Rule Profile Setting Profiles
- groups Sequence[str]
- profiles
Security
Policy Rule Profile Setting Profiles
- groups List<String>
- profiles Property Map
SecurityPolicyRuleProfileSettingProfiles, SecurityPolicyRuleProfileSettingProfilesArgs
- Data
Filterings List<string> - File
Blockings List<string> - Gtps List<string>
- Sctps List<string>
- Spywares List<string>
- Url
Filterings List<string> - Viri List<string>
- Vulnerabilities List<string>
- Wildfire
Analyses List<string>
- Data
Filterings []string - File
Blockings []string - Gtps []string
- Sctps []string
- Spywares []string
- Url
Filterings []string - Viri []string
- Vulnerabilities []string
- Wildfire
Analyses []string
- data
Filterings List<String> - file
Blockings List<String> - gtps List<String>
- sctps List<String>
- spywares List<String>
- url
Filterings List<String> - viri List<String>
- vulnerabilities List<String>
- wildfire
Analyses List<String>
- data
Filterings string[] - file
Blockings string[] - gtps string[]
- sctps string[]
- spywares string[]
- url
Filterings string[] - viri string[]
- vulnerabilities string[]
- wildfire
Analyses string[]
- data_
filterings Sequence[str] - file_
blockings Sequence[str] - gtps Sequence[str]
- sctps Sequence[str]
- spywares Sequence[str]
- url_
filterings Sequence[str] - viri Sequence[str]
- vulnerabilities Sequence[str]
- wildfire_
analyses Sequence[str]
- data
Filterings List<String> - file
Blockings List<String> - gtps List<String>
- sctps List<String>
- spywares List<String>
- url
Filterings List<String> - viri List<String>
- vulnerabilities List<String>
- wildfire
Analyses List<String>
SecurityPolicyRuleQos, SecurityPolicyRuleQosArgs
SecurityPolicyRuleQosMarking, SecurityPolicyRuleQosMarkingArgs
- Follow
C2s SecurityFlow Policy Rule Qos Marking Follow C2s Flow - Ip
Dscp string - IP DSCP
- Ip
Precedence string - IP Precedence
- Follow
C2s SecurityFlow Policy Rule Qos Marking Follow C2s Flow - Ip
Dscp string - IP DSCP
- Ip
Precedence string - IP Precedence
- follow
C2s SecurityFlow Policy Rule Qos Marking Follow C2s Flow - ip
Dscp String - IP DSCP
- ip
Precedence String - IP Precedence
- follow
C2s SecurityFlow Policy Rule Qos Marking Follow C2s Flow - ip
Dscp string - IP DSCP
- ip
Precedence string - IP Precedence
- follow_
c2s_ Securityflow Policy Rule Qos Marking Follow C2s Flow - ip_
dscp str - IP DSCP
- ip_
precedence str - IP Precedence
- follow
C2s Property MapFlow - ip
Dscp String - IP DSCP
- ip
Precedence String - IP Precedence
SecurityPolicyRuleTarget, SecurityPolicyRuleTargetArgs
- Devices
List<Security
Policy Rule Target Device> - Negate bool
- Target to all but these specified devices and tags
- List<string>
- Devices
[]Security
Policy Rule Target Device - Negate bool
- Target to all but these specified devices and tags
- []string
- devices
List<Security
Policy Rule Target Device> - negate Boolean
- Target to all but these specified devices and tags
- List<String>
- devices
Security
Policy Rule Target Device[] - negate boolean
- Target to all but these specified devices and tags
- string[]
- devices
Sequence[Security
Policy Rule Target Device] - negate bool
- Target to all but these specified devices and tags
- Sequence[str]
- devices List<Property Map>
- negate Boolean
- Target to all but these specified devices and tags
- List<String>
SecurityPolicyRuleTargetDevice, SecurityPolicyRuleTargetDeviceArgs
- name String
- vsys List<Property Map>
SecurityPolicyRuleTargetDeviceVsy, SecurityPolicyRuleTargetDeviceVsyArgs
- Name string
- Name string
- name String
- name string
- name str
- name String
Import
The entire policy can be imported by providing the following base64 encoded object as the ID
{
location = {
device_group = {
name = "example-device-group"
rulebase = "pre-rulebase"
panorama_device = "localhost.localdomain"
}
}
names = [
"rule-1", <- the first rule in the policy
]
}
$ pulumi import panos:index/securityPolicy:SecurityPolicy example $(echo '{"location":{"device_group":{"name":"example-device-group","panorama_device":"localhost.localdomain","rulebase":"pre-rulebase"}},"names":["rule-1"]}' | base64)
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- panos paloaltonetworks/terraform-provider-panos
- License
- Notes
- This Pulumi package is based on the
panosTerraform Provider.
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks