panos 2.0.0, Apr 15 25

panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-panos

panos.SecurityPolicyRules

Explore with Pulumi AI

panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-panos

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.panos.DeviceGroup;
import com.pulumi.panos.DeviceGroupArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationPanoramaArgs;
import com.pulumi.panos.SecurityPolicyRules;
import com.pulumi.panos.SecurityPolicyRulesArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesLocationArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesPositionArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DeviceGroup("example", DeviceGroupArgs.builder()
            .location(DeviceGroupLocationArgs.builder()
                .panorama()
                .build())
            .build());

        // Mange a group of security policy rules.
        //# Place the rule group at the top
        var example_1 = new SecurityPolicyRules("example-1", SecurityPolicyRulesArgs.builder()
            .location(SecurityPolicyRulesLocationArgs.builder()
                .device_group(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .position(SecurityPolicyRulesPositionArgs.builder()
                .where("first")
                .build())
            .rules(SecurityPolicyRulesRuleArgs.builder()
                .name("rule-1")
                .sourceZones("any")
                .sourceAddresses("1.1.1.1")
                .destinationZones("any")
                .destinationAddresses("172.0.0.0/8")
                .services("any")
                .applications("any")
                .build())
            .build());

        //# Place the rule group directly after rule-2
        var example_2 = new SecurityPolicyRules("example-2", SecurityPolicyRulesArgs.builder()
            .location(SecurityPolicyRulesLocationArgs.builder()
                .device_group(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .position(SecurityPolicyRulesPositionArgs.builder()
                .where("after")
                .directly(true)
                .pivot("rule-2")
                .build())
            .rules("TODO: ForExpression")
            .build());

    }
}

Coming soon!

Create SecurityPolicyRules Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityPolicyRules(name: string, args: SecurityPolicyRulesArgs, opts?: CustomResourceOptions);

@overload
def SecurityPolicyRules(resource_name: str,
                        args: SecurityPolicyRulesArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def SecurityPolicyRules(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        location: Optional[SecurityPolicyRulesLocationArgs] = None,
                        position: Optional[SecurityPolicyRulesPositionArgs] = None,
                        rules: Optional[Sequence[SecurityPolicyRulesRuleArgs]] = None)

func NewSecurityPolicyRules(ctx *Context, name string, args SecurityPolicyRulesArgs, opts ...ResourceOption) (*SecurityPolicyRules, error)

public SecurityPolicyRules(string name, SecurityPolicyRulesArgs args, CustomResourceOptions? opts = null)

public SecurityPolicyRules(String name, SecurityPolicyRulesArgs args)
public SecurityPolicyRules(String name, SecurityPolicyRulesArgs args, CustomResourceOptions options)

type: panos:SecurityPolicyRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityPolicyRulesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityPolicyRulesArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityPolicyRulesArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityPolicyRulesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityPolicyRulesArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityPolicyRulesResource = new Panos.SecurityPolicyRules("securityPolicyRulesResource", new()
{
    Location = new Panos.Inputs.SecurityPolicyRulesLocationArgs
    {
        DeviceGroup = new Panos.Inputs.SecurityPolicyRulesLocationDeviceGroupArgs
        {
            Name = "string",
            PanoramaDevice = "string",
            Rulebase = "string",
        },
        Shared = new Panos.Inputs.SecurityPolicyRulesLocationSharedArgs
        {
            Rulebase = "string",
        },
        Vsys = new Panos.Inputs.SecurityPolicyRulesLocationVsysArgs
        {
            Name = "string",
            NgfwDevice = "string",
        },
    },
    Position = new Panos.Inputs.SecurityPolicyRulesPositionArgs
    {
        Where = "string",
        Directly = false,
        Pivot = "string",
    },
    Rules = new[]
    {
        new Panos.Inputs.SecurityPolicyRulesRuleArgs
        {
            Name = "string",
            NegateDestination = false,
            NegateSource = false,
            Description = "string",
            DestinationAddresses = new[]
            {
                "string",
            },
            DestinationHips = new[]
            {
                "string",
            },
            DestinationZones = new[]
            {
                "string",
            },
            DisableInspect = false,
            DisableServerResponseInspection = false,
            Disabled = false,
            GroupTag = "string",
            IcmpUnreachable = false,
            LogEnd = false,
            LogSetting = "string",
            LogStart = false,
            Categories = new[]
            {
                "string",
            },
            Applications = new[]
            {
                "string",
            },
            Qos = new Panos.Inputs.SecurityPolicyRulesRuleQosArgs
            {
                Marking = new Panos.Inputs.SecurityPolicyRulesRuleQosMarkingArgs
                {
                    FollowC2sFlow = null,
                    IpDscp = "string",
                    IpPrecedence = "string",
                },
            },
            ProfileSetting = new Panos.Inputs.SecurityPolicyRulesRuleProfileSettingArgs
            {
                Groups = new[]
                {
                    "string",
                },
                Profiles = new Panos.Inputs.SecurityPolicyRulesRuleProfileSettingProfilesArgs
                {
                    DataFilterings = new[]
                    {
                        "string",
                    },
                    FileBlockings = new[]
                    {
                        "string",
                    },
                    Gtps = new[]
                    {
                        "string",
                    },
                    Sctps = new[]
                    {
                        "string",
                    },
                    Spywares = new[]
                    {
                        "string",
                    },
                    UrlFilterings = new[]
                    {
                        "string",
                    },
                    Viri = new[]
                    {
                        "string",
                    },
                    Vulnerabilities = new[]
                    {
                        "string",
                    },
                    WildfireAnalyses = new[]
                    {
                        "string",
                    },
                },
            },
            Action = "string",
            RuleType = "string",
            Schedule = "string",
            Services = new[]
            {
                "string",
            },
            SourceAddresses = new[]
            {
                "string",
            },
            SourceHips = new[]
            {
                "string",
            },
            SourceImeis = new[]
            {
                "string",
            },
            SourceImsis = new[]
            {
                "string",
            },
            SourceNwSlices = new[]
            {
                "string",
            },
            SourceUsers = new[]
            {
                "string",
            },
            SourceZones = new[]
            {
                "string",
            },
            Tags = new[]
            {
                "string",
            },
            Target = new Panos.Inputs.SecurityPolicyRulesRuleTargetArgs
            {
                Devices = new[]
                {
                    new Panos.Inputs.SecurityPolicyRulesRuleTargetDeviceArgs
                    {
                        Name = "string",
                        Vsys = new[]
                        {
                            new Panos.Inputs.SecurityPolicyRulesRuleTargetDeviceVsyArgs
                            {
                                Name = "string",
                            },
                        },
                    },
                },
                Negate = false,
                Tags = new[]
                {
                    "string",
                },
            },
        },
    },
});

example, err := panos.NewSecurityPolicyRules(ctx, "securityPolicyRulesResource", &panos.SecurityPolicyRulesArgs{
	Location: &panos.SecurityPolicyRulesLocationArgs{
		DeviceGroup: &panos.SecurityPolicyRulesLocationDeviceGroupArgs{
			Name:           pulumi.String("string"),
			PanoramaDevice: pulumi.String("string"),
			Rulebase:       pulumi.String("string"),
		},
		Shared: &panos.SecurityPolicyRulesLocationSharedArgs{
			Rulebase: pulumi.String("string"),
		},
		Vsys: &panos.SecurityPolicyRulesLocationVsysArgs{
			Name:       pulumi.String("string"),
			NgfwDevice: pulumi.String("string"),
		},
	},
	Position: &panos.SecurityPolicyRulesPositionArgs{
		Where:    pulumi.String("string"),
		Directly: pulumi.Bool(false),
		Pivot:    pulumi.String("string"),
	},
	Rules: panos.SecurityPolicyRulesRuleArray{
		&panos.SecurityPolicyRulesRuleArgs{
			Name:              pulumi.String("string"),
			NegateDestination: pulumi.Bool(false),
			NegateSource:      pulumi.Bool(false),
			Description:       pulumi.String("string"),
			DestinationAddresses: pulumi.StringArray{
				pulumi.String("string"),
			},
			DestinationHips: pulumi.StringArray{
				pulumi.String("string"),
			},
			DestinationZones: pulumi.StringArray{
				pulumi.String("string"),
			},
			DisableInspect:                  pulumi.Bool(false),
			DisableServerResponseInspection: pulumi.Bool(false),
			Disabled:                        pulumi.Bool(false),
			GroupTag:                        pulumi.String("string"),
			IcmpUnreachable:                 pulumi.Bool(false),
			LogEnd:                          pulumi.Bool(false),
			LogSetting:                      pulumi.String("string"),
			LogStart:                        pulumi.Bool(false),
			Categories: pulumi.StringArray{
				pulumi.String("string"),
			},
			Applications: pulumi.StringArray{
				pulumi.String("string"),
			},
			Qos: &panos.SecurityPolicyRulesRuleQosArgs{
				Marking: &panos.SecurityPolicyRulesRuleQosMarkingArgs{
					FollowC2sFlow: &panos.SecurityPolicyRulesRuleQosMarkingFollowC2sFlowArgs{},
					IpDscp:        pulumi.String("string"),
					IpPrecedence:  pulumi.String("string"),
				},
			},
			ProfileSetting: &panos.SecurityPolicyRulesRuleProfileSettingArgs{
				Groups: pulumi.StringArray{
					pulumi.String("string"),
				},
				Profiles: &panos.SecurityPolicyRulesRuleProfileSettingProfilesArgs{
					DataFilterings: pulumi.StringArray{
						pulumi.String("string"),
					},
					FileBlockings: pulumi.StringArray{
						pulumi.String("string"),
					},
					Gtps: pulumi.StringArray{
						pulumi.String("string"),
					},
					Sctps: pulumi.StringArray{
						pulumi.String("string"),
					},
					Spywares: pulumi.StringArray{
						pulumi.String("string"),
					},
					UrlFilterings: pulumi.StringArray{
						pulumi.String("string"),
					},
					Viri: pulumi.StringArray{
						pulumi.String("string"),
					},
					Vulnerabilities: pulumi.StringArray{
						pulumi.String("string"),
					},
					WildfireAnalyses: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Action:   pulumi.String("string"),
			RuleType: pulumi.String("string"),
			Schedule: pulumi.String("string"),
			Services: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceAddresses: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceHips: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceImeis: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceImsis: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceNwSlices: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceUsers: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceZones: pulumi.StringArray{
				pulumi.String("string"),
			},
			Tags: pulumi.StringArray{
				pulumi.String("string"),
			},
			Target: &panos.SecurityPolicyRulesRuleTargetArgs{
				Devices: panos.SecurityPolicyRulesRuleTargetDeviceArray{
					&panos.SecurityPolicyRulesRuleTargetDeviceArgs{
						Name: pulumi.String("string"),
						Vsys: panos.SecurityPolicyRulesRuleTargetDeviceVsyArray{
							&panos.SecurityPolicyRulesRuleTargetDeviceVsyArgs{
								Name: pulumi.String("string"),
							},
						},
					},
				},
				Negate: pulumi.Bool(false),
				Tags: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
	},
})

