Viewing docs for Strata Cloud Manager v1.0.6
published on Saturday, Apr 25, 2026 by Pulumi
published on Saturday, Apr 25, 2026 by Pulumi
Viewing docs for Strata Cloud Manager v1.0.6
published on Saturday, Apr 25, 2026 by Pulumi
published on Saturday, Apr 25, 2026 by Pulumi
ForwardingProfile resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as scm from "@pulumi/scm";
// User location representing the US East office IP ranges
const exampleUsEast = new scm.ForwardingProfileUserLocation("example_us_east", {
folder: "Mobile Users",
name: "us-east-tf",
description: "Managed by Terraform - US East office user location",
ipAddresses: [
"10.1.0.0/16",
"10.2.0.0/16",
],
});
// Corporate destination profile with FQDN and IP ranges
const corpDestinations = new scm.ForwardingProfileDestination("corp_destinations", {
folder: "Mobile Users",
name: "corp-destinations-combined",
description: "Managed by Terraform - Corporate FQDN and IP destinations (combined example)",
fqdns: [
{
name: "*.corporate.com",
port: 443,
},
{
name: "api.internal.com",
port: 8443,
},
],
ipAddresses: [
{
name: "10.0.0.0/8",
port: 443,
},
{
name: "172.16.0.0/12",
port: 443,
},
],
});
// Basic Global Protect proxy-based forwarding profile with a single forwarding rule
const exampleGpProxyBasic = new scm.ForwardingProfile("example_gp_proxy_basic", {
folder: "Mobile Users",
name: "example-gp-proxy-basic",
type: {
globalProtectProxy: {
forwardingRules: [{
name: "direct-rule",
connectivity: "direct",
destinations: "Any",
enabled: true,
}],
},
},
}, {
dependsOn: [
exampleUsEast,
corpDestinations,
],
});
// Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
const exampleGpProxyFull = new scm.ForwardingProfile("example_gp_proxy_full", {
folder: "Mobile Users",
name: "example-gp-proxy-full",
description: "Managed by Terraform - GP proxy with block rule and multiple forwarding rules",
type: {
globalProtectProxy: {
pacUpload: false,
blockRule: {
enable: true,
allowTcp: {
enableLocations: true,
locations: [exampleUsEast.name],
},
allowUdp: {
enableLocations: true,
locations: [exampleUsEast.name],
enableDestinations: true,
destinations: "any",
},
},
forwardingRules: [{
name: "direct-rule",
connectivity: "direct",
destinations: corpDestinations.name,
userLocations: "Any",
enabled: true,
}],
},
},
}, {
dependsOn: [
exampleUsEast,
corpDestinations,
],
});
// PAC file based forwarding profile
const examplePacFile = new scm.ForwardingProfile("example_pac_file", {
folder: "Mobile Users",
name: "example-pac-file",
description: "Managed by Terraform - PAC file based forwarding profile",
type: {
pacFile: {
pacUpload: true,
forwardingRules: [{
name: "pac-direct-rule",
connectivity: "direct",
destinations: "Any",
enabled: true,
}],
},
},
}, {
dependsOn: [
exampleUsEast,
corpDestinations,
],
});
// ZTNA agent-based forwarding profile with block rule and forwarding rules
const exampleZtnaAgent = new scm.ForwardingProfile("example_ztna_agent", {
folder: "Mobile Users",
name: "example-ztna-agent",
description: "Managed by Terraform - ZTNA agent forwarding profile with block rule",
type: {
ztnaAgent: {
blockRule: {
blockAllOtherUnmatchedOutboundConnections: false,
blockInboundAccessWhenConnectedToTunnel: false,
blockNonTcpNonUdpTrafficWhenConnectedToTunnel: false,
allowIcmpForTroubleshooting: false,
blockOutboundLanAccessWhenConnectedToTunnel: false,
enforcerFqdnDnsResolutionViaDnsServers: true,
resolveAllFqdnsUsingDnsServersAssignedByTheTunnel: true,
},
forwardingRules: [
{
name: "ztna-dns-rule",
connectivity: "tunnel",
destinations: corpDestinations.name,
sourceApplications: "Any",
trafficType: "dns-and-network-traffic",
userLocations: "Any",
enabled: true,
},
{
name: "ztna-direct-rule",
connectivity: "direct",
destinations: "Any",
sourceApplications: "Any",
trafficType: "network-traffic",
userLocations: "Any",
enabled: true,
},
],
},
},
}, {
dependsOn: [corpDestinations],
});
import pulumi
import pulumi_scm as scm
# User location representing the US East office IP ranges
example_us_east = scm.ForwardingProfileUserLocation("example_us_east",
folder="Mobile Users",
name="us-east-tf",
description="Managed by Terraform - US East office user location",
ip_addresses=[
"10.1.0.0/16",
"10.2.0.0/16",
])
# Corporate destination profile with FQDN and IP ranges
corp_destinations = scm.ForwardingProfileDestination("corp_destinations",
folder="Mobile Users",
name="corp-destinations-combined",
description="Managed by Terraform - Corporate FQDN and IP destinations (combined example)",
fqdns=[
{
"name": "*.corporate.com",
"port": 443,
},
{
"name": "api.internal.com",
"port": 8443,
},
],
ip_addresses=[
{
"name": "10.0.0.0/8",
"port": 443,
},
{
"name": "172.16.0.0/12",
"port": 443,
},
])
# Basic Global Protect proxy-based forwarding profile with a single forwarding rule
example_gp_proxy_basic = scm.ForwardingProfile("example_gp_proxy_basic",
folder="Mobile Users",
name="example-gp-proxy-basic",
type={
"global_protect_proxy": {
"forwarding_rules": [{
"name": "direct-rule",
"connectivity": "direct",
"destinations": "Any",
"enabled": True,
}],
},
},
opts = pulumi.ResourceOptions(depends_on=[
example_us_east,
corp_destinations,
]))
# Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
example_gp_proxy_full = scm.ForwardingProfile("example_gp_proxy_full",
folder="Mobile Users",
name="example-gp-proxy-full",
description="Managed by Terraform - GP proxy with block rule and multiple forwarding rules",
type={
"global_protect_proxy": {
"pac_upload": False,
"block_rule": {
"enable": True,
"allow_tcp": {
"enable_locations": True,
"locations": [example_us_east.name],
},
"allow_udp": {
"enable_locations": True,
"locations": [example_us_east.name],
"enable_destinations": True,
"destinations": "any",
},
},
"forwarding_rules": [{
"name": "direct-rule",
"connectivity": "direct",
"destinations": corp_destinations.name,
"user_locations": "Any",
"enabled": True,
}],
},
},
opts = pulumi.ResourceOptions(depends_on=[
example_us_east,
corp_destinations,
]))
# PAC file based forwarding profile
example_pac_file = scm.ForwardingProfile("example_pac_file",
folder="Mobile Users",
name="example-pac-file",
description="Managed by Terraform - PAC file based forwarding profile",
type={
"pac_file": {
"pac_upload": True,
"forwarding_rules": [{
"name": "pac-direct-rule",
"connectivity": "direct",
"destinations": "Any",
"enabled": True,
}],
},
},
opts = pulumi.ResourceOptions(depends_on=[
example_us_east,
corp_destinations,
]))
# ZTNA agent-based forwarding profile with block rule and forwarding rules
example_ztna_agent = scm.ForwardingProfile("example_ztna_agent",
folder="Mobile Users",
name="example-ztna-agent",
description="Managed by Terraform - ZTNA agent forwarding profile with block rule",
type={
"ztna_agent": {
"block_rule": {
"block_all_other_unmatched_outbound_connections": False,
"block_inbound_access_when_connected_to_tunnel": False,
"block_non_tcp_non_udp_traffic_when_connected_to_tunnel": False,
"allow_icmp_for_troubleshooting": False,
"block_outbound_lan_access_when_connected_to_tunnel": False,
"enforcer_fqdn_dns_resolution_via_dns_servers": True,
"resolve_all_fqdns_using_dns_servers_assigned_by_the_tunnel": True,
},
"forwarding_rules": [
{
"name": "ztna-dns-rule",
"connectivity": "tunnel",
"destinations": corp_destinations.name,
"source_applications": "Any",
"traffic_type": "dns-and-network-traffic",
"user_locations": "Any",
"enabled": True,
},
{
"name": "ztna-direct-rule",
"connectivity": "direct",
"destinations": "Any",
"source_applications": "Any",
"traffic_type": "network-traffic",
"user_locations": "Any",
"enabled": True,
},
],
},
},
opts = pulumi.ResourceOptions(depends_on=[corp_destinations]))
package main
import (
"github.com/pulumi/pulumi-scm/sdk/go/scm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// User location representing the US East office IP ranges
exampleUsEast, err := scm.NewForwardingProfileUserLocation(ctx, "example_us_east", &scm.ForwardingProfileUserLocationArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("us-east-tf"),
Description: pulumi.String("Managed by Terraform - US East office user location"),
IpAddresses: pulumi.StringArray{
pulumi.String("10.1.0.0/16"),
pulumi.String("10.2.0.0/16"),
},
})
if err != nil {
return err
}
// Corporate destination profile with FQDN and IP ranges
corpDestinations, err := scm.NewForwardingProfileDestination(ctx, "corp_destinations", &scm.ForwardingProfileDestinationArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("corp-destinations-combined"),
Description: pulumi.String("Managed by Terraform - Corporate FQDN and IP destinations (combined example)"),
Fqdns: scm.ForwardingProfileDestinationFqdnArray{
&scm.ForwardingProfileDestinationFqdnArgs{
Name: pulumi.String("*.corporate.com"),
Port: pulumi.Int(443),
},
&scm.ForwardingProfileDestinationFqdnArgs{
Name: pulumi.String("api.internal.com"),
Port: pulumi.Int(8443),
},
},
IpAddresses: scm.ForwardingProfileDestinationIpAddressArray{
&scm.ForwardingProfileDestinationIpAddressArgs{
Name: pulumi.String("10.0.0.0/8"),
Port: pulumi.Int(443),
},
&scm.ForwardingProfileDestinationIpAddressArgs{
Name: pulumi.String("172.16.0.0/12"),
Port: pulumi.Int(443),
},
},
})
if err != nil {
return err
}
// Basic Global Protect proxy-based forwarding profile with a single forwarding rule
_, err = scm.NewForwardingProfile(ctx, "example_gp_proxy_basic", &scm.ForwardingProfileArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("example-gp-proxy-basic"),
Type: &scm.ForwardingProfileTypeArgs{
GlobalProtectProxy: &scm.ForwardingProfileTypeGlobalProtectProxyArgs{
ForwardingRules: scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArray{
&scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs{
Name: pulumi.String("direct-rule"),
Connectivity: pulumi.String("direct"),
Destinations: pulumi.String("Any"),
Enabled: pulumi.Bool(true),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleUsEast,
corpDestinations,
}))
if err != nil {
return err
}
// Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
_, err = scm.NewForwardingProfile(ctx, "example_gp_proxy_full", &scm.ForwardingProfileArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("example-gp-proxy-full"),
Description: pulumi.String("Managed by Terraform - GP proxy with block rule and multiple forwarding rules"),
Type: &scm.ForwardingProfileTypeArgs{
GlobalProtectProxy: &scm.ForwardingProfileTypeGlobalProtectProxyArgs{
PacUpload: pulumi.Bool(false),
BlockRule: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs{
Enable: pulumi.Bool(true),
AllowTcp: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs{
EnableLocations: pulumi.Bool(true),
Locations: pulumi.StringArray{
exampleUsEast.Name,
},
},
AllowUdp: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs{
EnableLocations: pulumi.Bool(true),
Locations: pulumi.StringArray{
exampleUsEast.Name,
},
EnableDestinations: pulumi.Bool(true),
Destinations: pulumi.String("any"),
},
},
ForwardingRules: scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArray{
&scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs{
Name: pulumi.String("direct-rule"),
Connectivity: pulumi.String("direct"),
Destinations: corpDestinations.Name,
UserLocations: pulumi.String("Any"),
Enabled: pulumi.Bool(true),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleUsEast,
corpDestinations,
}))
if err != nil {
return err
}
// PAC file based forwarding profile
_, err = scm.NewForwardingProfile(ctx, "example_pac_file", &scm.ForwardingProfileArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("example-pac-file"),
Description: pulumi.String("Managed by Terraform - PAC file based forwarding profile"),
Type: &scm.ForwardingProfileTypeArgs{
PacFile: &scm.ForwardingProfileTypePacFileArgs{
PacUpload: pulumi.Bool(true),
ForwardingRules: scm.ForwardingProfileTypePacFileForwardingRuleArray{
&scm.ForwardingProfileTypePacFileForwardingRuleArgs{
Name: pulumi.String("pac-direct-rule"),
Connectivity: pulumi.String("direct"),
Destinations: pulumi.String("Any"),
Enabled: pulumi.Bool(true),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleUsEast,
corpDestinations,
}))
if err != nil {
return err
}
// ZTNA agent-based forwarding profile with block rule and forwarding rules
_, err = scm.NewForwardingProfile(ctx, "example_ztna_agent", &scm.ForwardingProfileArgs{
Folder: pulumi.String("Mobile Users"),
Name: pulumi.String("example-ztna-agent"),
Description: pulumi.String("Managed by Terraform - ZTNA agent forwarding profile with block rule"),
Type: &scm.ForwardingProfileTypeArgs{
ZtnaAgent: &scm.ForwardingProfileTypeZtnaAgentArgs{
BlockRule: &scm.ForwardingProfileTypeZtnaAgentBlockRuleArgs{
BlockAllOtherUnmatchedOutboundConnections: pulumi.Bool(false),
BlockInboundAccessWhenConnectedToTunnel: pulumi.Bool(false),
BlockNonTcpNonUdpTrafficWhenConnectedToTunnel: pulumi.Bool(false),
AllowIcmpForTroubleshooting: pulumi.Bool(false),
BlockOutboundLanAccessWhenConnectedToTunnel: pulumi.Bool(false),
EnforcerFqdnDnsResolutionViaDnsServers: pulumi.Bool(true),
ResolveAllFqdnsUsingDnsServersAssignedByTheTunnel: pulumi.Bool(true),
},
ForwardingRules: scm.ForwardingProfileTypeZtnaAgentForwardingRuleArray{
&scm.ForwardingProfileTypeZtnaAgentForwardingRuleArgs{
Name: pulumi.String("ztna-dns-rule"),
Connectivity: pulumi.String("tunnel"),
Destinations: corpDestinations.Name,
SourceApplications: pulumi.String("Any"),
TrafficType: pulumi.String("dns-and-network-traffic"),
UserLocations: pulumi.String("Any"),
Enabled: pulumi.Bool(true),
},
&scm.ForwardingProfileTypeZtnaAgentForwardingRuleArgs{
Name: pulumi.String("ztna-direct-rule"),
Connectivity: pulumi.String("direct"),
Destinations: pulumi.String("Any"),
SourceApplications: pulumi.String("Any"),
TrafficType: pulumi.String("network-traffic"),
UserLocations: pulumi.String("Any"),
Enabled: pulumi.Bool(true),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
corpDestinations,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scm = Pulumi.Scm;
return await Deployment.RunAsync(() =>
{
// User location representing the US East office IP ranges
var exampleUsEast = new Scm.Index.ForwardingProfileUserLocation("example_us_east", new()
{
Folder = "Mobile Users",
Name = "us-east-tf",
Description = "Managed by Terraform - US East office user location",
IpAddresses = new[]
{
"10.1.0.0/16",
"10.2.0.0/16",
},
});
// Corporate destination profile with FQDN and IP ranges
var corpDestinations = new Scm.Index.ForwardingProfileDestination("corp_destinations", new()
{
Folder = "Mobile Users",
Name = "corp-destinations-combined",
Description = "Managed by Terraform - Corporate FQDN and IP destinations (combined example)",
Fqdns = new[]
{
new Scm.Inputs.ForwardingProfileDestinationFqdnArgs
{
Name = "*.corporate.com",
Port = 443,
},
new Scm.Inputs.ForwardingProfileDestinationFqdnArgs
{
Name = "api.internal.com",
Port = 8443,
},
},
IpAddresses = new[]
{
new Scm.Inputs.ForwardingProfileDestinationIpAddressArgs
{
Name = "10.0.0.0/8",
Port = 443,
},
new Scm.Inputs.ForwardingProfileDestinationIpAddressArgs
{
Name = "172.16.0.0/12",
Port = 443,
},
},
});
// Basic Global Protect proxy-based forwarding profile with a single forwarding rule
var exampleGpProxyBasic = new Scm.Index.ForwardingProfile("example_gp_proxy_basic", new()
{
Folder = "Mobile Users",
Name = "example-gp-proxy-basic",
Type = new Scm.Inputs.ForwardingProfileTypeArgs
{
GlobalProtectProxy = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyArgs
{
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs
{
Name = "direct-rule",
Connectivity = "direct",
Destinations = "Any",
Enabled = true,
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleUsEast,
corpDestinations,
},
});
// Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
var exampleGpProxyFull = new Scm.Index.ForwardingProfile("example_gp_proxy_full", new()
{
Folder = "Mobile Users",
Name = "example-gp-proxy-full",
Description = "Managed by Terraform - GP proxy with block rule and multiple forwarding rules",
Type = new Scm.Inputs.ForwardingProfileTypeArgs
{
GlobalProtectProxy = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyArgs
{
PacUpload = false,
BlockRule = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs
{
Enable = true,
AllowTcp = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs
{
EnableLocations = true,
Locations = new[]
{
exampleUsEast.Name,
},
},
AllowUdp = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs
{
EnableLocations = true,
Locations = new[]
{
exampleUsEast.Name,
},
EnableDestinations = true,
Destinations = "any",
},
},
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs
{
Name = "direct-rule",
Connectivity = "direct",
Destinations = corpDestinations.Name,
UserLocations = "Any",
Enabled = true,
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleUsEast,
corpDestinations,
},
});
// PAC file based forwarding profile
var examplePacFile = new Scm.Index.ForwardingProfile("example_pac_file", new()
{
Folder = "Mobile Users",
Name = "example-pac-file",
Description = "Managed by Terraform - PAC file based forwarding profile",
Type = new Scm.Inputs.ForwardingProfileTypeArgs
{
PacFile = new Scm.Inputs.ForwardingProfileTypePacFileArgs
{
PacUpload = true,
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypePacFileForwardingRuleArgs
{
Name = "pac-direct-rule",
Connectivity = "direct",
Destinations = "Any",
Enabled = true,
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleUsEast,
corpDestinations,
},
});
// ZTNA agent-based forwarding profile with block rule and forwarding rules
var exampleZtnaAgent = new Scm.Index.ForwardingProfile("example_ztna_agent", new()
{
Folder = "Mobile Users",
Name = "example-ztna-agent",
Description = "Managed by Terraform - ZTNA agent forwarding profile with block rule",
Type = new Scm.Inputs.ForwardingProfileTypeArgs
{
ZtnaAgent = new Scm.Inputs.ForwardingProfileTypeZtnaAgentArgs
{
BlockRule = new Scm.Inputs.ForwardingProfileTypeZtnaAgentBlockRuleArgs
{
BlockAllOtherUnmatchedOutboundConnections = false,
BlockInboundAccessWhenConnectedToTunnel = false,
BlockNonTcpNonUdpTrafficWhenConnectedToTunnel = false,
AllowIcmpForTroubleshooting = false,
BlockOutboundLanAccessWhenConnectedToTunnel = false,
EnforcerFqdnDnsResolutionViaDnsServers = true,
ResolveAllFqdnsUsingDnsServersAssignedByTheTunnel = true,
},
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypeZtnaAgentForwardingRuleArgs
{
Name = "ztna-dns-rule",
Connectivity = "tunnel",
Destinations = corpDestinations.Name,
SourceApplications = "Any",
TrafficType = "dns-and-network-traffic",
UserLocations = "Any",
Enabled = true,
},
new Scm.Inputs.ForwardingProfileTypeZtnaAgentForwardingRuleArgs
{
Name = "ztna-direct-rule",
Connectivity = "direct",
Destinations = "Any",
SourceApplications = "Any",
TrafficType = "network-traffic",
UserLocations = "Any",
Enabled = true,
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
corpDestinations,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scm.ForwardingProfileUserLocation;
import com.pulumi.scm.ForwardingProfileUserLocationArgs;
import com.pulumi.scm.ForwardingProfileDestination;
import com.pulumi.scm.ForwardingProfileDestinationArgs;
import com.pulumi.scm.inputs.ForwardingProfileDestinationFqdnArgs;
import com.pulumi.scm.inputs.ForwardingProfileDestinationIpAddressArgs;
import com.pulumi.scm.ForwardingProfile;
import com.pulumi.scm.ForwardingProfileArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeGlobalProtectProxyArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypePacFileArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeZtnaAgentArgs;
import com.pulumi.scm.inputs.ForwardingProfileTypeZtnaAgentBlockRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// User location representing the US East office IP ranges
var exampleUsEast = new ForwardingProfileUserLocation("exampleUsEast", ForwardingProfileUserLocationArgs.builder()
.folder("Mobile Users")
.name("us-east-tf")
.description("Managed by Terraform - US East office user location")
.ipAddresses(
"10.1.0.0/16",
"10.2.0.0/16")
.build());
// Corporate destination profile with FQDN and IP ranges
var corpDestinations = new ForwardingProfileDestination("corpDestinations", ForwardingProfileDestinationArgs.builder()
.folder("Mobile Users")
.name("corp-destinations-combined")
.description("Managed by Terraform - Corporate FQDN and IP destinations (combined example)")
.fqdns(
ForwardingProfileDestinationFqdnArgs.builder()
.name("*.corporate.com")
.port(443)
.build(),
ForwardingProfileDestinationFqdnArgs.builder()
.name("api.internal.com")
.port(8443)
.build())
.ipAddresses(
ForwardingProfileDestinationIpAddressArgs.builder()
.name("10.0.0.0/8")
.port(443)
.build(),
ForwardingProfileDestinationIpAddressArgs.builder()
.name("172.16.0.0/12")
.port(443)
.build())
.build());
// Basic Global Protect proxy-based forwarding profile with a single forwarding rule
var exampleGpProxyBasic = new ForwardingProfile("exampleGpProxyBasic", ForwardingProfileArgs.builder()
.folder("Mobile Users")
.name("example-gp-proxy-basic")
.type(ForwardingProfileTypeArgs.builder()
.globalProtectProxy(ForwardingProfileTypeGlobalProtectProxyArgs.builder()
.forwardingRules(ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs.builder()
.name("direct-rule")
.connectivity("direct")
.destinations("Any")
.enabled(true)
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleUsEast,
corpDestinations)
.build());
// Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
var exampleGpProxyFull = new ForwardingProfile("exampleGpProxyFull", ForwardingProfileArgs.builder()
.folder("Mobile Users")
.name("example-gp-proxy-full")
.description("Managed by Terraform - GP proxy with block rule and multiple forwarding rules")
.type(ForwardingProfileTypeArgs.builder()
.globalProtectProxy(ForwardingProfileTypeGlobalProtectProxyArgs.builder()
.pacUpload(false)
.blockRule(ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs.builder()
.enable(true)
.allowTcp(ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs.builder()
.enableLocations(true)
.locations(exampleUsEast.name())
.build())
.allowUdp(ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs.builder()
.enableLocations(true)
.locations(exampleUsEast.name())
.enableDestinations(true)
.destinations("any")
.build())
.build())
.forwardingRules(ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs.builder()
.name("direct-rule")
.connectivity("direct")
.destinations(corpDestinations.name())
.userLocations("Any")
.enabled(true)
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleUsEast,
corpDestinations)
.build());
// PAC file based forwarding profile
var examplePacFile = new ForwardingProfile("examplePacFile", ForwardingProfileArgs.builder()
.folder("Mobile Users")
.name("example-pac-file")
.description("Managed by Terraform - PAC file based forwarding profile")
.type(ForwardingProfileTypeArgs.builder()
.pacFile(ForwardingProfileTypePacFileArgs.builder()
.pacUpload(true)
.forwardingRules(ForwardingProfileTypePacFileForwardingRuleArgs.builder()
.name("pac-direct-rule")
.connectivity("direct")
.destinations("Any")
.enabled(true)
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleUsEast,
corpDestinations)
.build());
// ZTNA agent-based forwarding profile with block rule and forwarding rules
var exampleZtnaAgent = new ForwardingProfile("exampleZtnaAgent", ForwardingProfileArgs.builder()
.folder("Mobile Users")
.name("example-ztna-agent")
.description("Managed by Terraform - ZTNA agent forwarding profile with block rule")
.type(ForwardingProfileTypeArgs.builder()
.ztnaAgent(ForwardingProfileTypeZtnaAgentArgs.builder()
.blockRule(ForwardingProfileTypeZtnaAgentBlockRuleArgs.builder()
.blockAllOtherUnmatchedOutboundConnections(false)
.blockInboundAccessWhenConnectedToTunnel(false)
.blockNonTcpNonUdpTrafficWhenConnectedToTunnel(false)
.allowIcmpForTroubleshooting(false)
.blockOutboundLanAccessWhenConnectedToTunnel(false)
.enforcerFqdnDnsResolutionViaDnsServers(true)
.resolveAllFqdnsUsingDnsServersAssignedByTheTunnel(true)
.build())
.forwardingRules(
ForwardingProfileTypeZtnaAgentForwardingRuleArgs.builder()
.name("ztna-dns-rule")
.connectivity("tunnel")
.destinations(corpDestinations.name())
.sourceApplications("Any")
.trafficType("dns-and-network-traffic")
.userLocations("Any")
.enabled(true)
.build(),
ForwardingProfileTypeZtnaAgentForwardingRuleArgs.builder()
.name("ztna-direct-rule")
.connectivity("direct")
.destinations("Any")
.sourceApplications("Any")
.trafficType("network-traffic")
.userLocations("Any")