var securityPolicyRulesResource = new SecurityPolicyRules("securityPolicyRulesResource", SecurityPolicyRulesArgs.builder()
    .location(SecurityPolicyRulesLocationArgs.builder()
        .deviceGroup(SecurityPolicyRulesLocationDeviceGroupArgs.builder()
            .name("string")
            .panoramaDevice("string")
            .rulebase("string")
            .build())
        .shared(SecurityPolicyRulesLocationSharedArgs.builder()
            .rulebase("string")
            .build())
        .vsys(SecurityPolicyRulesLocationVsysArgs.builder()
            .name("string")
            .ngfwDevice("string")
            .build())
        .build())
    .position(SecurityPolicyRulesPositionArgs.builder()
        .where("string")
        .directly(false)
        .pivot("string")
        .build())
    .rules(SecurityPolicyRulesRuleArgs.builder()
        .name("string")
        .negateDestination(false)
        .negateSource(false)
        .description("string")
        .destinationAddresses("string")
        .destinationHips("string")
        .destinationZones("string")
        .disableInspect(false)
        .disableServerResponseInspection(false)
        .disabled(false)
        .groupTag("string")
        .icmpUnreachable(false)
        .logEnd(false)
        .logSetting("string")
        .logStart(false)
        .categories("string")
        .applications("string")
        .qos(SecurityPolicyRulesRuleQosArgs.builder()
            .marking(SecurityPolicyRulesRuleQosMarkingArgs.builder()
                .followC2sFlow()
                .ipDscp("string")
                .ipPrecedence("string")
                .build())
            .build())
        .profileSetting(SecurityPolicyRulesRuleProfileSettingArgs.builder()
            .groups("string")
            .profiles(SecurityPolicyRulesRuleProfileSettingProfilesArgs.builder()
                .dataFilterings("string")
                .fileBlockings("string")
                .gtps("string")
                .sctps("string")
                .spywares("string")
                .urlFilterings("string")
                .viri("string")
                .vulnerabilities("string")
                .wildfireAnalyses("string")
                .build())
            .build())
        .action("string")
        .ruleType("string")
        .schedule("string")
        .services("string")
        .sourceAddresses("string")
        .sourceHips("string")
        .sourceImeis("string")
        .sourceImsis("string")
        .sourceNwSlices("string")
        .sourceUsers("string")
        .sourceZones("string")
        .tags("string")
        .target(SecurityPolicyRulesRuleTargetArgs.builder()
            .devices(SecurityPolicyRulesRuleTargetDeviceArgs.builder()
                .name("string")
                .vsys(SecurityPolicyRulesRuleTargetDeviceVsyArgs.builder()
                    .name("string")
                    .build())
                .build())
            .negate(false)
            .tags("string")
            .build())
        .build())
    .build());