.enabled(true)
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(corpDestinations)
.build());
}
}
resources:
# User location representing the US East office IP ranges
exampleUsEast:
type: scm:ForwardingProfileUserLocation
name: example_us_east
properties:
folder: Mobile Users
name: us-east-tf
description: Managed by Terraform - US East office user location
ipAddresses:
- 10.1.0.0/16
- 10.2.0.0/16
# Corporate destination profile with FQDN and IP ranges
corpDestinations:
type: scm:ForwardingProfileDestination
name: corp_destinations
properties:
folder: Mobile Users
name: corp-destinations-combined
description: Managed by Terraform - Corporate FQDN and IP destinations (combined example)
fqdns:
- name: '*.corporate.com'
port: 443
- name: api.internal.com
port: 8443
ipAddresses:
- name: 10.0.0.0/8
port: 443
- name: 172.16.0.0/12
port: 443
# Basic Global Protect proxy-based forwarding profile with a single forwarding rule
exampleGpProxyBasic:
type: scm:ForwardingProfile
name: example_gp_proxy_basic
properties:
folder: Mobile Users
name: example-gp-proxy-basic
type:
globalProtectProxy:
forwardingRules:
- name: direct-rule
connectivity: direct
destinations: Any
enabled: true
options:
dependsOn:
- ${exampleUsEast}
- ${corpDestinations}
# Global Protect proxy-based forwarding profile with block rule and multiple forwarding rules
exampleGpProxyFull:
type: scm:ForwardingProfile
name: example_gp_proxy_full
properties:
folder: Mobile Users
name: example-gp-proxy-full
description: Managed by Terraform - GP proxy with block rule and multiple forwarding rules
type:
globalProtectProxy:
pacUpload: false
blockRule:
enable: true
allowTcp:
enableLocations: true
locations:
- ${exampleUsEast.name}
allowUdp:
enableLocations: true
locations:
- ${exampleUsEast.name}
enableDestinations: true
destinations: any
forwardingRules:
- name: direct-rule
connectivity: direct
destinations: ${corpDestinations.name}
userLocations: Any
enabled: true
options:
dependsOn:
- ${exampleUsEast}
- ${corpDestinations}
# PAC file based forwarding profile
examplePacFile:
type: scm:ForwardingProfile
name: example_pac_file
properties:
folder: Mobile Users
name: example-pac-file
description: Managed by Terraform - PAC file based forwarding profile
type:
pacFile:
pacUpload: true
forwardingRules:
- name: pac-direct-rule
connectivity: direct
destinations: Any
enabled: true
options:
dependsOn:
- ${exampleUsEast}
- ${corpDestinations}
# ZTNA agent-based forwarding profile with block rule and forwarding rules
exampleZtnaAgent:
type: scm:ForwardingProfile
name: example_ztna_agent
properties:
folder: Mobile Users
name: example-ztna-agent
description: Managed by Terraform - ZTNA agent forwarding profile with block rule
type:
ztnaAgent:
blockRule:
blockAllOtherUnmatchedOutboundConnections: false
blockInboundAccessWhenConnectedToTunnel: false
blockNonTcpNonUdpTrafficWhenConnectedToTunnel: false
allowIcmpForTroubleshooting: false
blockOutboundLanAccessWhenConnectedToTunnel: false
enforcerFqdnDnsResolutionViaDnsServers: true
resolveAllFqdnsUsingDnsServersAssignedByTheTunnel: true
forwardingRules:
- name: ztna-dns-rule
connectivity: tunnel
destinations: ${corpDestinations.name}
sourceApplications: Any
trafficType: dns-and-network-traffic
userLocations: Any
enabled: true
- name: ztna-direct-rule
connectivity: direct
destinations: Any
sourceApplications: Any
trafficType: network-traffic
userLocations: Any
enabled: true
options:
dependsOn:
- ${corpDestinations}
Create ForwardingProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ForwardingProfile(name: string, args?: ForwardingProfileArgs, opts?: CustomResourceOptions);@overload
def ForwardingProfile(resource_name: str,
args: Optional[ForwardingProfileArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ForwardingProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
definition_method: Optional[str] = None,
description: Optional[str] = None,
folder: Optional[str] = None,
name: Optional[str] = None,
type: Optional[ForwardingProfileTypeArgs] = None)func NewForwardingProfile(ctx *Context, name string, args *ForwardingProfileArgs, opts ...ResourceOption) (*ForwardingProfile, error)public ForwardingProfile(string name, ForwardingProfileArgs? args = null, CustomResourceOptions? opts = null)
public ForwardingProfile(String name, ForwardingProfileArgs args)
public ForwardingProfile(String name, ForwardingProfileArgs args, CustomResourceOptions options)
type: scm:ForwardingProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ForwardingProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ForwardingProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ForwardingProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ForwardingProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ForwardingProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var forwardingProfileResource = new Scm.ForwardingProfile("forwardingProfileResource", new()
{
DefinitionMethod = "string",
Description = "string",
Folder = "string",
Name = "string",
Type = new Scm.Inputs.ForwardingProfileTypeArgs
{
GlobalProtectProxy = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyArgs
{
BlockRule = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs
{
AllowTcp = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs
{
EnableLocations = false,
Locations = new[]
{
"string",
},
},
AllowUdp = new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs
{
Destinations = "string",
EnableDestinations = false,
EnableLocations = false,
Locations = new[]
{
"string",
},
},
Enable = false,
},
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs
{
Name = "string",
Connectivity = "string",
Destinations = "string",
Enabled = false,
UserLocations = "string",
},
},
PacUpload = false,
},
PacFile = new Scm.Inputs.ForwardingProfileTypePacFileArgs
{
BlockRule = new Scm.Inputs.ForwardingProfileTypePacFileBlockRuleArgs
{
AllowTcp = new Scm.Inputs.ForwardingProfileTypePacFileBlockRuleAllowTcpArgs
{
EnableLocations = false,
Locations = new[]
{
"string",
},
},
AllowUdp = new Scm.Inputs.ForwardingProfileTypePacFileBlockRuleAllowUdpArgs
{
Destinations = "string",
EnableDestinations = false,
EnableLocations = false,
Locations = new[]
{
"string",
},
},
Enable = false,
},
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypePacFileForwardingRuleArgs
{
Name = "string",
Connectivity = "string",
Destinations = "string",
Enabled = false,
UserLocations = "string",
},
},
PacUpload = false,
},
ZtnaAgent = new Scm.Inputs.ForwardingProfileTypeZtnaAgentArgs
{
BlockRule = new Scm.Inputs.ForwardingProfileTypeZtnaAgentBlockRuleArgs
{
AllowIcmpForTroubleshooting = false,
BlockAllOtherUnmatchedOutboundConnections = false,
BlockInboundAccessWhenConnectedToTunnel = false,
BlockNonTcpNonUdpTrafficWhenConnectedToTunnel = false,
BlockOutboundLanAccessWhenConnectedToTunnel = false,
EnforcerFqdnDnsResolutionViaDnsServers = false,
ResolveAllFqdnsUsingDnsServersAssignedByTheTunnel = false,
},
ForwardingRules = new[]
{
new Scm.Inputs.ForwardingProfileTypeZtnaAgentForwardingRuleArgs
{
Name = "string",
Connectivity = "string",
Destinations = "string",
Enabled = false,
SourceApplications = "string",
TrafficType = "string",
UserLocations = "string",
},
},
PacUpload = false,
},
},
});
example, err := scm.NewForwardingProfile(ctx, "forwardingProfileResource", &scm.ForwardingProfileArgs{
DefinitionMethod: pulumi.String("string"),
Description: pulumi.String("string"),
Folder: pulumi.String("string"),
Name: pulumi.String("string"),
Type: &scm.ForwardingProfileTypeArgs{
GlobalProtectProxy: &scm.ForwardingProfileTypeGlobalProtectProxyArgs{
BlockRule: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs{
AllowTcp: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs{
EnableLocations: pulumi.Bool(false),
Locations: pulumi.StringArray{
pulumi.String("string"),
},
},
AllowUdp: &scm.ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs{
Destinations: pulumi.String("string"),
EnableDestinations: pulumi.Bool(false),
EnableLocations: pulumi.Bool(false),
Locations: pulumi.StringArray{
pulumi.String("string"),
},
},
Enable: pulumi.Bool(false),
},
ForwardingRules: scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArray{
&scm.ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs{
Name: pulumi.String("string"),
Connectivity: pulumi.String("string"),
Destinations: pulumi.String("string"),
Enabled: pulumi.Bool(false),
UserLocations: pulumi.String("string"),
},
},
PacUpload: pulumi.Bool(false),
},
PacFile: &scm.ForwardingProfileTypePacFileArgs{
BlockRule: &scm.ForwardingProfileTypePacFileBlockRuleArgs{
AllowTcp: &scm.ForwardingProfileTypePacFileBlockRuleAllowTcpArgs{
EnableLocations: pulumi.Bool(false),
Locations: pulumi.StringArray{
pulumi.String("string"),
},
},
AllowUdp: &scm.ForwardingProfileTypePacFileBlockRuleAllowUdpArgs{
Destinations: pulumi.String("string"),
EnableDestinations: pulumi.Bool(false),
EnableLocations: pulumi.Bool(false),
Locations: pulumi.StringArray{
pulumi.String("string"),
},
},
Enable: pulumi.Bool(false),
},
ForwardingRules: scm.ForwardingProfileTypePacFileForwardingRuleArray{
&scm.ForwardingProfileTypePacFileForwardingRuleArgs{
Name: pulumi.String("string"),
Connectivity: pulumi.String("string"),
Destinations: pulumi.String("string"),
Enabled: pulumi.Bool(false),
UserLocations: pulumi.String("string"),
},
},
PacUpload: pulumi.Bool(false),
},
ZtnaAgent: &scm.ForwardingProfileTypeZtnaAgentArgs{
BlockRule: &scm.ForwardingProfileTypeZtnaAgentBlockRuleArgs{
AllowIcmpForTroubleshooting: pulumi.Bool(false),
BlockAllOtherUnmatchedOutboundConnections: pulumi.Bool(false),
BlockInboundAccessWhenConnectedToTunnel: pulumi.Bool(false),
BlockNonTcpNonUdpTrafficWhenConnectedToTunnel: pulumi.Bool(false),
BlockOutboundLanAccessWhenConnectedToTunnel: pulumi.Bool(false),
EnforcerFqdnDnsResolutionViaDnsServers: pulumi.Bool(false),
ResolveAllFqdnsUsingDnsServersAssignedByTheTunnel: pulumi.Bool(false),
},
ForwardingRules: scm.ForwardingProfileTypeZtnaAgentForwardingRuleArray{
&scm.ForwardingProfileTypeZtnaAgentForwardingRuleArgs{
Name: pulumi.String("string"),
Connectivity: pulumi.String("string"),
Destinations: pulumi.String("string"),
Enabled: pulumi.Bool(false),
SourceApplications: pulumi.String("string"),
TrafficType: pulumi.String("string"),
UserLocations: pulumi.String("string"),
},
},
PacUpload: pulumi.Bool(false),
},
},
})
var forwardingProfileResource = new ForwardingProfile("forwardingProfileResource", ForwardingProfileArgs.builder()
.definitionMethod("string")
.description("string")
.folder("string")
.name("string")
.type(ForwardingProfileTypeArgs.builder()
.globalProtectProxy(ForwardingProfileTypeGlobalProtectProxyArgs.builder()
.blockRule(ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs.builder()
.allowTcp(ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs.builder()
.enableLocations(false)
.locations("string")
.build())
.allowUdp(ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs.builder()
.destinations("string")
.enableDestinations(false)
.enableLocations(false)
.locations("string")
.build())
.enable(false)
.build())
.forwardingRules(ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs.builder()
.name("string")
.connectivity("string")
.destinations("string")
.enabled(false)
.userLocations("string")
.build())
.pacUpload(false)
.build())
.pacFile(ForwardingProfileTypePacFileArgs.builder()
.blockRule(ForwardingProfileTypePacFileBlockRuleArgs.builder()
.allowTcp(ForwardingProfileTypePacFileBlockRuleAllowTcpArgs.builder()
.enableLocations(false)
.locations("string")
.build())
.allowUdp(ForwardingProfileTypePacFileBlockRuleAllowUdpArgs.builder()
.destinations("string")
.enableDestinations(false)
.enableLocations(false)
.locations("string")
.build())
.enable(false)
.build())
.forwardingRules(ForwardingProfileTypePacFileForwardingRuleArgs.builder()
.name("string")
.connectivity("string")
.destinations("string")
.enabled(false)
.userLocations("string")
.build())
.pacUpload(false)
.build())
.ztnaAgent(ForwardingProfileTypeZtnaAgentArgs.builder()
.blockRule(ForwardingProfileTypeZtnaAgentBlockRuleArgs.builder()
.allowIcmpForTroubleshooting(false)
.blockAllOtherUnmatchedOutboundConnections(false)
.blockInboundAccessWhenConnectedToTunnel(false)
.blockNonTcpNonUdpTrafficWhenConnectedToTunnel(false)
.blockOutboundLanAccessWhenConnectedToTunnel(false)
.enforcerFqdnDnsResolutionViaDnsServers(false)
.resolveAllFqdnsUsingDnsServersAssignedByTheTunnel(false)
.build())
.forwardingRules(ForwardingProfileTypeZtnaAgentForwardingRuleArgs.builder()
.name("string")
.connectivity("string")
.destinations("string")
.enabled(false)
.sourceApplications("string")
.trafficType("string")
.userLocations("string")
.build())
.pacUpload(false)
.build())
.build())
.build());
forwarding_profile_resource = scm.ForwardingProfile("forwardingProfileResource",
definition_method="string",
description="string",
folder="string",
name="string",
type={
"global_protect_proxy": {
"block_rule": {
"allow_tcp": {
"enable_locations": False,
"locations": ["string"],
},
"allow_udp": {
"destinations": "string",
"enable_destinations": False,
"enable_locations": False,
"locations": ["string"],
},
"enable": False,
},
"forwarding_rules": [{
"name": "string",
"connectivity": "string",
"destinations": "string",
"enabled": False,
"user_locations": "string",
}],
"pac_upload": False,
},
"pac_file": {
"block_rule": {
"allow_tcp": {
"enable_locations": False,
"locations": ["string"],
},
"allow_udp": {
"destinations": "string",
"enable_destinations": False,
"enable_locations": False,
"locations": ["string"],
},
"enable": False,
},
"forwarding_rules": [{
"name": "string",
"connectivity": "string",
"destinations": "string",
"enabled": False,
"user_locations": "string",
}],
"pac_upload": False,
},
"ztna_agent": {
"block_rule": {
"allow_icmp_for_troubleshooting": False,
"block_all_other_unmatched_outbound_connections": False,
"block_inbound_access_when_connected_to_tunnel": False,
"block_non_tcp_non_udp_traffic_when_connected_to_tunnel": False,
"block_outbound_lan_access_when_connected_to_tunnel": False,
"enforcer_fqdn_dns_resolution_via_dns_servers": False,
"resolve_all_fqdns_using_dns_servers_assigned_by_the_tunnel": False,
},
"forwarding_rules": [{
"name": "string",
"connectivity": "string",
"destinations": "string",
"enabled": False,
"source_applications": "string",
"traffic_type": "string",
"user_locations": "string",
}],
"pac_upload": False,
},
})
const forwardingProfileResource = new scm.ForwardingProfile("forwardingProfileResource", {
definitionMethod: "string",
description: "string",
folder: "string",
name: "string",
type: {
globalProtectProxy: {
blockRule: {
allowTcp: {
enableLocations: false,
locations: ["string"],
},
allowUdp: {
destinations: "string",
enableDestinations: false,
enableLocations: false,
locations: ["string"],
},
enable: false,
},
forwardingRules: [{
name: "string",
connectivity: "string",
destinations: "string",
enabled: false,
userLocations: "string",
}],
pacUpload: false,
},
pacFile: {
blockRule: {
allowTcp: {
enableLocations: false,
locations: ["string"],
},
allowUdp: {
destinations: "string",
enableDestinations: false,
enableLocations: false,
locations: ["string"],
},
enable: false,
},
forwardingRules: [{
name: "string",
connectivity: "string",
destinations: "string",
enabled: false,
userLocations: "string",
}],
pacUpload: false,
},
ztnaAgent: {
blockRule: {
allowIcmpForTroubleshooting: false,
blockAllOtherUnmatchedOutboundConnections: false,
blockInboundAccessWhenConnectedToTunnel: false,
blockNonTcpNonUdpTrafficWhenConnectedToTunnel: false,
blockOutboundLanAccessWhenConnectedToTunnel: false,
enforcerFqdnDnsResolutionViaDnsServers: false,
resolveAllFqdnsUsingDnsServersAssignedByTheTunnel: false,
},
forwardingRules: [{
name: "string",
connectivity: "string",
destinations: "string",
enabled: false,
sourceApplications: "string",
trafficType: "string",
userLocations: "string",
}],
pacUpload: false,
},
},
});
type: scm:ForwardingProfile
properties:
definitionMethod: string
description: string
folder: string
name: string
type:
globalProtectProxy:
blockRule:
allowTcp:
enableLocations: false
locations:
- string
allowUdp:
destinations: string
enableDestinations: false
enableLocations: false
locations:
- string
enable: false
forwardingRules:
- connectivity: string