security_policy_rules_resource = panos.SecurityPolicyRules("securityPolicyRulesResource",
    location={
        "device_group": {
            "name": "string",
            "panorama_device": "string",
            "rulebase": "string",
        },
        "shared": {
            "rulebase": "string",
        },
        "vsys": {
            "name": "string",
            "ngfw_device": "string",
        },
    },
    position={
        "where": "string",
        "directly": False,
        "pivot": "string",
    },
    rules=[{
        "name": "string",
        "negate_destination": False,
        "negate_source": False,
        "description": "string",
        "destination_addresses": ["string"],
        "destination_hips": ["string"],
        "destination_zones": ["string"],
        "disable_inspect": False,
        "disable_server_response_inspection": False,
        "disabled": False,
        "group_tag": "string",
        "icmp_unreachable": False,
        "log_end": False,
        "log_setting": "string",
        "log_start": False,
        "categories": ["string"],
        "applications": ["string"],
        "qos": {
            "marking": {
                "follow_c2s_flow": {},
                "ip_dscp": "string",
                "ip_precedence": "string",
            },
        },
        "profile_setting": {
            "groups": ["string"],
            "profiles": {
                "data_filterings": ["string"],
                "file_blockings": ["string"],
                "gtps": ["string"],
                "sctps": ["string"],
                "spywares": ["string"],
                "url_filterings": ["string"],
                "viri": ["string"],
                "vulnerabilities": ["string"],
                "wildfire_analyses": ["string"],
            },
        },
        "action": "string",
        "rule_type": "string",
        "schedule": "string",
        "services": ["string"],
        "source_addresses": ["string"],
        "source_hips": ["string"],
        "source_imeis": ["string"],
        "source_imsis": ["string"],
        "source_nw_slices": ["string"],
        "source_users": ["string"],
        "source_zones": ["string"],
        "tags": ["string"],
        "target": {
            "devices": [{
                "name": "string",
                "vsys": [{
                    "name": "string",
                }],
            }],
            "negate": False,
            "tags": ["string"],
        },
    }])

const securityPolicyRulesResource = new panos.SecurityPolicyRules("securityPolicyRulesResource", {
    location: {
        deviceGroup: {
            name: "string",
            panoramaDevice: "string",
            rulebase: "string",
        },
        shared: {
            rulebase: "string",
        },
        vsys: {
            name: "string",
            ngfwDevice: "string",
        },
    },
    position: {
        where: "string",
        directly: false,
        pivot: "string",
    },
    rules: [{
        name: "string",
        negateDestination: false,
        negateSource: false,
        description: "string",
        destinationAddresses: ["string"],
        destinationHips: ["string"],
        destinationZones: ["string"],
        disableInspect: false,
        disableServerResponseInspection: false,
        disabled: false,
        groupTag: "string",
        icmpUnreachable: false,
        logEnd: false,
        logSetting: "string",
        logStart: false,
        categories: ["string"],
        applications: ["string"],
        qos: {
            marking: {
                followC2sFlow: {},
                ipDscp: "string",
                ipPrecedence: "string",
            },
        },
        profileSetting: {
            groups: ["string"],
            profiles: {
                dataFilterings: ["string"],
                fileBlockings: ["string"],
                gtps: ["string"],
                sctps: ["string"],
                spywares: ["string"],
                urlFilterings: ["string"],
                viri: ["string"],
                vulnerabilities: ["string"],
                wildfireAnalyses: ["string"],
            },
        },
        action: "string",
        ruleType: "string",
        schedule: "string",
        services: ["string"],
        sourceAddresses: ["string"],
        sourceHips: ["string"],
        sourceImeis: ["string"],
        sourceImsis: ["string"],
        sourceNwSlices: ["string"],
        sourceUsers: ["string"],
        sourceZones: ["string"],
        tags: ["string"],
        target: {
            devices: [{
                name: "string",
                vsys: [{
                    name: "string",
                }],
            }],
            negate: false,
            tags: ["string"],
        },
    }],
});

type: panos:SecurityPolicyRules
properties:
    location:
        deviceGroup:
            name: string
            panoramaDevice: string
            rulebase: string
        shared:
            rulebase: string
        vsys:
            name: string
            ngfwDevice: string
    position:
        directly: false
        pivot: string
        where: string
    rules:
        - action: string
          applications:
            - string
          categories:
            - string
          description: string
          destinationAddresses:
            - string
          destinationHips:
            - string
          destinationZones:
            - string
          disableInspect: false
          disableServerResponseInspection: false
          disabled: false
          groupTag: string
          icmpUnreachable: false
          logEnd: false
          logSetting: string
          logStart: false
          name: string
          negateDestination: false
          negateSource: false
          profileSetting:
            groups:
                - string
            profiles:
                dataFilterings:
                    - string
                fileBlockings:
                    - string
                gtps:
                    - string
                sctps:
                    - string
                spywares:
                    - string
                urlFilterings:
                    - string
                viri:
                    - string
                vulnerabilities:
                    - string
                wildfireAnalyses:
                    - string
          qos:
            marking:
                followC2sFlow: {}
                ipDscp: string
                ipPrecedence: string
          ruleType: string
          schedule: string
          services:
            - string
          sourceAddresses:
            - string
          sourceHips:
            - string
          sourceImeis:
            - string
          sourceImsis:
            - string
          sourceNwSlices:
            - string
          sourceUsers:
            - string
          sourceZones:
            - string
          tags:
            - string
          target:
            devices:
                - name: string
                  vsys:
                    - name: string
            negate: false
            tags:
                - string