destinations: string
enabled: false
name: string
userLocations: string
pacUpload: false
pacFile:
blockRule:
allowTcp:
enableLocations: false
locations:
- string
allowUdp:
destinations: string
enableDestinations: false
enableLocations: false
locations:
- string
enable: false
forwardingRules:
- connectivity: string
destinations: string
enabled: false
name: string
userLocations: string
pacUpload: false
ztnaAgent:
blockRule:
allowIcmpForTroubleshooting: false
blockAllOtherUnmatchedOutboundConnections: false
blockInboundAccessWhenConnectedToTunnel: false
blockNonTcpNonUdpTrafficWhenConnectedToTunnel: false
blockOutboundLanAccessWhenConnectedToTunnel: false
enforcerFqdnDnsResolutionViaDnsServers: false
resolveAllFqdnsUsingDnsServersAssignedByTheTunnel: false
forwardingRules:
- connectivity: string
destinations: string
enabled: false
name: string
sourceApplications: string
trafficType: string
userLocations: string
pacUpload: false
ForwardingProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ForwardingProfile resource accepts the following input properties:
- Definition
Method string - Enable forwarding rule for forwarding profile
- Description string
- Forwarding profile description
- Folder string
- The folder in which the resource is defined
- Name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- Definition
Method string - Enable forwarding rule for forwarding profile
- Description string
- Forwarding profile description
- Folder string
- The folder in which the resource is defined
- Name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Type
Forwarding
Profile Type Args - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method String - Enable forwarding rule for forwarding profile
- description String
- Forwarding profile description
- folder String
- The folder in which the resource is defined
- name String
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method string - Enable forwarding rule for forwarding profile
- description string
- Forwarding profile description
- folder string
- The folder in which the resource is defined
- name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition_
method str - Enable forwarding rule for forwarding profile
- description str
- Forwarding profile description
- folder str
- The folder in which the resource is defined
- name str
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- type
Forwarding
Profile Type Args - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method String - Enable forwarding rule for forwarding profile
- description String
- Forwarding profile description
- folder String
- The folder in which the resource is defined
- name String
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- type Property Map
- Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
Outputs
All input properties are implicitly available as output properties. Additionally, the ForwardingProfile resource produces the following output properties:
Look up Existing ForwardingProfile Resource
Get an existing ForwardingProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ForwardingProfileState, opts?: CustomResourceOptions): ForwardingProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
definition_method: Optional[str] = None,
description: Optional[str] = None,
folder: Optional[str] = None,
name: Optional[str] = None,
tfid: Optional[str] = None,
type: Optional[ForwardingProfileTypeArgs] = None) -> ForwardingProfilefunc GetForwardingProfile(ctx *Context, name string, id IDInput, state *ForwardingProfileState, opts ...ResourceOption) (*ForwardingProfile, error)public static ForwardingProfile Get(string name, Input<string> id, ForwardingProfileState? state, CustomResourceOptions? opts = null)public static ForwardingProfile get(String name, Output<String> id, ForwardingProfileState state, CustomResourceOptions options)resources: _: type: scm:ForwardingProfile get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Definition
Method string - Enable forwarding rule for forwarding profile
- Description string
- Forwarding profile description
- Folder string
- The folder in which the resource is defined
- Name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Tfid string
- The Terraform ID.
- Type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- Definition
Method string - Enable forwarding rule for forwarding profile
- Description string
- Forwarding profile description
- Folder string
- The folder in which the resource is defined
- Name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Tfid string
- The Terraform ID.
- Type
Forwarding
Profile Type Args - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method String - Enable forwarding rule for forwarding profile
- description String
- Forwarding profile description
- folder String
- The folder in which the resource is defined
- name String
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- tfid String
- The Terraform ID.
- type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method string - Enable forwarding rule for forwarding profile
- description string
- Forwarding profile description
- folder string
- The folder in which the resource is defined
- name string
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- tfid string
- The Terraform ID.
- type
Forwarding
Profile Type - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition_
method str - Enable forwarding rule for forwarding profile
- description str
- Forwarding profile description
- folder str
- The folder in which the resource is defined
- name str
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- tfid str
- The Terraform ID.
- type
Forwarding
Profile Type Args - Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
- definition
Method String - Enable forwarding rule for forwarding profile
- description String
- Forwarding profile description
- folder String
- The folder in which the resource is defined
- name String
- forwarding profile name as an alphanumeric string [ 0-9a-zA-Z._ -]
- tfid String
- The Terraform ID.
- type Property Map
- Forwarding profile type configuration (PAC file, GlobalProtect proxy, or ZTNA agent)
Supporting Types
ForwardingProfileType, ForwardingProfileTypeArgs
- Global
Protect ForwardingProxy Profile Type Global Protect Proxy - Global Protect proxy-based forwarding configuration
- Pac
File ForwardingProfile Type Pac File PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- Ztna
Agent ForwardingProfile Type Ztna Agent ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
- Global
Protect ForwardingProxy Profile Type Global Protect Proxy - Global Protect proxy-based forwarding configuration
- Pac
File ForwardingProfile Type Pac File PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- Ztna
Agent ForwardingProfile Type Ztna Agent ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
- global
Protect ForwardingProxy Profile Type Global Protect Proxy - Global Protect proxy-based forwarding configuration
- pac
File ForwardingProfile Type Pac File PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- ztna
Agent ForwardingProfile Type Ztna Agent ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
- global
Protect ForwardingProxy Profile Type Global Protect Proxy - Global Protect proxy-based forwarding configuration
- pac
File ForwardingProfile Type Pac File PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- ztna
Agent ForwardingProfile Type Ztna Agent ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
- global_
protect_ Forwardingproxy Profile Type Global Protect Proxy - Global Protect proxy-based forwarding configuration
- pac_
file ForwardingProfile Type Pac File PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- ztna_
agent ForwardingProfile Type Ztna Agent ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
- global
Protect Property MapProxy - Global Protect proxy-based forwarding configuration
- pac
File Property Map PAC file based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.- ztna
Agent Property Map ZTNA agent-based forwarding configuration
ℹ️ Note: You must specify exactly one of
globalProtectProxy,pacFile, andztnaAgent.