SecurityPolicyRules Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityPolicyRules resource accepts the following input properties:

Location SecurityPolicyRulesLocation: The location of this object.
Position SecurityPolicyRulesPosition
Rules List<SecurityPolicyRulesRule>

Location SecurityPolicyRulesLocationArgs: The location of this object.
Position SecurityPolicyRulesPositionArgs
Rules []SecurityPolicyRulesRuleArgs

location SecurityPolicyRulesLocation: The location of this object.
position SecurityPolicyRulesPosition
rules List<SecurityPolicyRulesRule>

location SecurityPolicyRulesLocation: The location of this object.
position SecurityPolicyRulesPosition
rules SecurityPolicyRulesRule[]

location SecurityPolicyRulesLocationArgs: The location of this object.
position SecurityPolicyRulesPositionArgs
rules Sequence[SecurityPolicyRulesRuleArgs]

location Property Map: The location of this object.
position Property Map
rules List<Property Map>

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityPolicyRules resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecurityPolicyRules Resource

Get an existing SecurityPolicyRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityPolicyRulesState, opts?: CustomResourceOptions): SecurityPolicyRules

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        location: Optional[SecurityPolicyRulesLocationArgs] = None,
        position: Optional[SecurityPolicyRulesPositionArgs] = None,
        rules: Optional[Sequence[SecurityPolicyRulesRuleArgs]] = None) -> SecurityPolicyRules

func GetSecurityPolicyRules(ctx *Context, name string, id IDInput, state *SecurityPolicyRulesState, opts ...ResourceOption) (*SecurityPolicyRules, error)

public static SecurityPolicyRules Get(string name, Input<string> id, SecurityPolicyRulesState? state, CustomResourceOptions? opts = null)

public static SecurityPolicyRules get(String name, Output<String> id, SecurityPolicyRulesState state, CustomResourceOptions options)

resources:  _:    type: panos:SecurityPolicyRules    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Location SecurityPolicyRulesLocation: The location of this object.
Position SecurityPolicyRulesPosition
Rules List<SecurityPolicyRulesRule>

Location SecurityPolicyRulesLocationArgs: The location of this object.
Position SecurityPolicyRulesPositionArgs
Rules []SecurityPolicyRulesRuleArgs

location SecurityPolicyRulesLocation: The location of this object.
position SecurityPolicyRulesPosition
rules List<SecurityPolicyRulesRule>

location SecurityPolicyRulesLocation: The location of this object.
position SecurityPolicyRulesPosition
rules SecurityPolicyRulesRule[]

location SecurityPolicyRulesLocationArgs: The location of this object.
position SecurityPolicyRulesPositionArgs
rules Sequence[SecurityPolicyRulesRuleArgs]

location Property Map: The location of this object.
position Property Map
rules List<Property Map>

Supporting Types

SecurityPolicyRulesLocation, SecurityPolicyRulesLocationArgs

DeviceGroup SecurityPolicyRulesLocationDeviceGroup: Located in a specific device group.
Shared SecurityPolicyRulesLocationShared: Located in a shared rulebase
Vsys SecurityPolicyRulesLocationVsys: Located in a specific vsys.

DeviceGroup SecurityPolicyRulesLocationDeviceGroup: Located in a specific device group.
Shared SecurityPolicyRulesLocationShared: Located in a shared rulebase
Vsys SecurityPolicyRulesLocationVsys: Located in a specific vsys.

deviceGroup SecurityPolicyRulesLocationDeviceGroup: Located in a specific device group.
shared SecurityPolicyRulesLocationShared: Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys: Located in a specific vsys.

deviceGroup SecurityPolicyRulesLocationDeviceGroup: Located in a specific device group.
shared SecurityPolicyRulesLocationShared: Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys: Located in a specific vsys.

device_group SecurityPolicyRulesLocationDeviceGroup: Located in a specific device group.
shared SecurityPolicyRulesLocationShared: Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys: Located in a specific vsys.

deviceGroup Property Map: Located in a specific device group.
shared Property Map: Located in a shared rulebase
vsys Property Map: Located in a specific vsys.

SecurityPolicyRulesLocationDeviceGroup, SecurityPolicyRulesLocationDeviceGroupArgs

Name string: The device group.
PanoramaDevice string: The panorama device.
Rulebase string: The rulebase.