ForwardingProfileTypeGlobalProtectProxy, ForwardingProfileTypeGlobalProtectProxyArgs
- Block
Rule ForwardingProfile Type Global Protect Proxy Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- Forwarding
Rules List<ForwardingProfile Type Global Protect Proxy Forwarding Rule> - List of GlobalProtect proxy-based forwarding rules
- Pac
Upload bool - User uploaded PAC file for Global Protect proxy-based forwarding configuration
- Block
Rule ForwardingProfile Type Global Protect Proxy Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- Forwarding
Rules []ForwardingProfile Type Global Protect Proxy Forwarding Rule - List of GlobalProtect proxy-based forwarding rules
- Pac
Upload bool - User uploaded PAC file for Global Protect proxy-based forwarding configuration
- block
Rule ForwardingProfile Type Global Protect Proxy Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules List<ForwardingProfile Type Global Protect Proxy Forwarding Rule> - List of GlobalProtect proxy-based forwarding rules
- pac
Upload Boolean - User uploaded PAC file for Global Protect proxy-based forwarding configuration
- block
Rule ForwardingProfile Type Global Protect Proxy Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules ForwardingProfile Type Global Protect Proxy Forwarding Rule[] - List of GlobalProtect proxy-based forwarding rules
- pac
Upload boolean - User uploaded PAC file for Global Protect proxy-based forwarding configuration
- block_
rule ForwardingProfile Type Global Protect Proxy Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding_
rules Sequence[ForwardingProfile Type Global Protect Proxy Forwarding Rule] - List of GlobalProtect proxy-based forwarding rules
- pac_
upload bool - User uploaded PAC file for Global Protect proxy-based forwarding configuration
- block
Rule Property Map - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules List<Property Map> - List of GlobalProtect proxy-based forwarding rules
- pac
Upload Boolean - User uploaded PAC file for Global Protect proxy-based forwarding configuration
ForwardingProfileTypeGlobalProtectProxyBlockRule, ForwardingProfileTypeGlobalProtectProxyBlockRuleArgs
- Allow
Tcp ForwardingProfile Type Global Protect Proxy Block Rule Allow Tcp - TCP traffic allowlist configuration
- Allow
Udp ForwardingProfile Type Global Protect Proxy Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- Enable bool
- Enable block rule
- Allow
Tcp ForwardingProfile Type Global Protect Proxy Block Rule Allow Tcp - TCP traffic allowlist configuration
- Allow
Udp ForwardingProfile Type Global Protect Proxy Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- Enable bool
- Enable block rule
- allow
Tcp ForwardingProfile Type Global Protect Proxy Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow
Udp ForwardingProfile Type Global Protect Proxy Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable Boolean
- Enable block rule
- allow
Tcp ForwardingProfile Type Global Protect Proxy Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow
Udp ForwardingProfile Type Global Protect Proxy Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable boolean
- Enable block rule
- allow_
tcp ForwardingProfile Type Global Protect Proxy Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow_
udp ForwardingProfile Type Global Protect Proxy Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable bool
- Enable block rule
- allow
Tcp Property Map - TCP traffic allowlist configuration
- allow
Udp Property Map - UDP traffic allowlist configuration with location and destination support
- enable Boolean
- Enable block rule
ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcp, ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowTcpArgs
- Enable
Locations bool - Enable locations for allow-tcp
- Locations List<string>
- List of user locations allowed for TCP traffic
- Enable
Locations bool - Enable locations for allow-tcp
- Locations []string
- List of user locations allowed for TCP traffic
- enable
Locations Boolean - Enable locations for allow-tcp
- locations List<String>
- List of user locations allowed for TCP traffic
- enable
Locations boolean - Enable locations for allow-tcp
- locations string[]
- List of user locations allowed for TCP traffic
- enable_
locations bool - Enable locations for allow-tcp
- locations Sequence[str]
- List of user locations allowed for TCP traffic
- enable
Locations Boolean - Enable locations for allow-tcp
- locations List<String>
- List of user locations allowed for TCP traffic
ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdp, ForwardingProfileTypeGlobalProtectProxyBlockRuleAllowUdpArgs
- Destinations string
- Destination addresses or networks allowed for UDP traffic
- Enable
Destinations bool - Enable destinations for allow-udp
- Enable
Locations bool - Enable locations for allow-udp
- Locations List<string>
- List of user locations allowed for UDP traffic
- Destinations string
- Destination addresses or networks allowed for UDP traffic
- Enable
Destinations bool - Enable destinations for allow-udp
- Enable
Locations bool - Enable locations for allow-udp
- Locations []string
- List of user locations allowed for UDP traffic
- destinations String
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations Boolean - Enable destinations for allow-udp
- enable
Locations Boolean - Enable locations for allow-udp
- locations List<String>
- List of user locations allowed for UDP traffic
- destinations string
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations boolean - Enable destinations for allow-udp
- enable
Locations boolean - Enable locations for allow-udp
- locations string[]
- List of user locations allowed for UDP traffic
- destinations str
- Destination addresses or networks allowed for UDP traffic
- enable_
destinations bool - Enable destinations for allow-udp
- enable_
locations bool - Enable locations for allow-udp
- locations Sequence[str]
- List of user locations allowed for UDP traffic
- destinations String
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations Boolean - Enable destinations for allow-udp
- enable
Locations Boolean - Enable locations for allow-udp
- locations List<String>
- List of user locations allowed for UDP traffic
ForwardingProfileTypeGlobalProtectProxyForwardingRule, ForwardingProfileTypeGlobalProtectProxyForwardingRuleArgs
- Name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- Destinations string
- Destination scope this forwarding rule applies to
- Enabled bool
- Enable a basic forwarding rule
- User
Locations string - User location scope this rule applies to
- Name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- Destinations string
- Destination scope this forwarding rule applies to
- Enabled bool
- Enable a basic forwarding rule
- User
Locations string - User location scope this rule applies to
- name String
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this forwarding rule (e.g. direct)
- destinations String
- Destination scope this forwarding rule applies to
- enabled Boolean
- Enable a basic forwarding rule
- user
Locations String - User location scope this rule applies to
- name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- destinations string
- Destination scope this forwarding rule applies to
- enabled boolean
- Enable a basic forwarding rule
- user
Locations string - User location scope this rule applies to
- name str
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity str
- Connectivity method for this forwarding rule (e.g. direct)
- destinations str
- Destination scope this forwarding rule applies to
- enabled bool
- Enable a basic forwarding rule
- user_
locations str - User location scope this rule applies to
- name String
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this forwarding rule (e.g. direct)
- destinations String
- Destination scope this forwarding rule applies to
- enabled Boolean
- Enable a basic forwarding rule
- user
Locations String - User location scope this rule applies to
ForwardingProfileTypePacFile, ForwardingProfileTypePacFileArgs
- Block
Rule ForwardingProfile Type Pac File Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- Forwarding
Rules List<ForwardingProfile Type Pac File Forwarding Rule> - List of PAC file-based forwarding rules
- Pac
Upload bool - User upload PAC file for PAC file based forwarding configuration
- Block
Rule ForwardingProfile Type Pac File Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- Forwarding
Rules []ForwardingProfile Type Pac File Forwarding Rule - List of PAC file-based forwarding rules
- Pac
Upload bool - User upload PAC file for PAC file based forwarding configuration
- block
Rule ForwardingProfile Type Pac File Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules List<ForwardingProfile Type Pac File Forwarding Rule> - List of PAC file-based forwarding rules
- pac
Upload Boolean - User upload PAC file for PAC file based forwarding configuration
- block
Rule ForwardingProfile Type Pac File Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules ForwardingProfile Type Pac File Forwarding Rule[] - List of PAC file-based forwarding rules
- pac
Upload boolean - User upload PAC file for PAC file based forwarding configuration
- block_
rule ForwardingProfile Type Pac File Block Rule - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding_
rules Sequence[ForwardingProfile Type Pac File Forwarding Rule] - List of PAC file-based forwarding rules
- pac_