Name string: The device group.
PanoramaDevice string: The panorama device.
Rulebase string: The rulebase.

name String: The device group.
panoramaDevice String: The panorama device.
rulebase String: The rulebase.

name string: The device group.
panoramaDevice string: The panorama device.
rulebase string: The rulebase.

name str: The device group.
panorama_device str: The panorama device.
rulebase str: The rulebase.

name String: The device group.
panoramaDevice String: The panorama device.
rulebase String: The rulebase.

SecurityPolicyRulesLocationShared, SecurityPolicyRulesLocationSharedArgs

Rulebase string: Rulebase name

Rulebase string: Rulebase name

rulebase String: Rulebase name

rulebase string: Rulebase name

rulebase str: Rulebase name

rulebase String: Rulebase name

SecurityPolicyRulesLocationVsys, SecurityPolicyRulesLocationVsysArgs

Name string: The vsys name
NgfwDevice string: The NGFW device

Name string: The vsys name
NgfwDevice string: The NGFW device

name String: The vsys name
ngfwDevice String: The NGFW device

name string: The vsys name
ngfwDevice string: The NGFW device

name str: The vsys name
ngfw_device str: The NGFW device

name String: The vsys name
ngfwDevice String: The NGFW device

SecurityPolicyRulesPosition, SecurityPolicyRulesPositionArgs

Where string
Directly bool
Pivot string

Where string
Directly bool
Pivot string

where String
directly Boolean
pivot String

where string
directly boolean
pivot string

where str
directly bool
pivot str

where String
directly Boolean
pivot String

SecurityPolicyRulesRule, SecurityPolicyRulesRuleArgs

Name string
Action string
Applications List<string>
Categories List<string>
Description string
DestinationAddresses List<string>
DestinationHips List<string>
DestinationZones List<string>
DisableInspect bool
DisableServerResponseInspection bool: Disable inspection of server side traffic
Disabled bool: Disable the rule
GroupTag string
IcmpUnreachable bool: Send ICMP unreachable error when action is drop or reset
LogEnd bool: Log at session end (required for certain ACC tables)
LogSetting string
LogStart bool: Log at session start
NegateDestination bool
NegateSource bool
ProfileSetting SecurityPolicyRulesRuleProfileSetting
Qos SecurityPolicyRulesRuleQos
RuleType string
Schedule string
Services List<string>
SourceAddresses List<string>
SourceHips List<string>
SourceImeis List<string>
SourceImsis List<string>
SourceNwSlices List<string>
SourceUsers List<string>
SourceZones List<string>
Tags List<string>
Target SecurityPolicyRulesRuleTarget

Name string
Action string
Applications []string
Categories []string
Description string
DestinationAddresses []string
DestinationHips []string
DestinationZones []string
DisableInspect bool
DisableServerResponseInspection bool: Disable inspection of server side traffic
Disabled bool: Disable the rule
GroupTag string
IcmpUnreachable bool: Send ICMP unreachable error when action is drop or reset
LogEnd bool: Log at session end (required for certain ACC tables)
LogSetting string
LogStart bool: Log at session start
NegateDestination bool
NegateSource bool
ProfileSetting SecurityPolicyRulesRuleProfileSetting
Qos SecurityPolicyRulesRuleQos
RuleType string
Schedule string
Services []string
SourceAddresses []string
SourceHips []string
SourceImeis []string
SourceImsis []string
SourceNwSlices []string
SourceUsers []string
SourceZones []string
Tags []string
Target SecurityPolicyRulesRuleTarget

name String
action String
applications List<String>
categories List<String>
description String
destinationAddresses List<String>
destinationHips List<String>
destinationZones List<String>
disableInspect Boolean
disableServerResponseInspection Boolean: Disable inspection of server side traffic
disabled Boolean: Disable the rule
groupTag String
icmpUnreachable Boolean: Send ICMP unreachable error when action is drop or reset
logEnd Boolean: Log at session end (required for certain ACC tables)
logSetting String
logStart Boolean: Log at session start
negateDestination Boolean
negateSource Boolean
profileSetting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
ruleType String
schedule String
services List<String>
sourceAddresses List<String>
sourceHips List<String>
sourceImeis List<String>
sourceImsis List<String>
sourceNwSlices List<String>
sourceUsers List<String>
sourceZones List<String>
tags List<String>
target SecurityPolicyRulesRuleTarget

name string
action string
applications string[]
categories string[]
description string
destinationAddresses string[]
destinationHips string[]
destinationZones string[]
disableInspect boolean
disableServerResponseInspection boolean: Disable inspection of server side traffic
disabled boolean: Disable the rule
groupTag string
icmpUnreachable boolean: Send ICMP unreachable error when action is drop or reset
logEnd boolean: Log at session end (required for certain ACC tables)
logSetting string
logStart boolean: Log at session start
negateDestination boolean
negateSource boolean
profileSetting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
ruleType string
schedule string
services string[]
sourceAddresses string[]
sourceHips string[]
sourceImeis string[]
sourceImsis string[]
sourceNwSlices string[]
sourceUsers string[]
sourceZones string[]
tags string[]
target SecurityPolicyRulesRuleTarget

name str
action str
applications Sequence[str]
categories Sequence[str]
description str
destination_addresses Sequence[str]
destination_hips Sequence[str]
destination_zones Sequence[str]
disable_inspect bool
disable_server_response_inspection bool: Disable inspection of server side traffic
disabled bool: Disable the rule
group_tag str
icmp_unreachable bool: Send ICMP unreachable error when action is drop or reset
log_end bool: Log at session end (required for certain ACC tables)
log_setting str
log_start bool: Log at session start
negate_destination bool
negate_source bool
profile_setting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
rule_type str
schedule str
services Sequence[str]
source_addresses Sequence[str]
source_hips Sequence[str]
source_imeis Sequence[str]
source_imsis Sequence[str]
source_nw_slices Sequence[str]
source_users Sequence[str]
source_zones Sequence[str]
tags Sequence[str]
target SecurityPolicyRulesRuleTarget

name String
action String
applications List<String>
categories List<String>
description String
destinationAddresses List<String>
destinationHips List<String>
destinationZones List<String>
disableInspect Boolean
disableServerResponseInspection Boolean: Disable inspection of server side traffic
disabled Boolean: Disable the rule
groupTag String
icmpUnreachable Boolean: Send ICMP unreachable error when action is drop or reset
logEnd Boolean: Log at session end (required for certain ACC tables)
logSetting String
logStart Boolean: Log at session start
negateDestination Boolean
negateSource Boolean
profileSetting Property Map
qos Property Map
ruleType String
schedule String
services List<String>
sourceAddresses List<String>
sourceHips List<String>
sourceImeis List<String>
sourceImsis List<String>
sourceNwSlices List<String>
sourceUsers List<String>
sourceZones List<String>
tags List<String>
target Property Map

SecurityPolicyRulesRuleProfileSetting, SecurityPolicyRulesRuleProfileSettingArgs

Groups List<string>
Profiles SecurityPolicyRulesRuleProfileSettingProfiles

Groups []string
Profiles SecurityPolicyRulesRuleProfileSettingProfiles

groups List<String>
profiles SecurityPolicyRulesRuleProfileSettingProfiles

groups string[]
profiles SecurityPolicyRulesRuleProfileSettingProfiles

groups Sequence[str]
profiles SecurityPolicyRulesRuleProfileSettingProfiles

groups List<String>
profiles Property Map

SecurityPolicyRulesRuleProfileSettingProfiles, SecurityPolicyRulesRuleProfileSettingProfilesArgs

DataFilterings List<string>
FileBlockings List<string>
Gtps List<string>
Sctps List<string>
Spywares List<string>
UrlFilterings List<string>
Viri List<string>
Vulnerabilities List<string>
WildfireAnalyses List<string>

DataFilterings []string
FileBlockings []string
Gtps []string
Sctps []string
Spywares []string
UrlFilterings []string
Viri []string
Vulnerabilities []string
WildfireAnalyses []string

dataFilterings List<String>
fileBlockings List<String>
gtps List<String>
sctps List<String>
spywares List<String>
urlFilterings List<String>
viri List<String>
vulnerabilities List<String>
wildfireAnalyses List<String>

dataFilterings string[]
fileBlockings string[]
gtps string[]
sctps string[]
spywares string[]
urlFilterings string[]
viri string[]
vulnerabilities string[]
wildfireAnalyses string[]

data_filterings Sequence[str]
file_blockings Sequence[str]
gtps Sequence[str]
sctps Sequence[str]
spywares Sequence[str]
url_filterings Sequence[str]
viri Sequence[str]
vulnerabilities Sequence[str]
wildfire_analyses Sequence[str]

dataFilterings List<String>
fileBlockings List<String>
gtps List<String>
sctps List<String>
spywares List<String>
urlFilterings List<String>
viri List<String>
vulnerabilities List<String>
wildfireAnalyses List<String>

SecurityPolicyRulesRuleQos, SecurityPolicyRulesRuleQosArgs

Marking SecurityPolicyRulesRuleQosMarking

Marking SecurityPolicyRulesRuleQosMarking

marking SecurityPolicyRulesRuleQosMarking

marking SecurityPolicyRulesRuleQosMarking

marking SecurityPolicyRulesRuleQosMarking

marking Property Map

SecurityPolicyRulesRuleQosMarking, SecurityPolicyRulesRuleQosMarkingArgs

FollowC2sFlow SecurityPolicyRulesRuleQosMarkingFollowC2sFlow
IpDscp string: IP DSCP
IpPrecedence string: IP Precedence

FollowC2sFlow SecurityPolicyRulesRuleQosMarkingFollowC2sFlow
IpDscp string: IP DSCP
IpPrecedence string: IP Precedence

followC2sFlow SecurityPolicyRulesRuleQosMarkingFollowC2sFlow
ipDscp String: IP DSCP
ipPrecedence String: IP Precedence

followC2sFlow SecurityPolicyRulesRuleQosMarkingFollowC2sFlow
ipDscp string: IP DSCP
ipPrecedence string: IP Precedence

follow_c2s_flow SecurityPolicyRulesRuleQosMarkingFollowC2sFlow
ip_dscp str: IP DSCP
ip_precedence str: IP Precedence

followC2sFlow Property Map
ipDscp String: IP DSCP
ipPrecedence String: IP Precedence

SecurityPolicyRulesRuleTarget, SecurityPolicyRulesRuleTargetArgs

Devices List<SecurityPolicyRulesRuleTargetDevice>
Negate bool: Target to all but these specified devices and tags
Tags List<string>

Devices []SecurityPolicyRulesRuleTargetDevice
Negate bool: Target to all but these specified devices and tags
Tags []string

devices List<SecurityPolicyRulesRuleTargetDevice>
negate Boolean: Target to all but these specified devices and tags
tags List<String>

devices SecurityPolicyRulesRuleTargetDevice[]
negate boolean: Target to all but these specified devices and tags
tags string[]

devices Sequence[SecurityPolicyRulesRuleTargetDevice]
negate bool: Target to all but these specified devices and tags
tags Sequence[str]

devices List<Property Map>
negate Boolean: Target to all but these specified devices and tags
tags List<String>

SecurityPolicyRulesRuleTargetDevice, SecurityPolicyRulesRuleTargetDeviceArgs

Name string
Vsys List<SecurityPolicyRulesRuleTargetDeviceVsy>

Name string
Vsys []SecurityPolicyRulesRuleTargetDeviceVsy

name String
vsys List<SecurityPolicyRulesRuleTargetDeviceVsy>

name string
vsys SecurityPolicyRulesRuleTargetDeviceVsy[]

name str
vsys Sequence[SecurityPolicyRulesRuleTargetDeviceVsy]

name String
vsys List<Property Map>

SecurityPolicyRulesRuleTargetDeviceVsy, SecurityPolicyRulesRuleTargetDeviceVsyArgs

Name string

Name string

name String

name string

name str

name String

Import

A set of rules can be imported by providing the following base64 encoded object as the ID

{

location = {

    device_group = {

    name = "example-device-group"

    rulebase = "pre-rulebase"

    panorama_device = "localhost.localdomain"

    }

}

position = { where = "after", directly = true, pivot = "rule-2" }

names = [

    "rule-8",

    "rule-9"

]

}

$ pulumi import panos:index/securityPolicyRules:SecurityPolicyRules example $(echo '{"location":{"device_group":{"name":"example-device-group","panorama_device":"localhost.localdomain","rulebase":"pre-rulebase"}},"names":["rule-8","rule-9"],"position":{"directly":true,"pivot":"rule-2","where":"after"}}' | base64)

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: panos paloaltonetworks/terraform-provider-panos
License
Notes: This Pulumi package is based on the panos Terraform Provider.

panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks

paloaltonetworks/terraform-provider-panos

panos.SecurityPolicyRules

On this page

On this page

Example Usage

Create SecurityPolicyRules Resource

Constructor syntax

Parameters

Constructor example

SecurityPolicyRules Resource Properties

Inputs

Outputs

Look up Existing SecurityPolicyRules Resource

Supporting Types

SecurityPolicyRulesLocation, SecurityPolicyRulesLocationArgs

SecurityPolicyRulesLocationDeviceGroup, SecurityPolicyRulesLocationDeviceGroupArgs

SecurityPolicyRulesLocationShared, SecurityPolicyRulesLocationSharedArgs

SecurityPolicyRulesLocationVsys, SecurityPolicyRulesLocationVsysArgs

SecurityPolicyRulesPosition, SecurityPolicyRulesPositionArgs

SecurityPolicyRulesRule, SecurityPolicyRulesRuleArgs

SecurityPolicyRulesRuleProfileSetting, SecurityPolicyRulesRuleProfileSettingArgs

SecurityPolicyRulesRuleProfileSettingProfiles, SecurityPolicyRulesRuleProfileSettingProfilesArgs

SecurityPolicyRulesRuleQos, SecurityPolicyRulesRuleQosArgs

SecurityPolicyRulesRuleQosMarking, SecurityPolicyRulesRuleQosMarkingArgs

SecurityPolicyRulesRuleTarget, SecurityPolicyRulesRuleTargetArgs

SecurityPolicyRulesRuleTargetDevice, SecurityPolicyRulesRuleTargetDeviceArgs

SecurityPolicyRulesRuleTargetDeviceVsy, SecurityPolicyRulesRuleTargetDeviceVsyArgs

Import

Package Details

On this page

On this page