upload bool - User upload PAC file for PAC file based forwarding configuration
- block
Rule Property Map - Basic block rule configuration for PAC file and GlobalProtect proxy profiles
- forwarding
Rules List<Property Map> - List of PAC file-based forwarding rules
- pac
Upload Boolean - User upload PAC file for PAC file based forwarding configuration
ForwardingProfileTypePacFileBlockRule, ForwardingProfileTypePacFileBlockRuleArgs
- Allow
Tcp ForwardingProfile Type Pac File Block Rule Allow Tcp - TCP traffic allowlist configuration
- Allow
Udp ForwardingProfile Type Pac File Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- Enable bool
- Enable block rule
- Allow
Tcp ForwardingProfile Type Pac File Block Rule Allow Tcp - TCP traffic allowlist configuration
- Allow
Udp ForwardingProfile Type Pac File Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- Enable bool
- Enable block rule
- allow
Tcp ForwardingProfile Type Pac File Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow
Udp ForwardingProfile Type Pac File Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable Boolean
- Enable block rule
- allow
Tcp ForwardingProfile Type Pac File Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow
Udp ForwardingProfile Type Pac File Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable boolean
- Enable block rule
- allow_
tcp ForwardingProfile Type Pac File Block Rule Allow Tcp - TCP traffic allowlist configuration
- allow_
udp ForwardingProfile Type Pac File Block Rule Allow Udp - UDP traffic allowlist configuration with location and destination support
- enable bool
- Enable block rule
- allow
Tcp Property Map - TCP traffic allowlist configuration
- allow
Udp Property Map - UDP traffic allowlist configuration with location and destination support
- enable Boolean
- Enable block rule
ForwardingProfileTypePacFileBlockRuleAllowTcp, ForwardingProfileTypePacFileBlockRuleAllowTcpArgs
- Enable
Locations bool - Enable locations for allow-tcp
- Locations List<string>
- List of user locations allowed for TCP traffic
- Enable
Locations bool - Enable locations for allow-tcp
- Locations []string
- List of user locations allowed for TCP traffic
- enable
Locations Boolean - Enable locations for allow-tcp
- locations List<String>
- List of user locations allowed for TCP traffic
- enable
Locations boolean - Enable locations for allow-tcp
- locations string[]
- List of user locations allowed for TCP traffic
- enable_
locations bool - Enable locations for allow-tcp
- locations Sequence[str]
- List of user locations allowed for TCP traffic
- enable
Locations Boolean - Enable locations for allow-tcp
- locations List<String>
- List of user locations allowed for TCP traffic
ForwardingProfileTypePacFileBlockRuleAllowUdp, ForwardingProfileTypePacFileBlockRuleAllowUdpArgs
- Destinations string
- Destination addresses or networks allowed for UDP traffic
- Enable
Destinations bool - Enable destinations for allow-udp
- Enable
Locations bool - Enable locations for allow-udp
- Locations List<string>
- List of user locations allowed for UDP traffic
- Destinations string
- Destination addresses or networks allowed for UDP traffic
- Enable
Destinations bool - Enable destinations for allow-udp
- Enable
Locations bool - Enable locations for allow-udp
- Locations []string
- List of user locations allowed for UDP traffic
- destinations String
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations Boolean - Enable destinations for allow-udp
- enable
Locations Boolean - Enable locations for allow-udp
- locations List<String>
- List of user locations allowed for UDP traffic
- destinations string
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations boolean - Enable destinations for allow-udp
- enable
Locations boolean - Enable locations for allow-udp
- locations string[]
- List of user locations allowed for UDP traffic
- destinations str
- Destination addresses or networks allowed for UDP traffic
- enable_
destinations bool - Enable destinations for allow-udp
- enable_
locations bool - Enable locations for allow-udp
- locations Sequence[str]
- List of user locations allowed for UDP traffic
- destinations String
- Destination addresses or networks allowed for UDP traffic
- enable
Destinations Boolean - Enable destinations for allow-udp
- enable
Locations Boolean - Enable locations for allow-udp
- locations List<String>
- List of user locations allowed for UDP traffic
ForwardingProfileTypePacFileForwardingRule, ForwardingProfileTypePacFileForwardingRuleArgs
- Name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- Destinations string
- Destination scope this forwarding rule applies to
- Enabled bool
- Enable a basic forwarding rule
- User
Locations string - User location scope this rule applies to
- Name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- Destinations string
- Destination scope this forwarding rule applies to
- Enabled bool
- Enable a basic forwarding rule
- User
Locations string - User location scope this rule applies to
- name String
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this forwarding rule (e.g. direct)
- destinations String
- Destination scope this forwarding rule applies to
- enabled Boolean
- Enable a basic forwarding rule
- user
Locations String - User location scope this rule applies to
- name string
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity string
- Connectivity method for this forwarding rule (e.g. direct)
- destinations string
- Destination scope this forwarding rule applies to
- enabled boolean
- Enable a basic forwarding rule
- user
Locations string - User location scope this rule applies to
- name str
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity str
- Connectivity method for this forwarding rule (e.g. direct)
- destinations str
- Destination scope this forwarding rule applies to
- enabled bool
- Enable a basic forwarding rule
- user_
locations str - User location scope this rule applies to
- name String
- Basic forwarding rule name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this forwarding rule (e.g. direct)
- destinations String
- Destination scope this forwarding rule applies to
- enabled Boolean
- Enable a basic forwarding rule
- user
Locations String - User location scope this rule applies to
ForwardingProfileTypeZtnaAgent, ForwardingProfileTypeZtnaAgentArgs
- Block
Rule ForwardingProfile Type Ztna Agent Block Rule - ZTNA block rule configuration
- Forwarding
Rules List<ForwardingProfile Type Ztna Agent Forwarding Rule> - List of ZTNA agent-based forwarding rules
- Pac
Upload bool - User uploaded PAC file for a ZTNA agent-based forwarding configuration
- Block
Rule ForwardingProfile Type Ztna Agent Block Rule - ZTNA block rule configuration
- Forwarding
Rules []ForwardingProfile Type Ztna Agent Forwarding Rule - List of ZTNA agent-based forwarding rules
- Pac
Upload bool - User uploaded PAC file for a ZTNA agent-based forwarding configuration
- block
Rule ForwardingProfile Type Ztna Agent Block Rule - ZTNA block rule configuration
- forwarding
Rules List<ForwardingProfile Type Ztna Agent Forwarding Rule> - List of ZTNA agent-based forwarding rules
- pac
Upload Boolean - User uploaded PAC file for a ZTNA agent-based forwarding configuration
- block
Rule ForwardingProfile Type Ztna Agent Block Rule - ZTNA block rule configuration
- forwarding
Rules ForwardingProfile Type Ztna Agent Forwarding Rule[] - List of ZTNA agent-based forwarding rules
- pac
Upload boolean - User uploaded PAC file for a ZTNA agent-based forwarding configuration
- block_
rule ForwardingProfile Type Ztna Agent Block Rule - ZTNA block rule configuration
- forwarding_
rules Sequence[ForwardingProfile Type Ztna Agent Forwarding Rule] - List of ZTNA agent-based forwarding rules
- pac_
upload bool - User uploaded PAC file for a ZTNA agent-based forwarding configuration
- block
Rule Property Map - ZTNA block rule configuration
- forwarding
Rules List<Property Map> - List of ZTNA agent-based forwarding rules
- pac
Upload Boolean - User uploaded PAC file for a ZTNA agent-based forwarding configuration
ForwardingProfileTypeZtnaAgentBlockRule, ForwardingProfileTypeZtnaAgentBlockRuleArgs
- Allow
Icmp boolFor Troubleshooting - Allow ICMP for troubleshooting
- Block
All boolOther Unmatched Outbound Connections - Block all other unmatched outbound connections
- Block
Inbound boolAccess When Connected To Tunnel - Block inbound access when connected to tunnel
- Block
Non boolTcp Non Udp Traffic When Connected To Tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- Block
Outbound boolLan Access When Connected To Tunnel - Block outbound LAN access when connected to tunnel
- Enforcer
Fqdn boolDns Resolution Via Dns Servers - Enforce FQDN DNS resolution via tunnel DNS servers
- Resolve
All boolFqdns Using Dns Servers Assigned By The Tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
- Allow
Icmp boolFor Troubleshooting - Allow ICMP for troubleshooting
- Block
All boolOther Unmatched Outbound Connections - Block all other unmatched outbound connections
- Block
Inbound boolAccess When Connected To Tunnel - Block inbound access when connected to tunnel
- Block
Non boolTcp Non Udp Traffic When Connected To Tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- Block
Outbound boolLan Access When Connected To Tunnel - Block outbound LAN access when connected to tunnel
- Enforcer
Fqdn boolDns Resolution Via Dns Servers - Enforce FQDN DNS resolution via tunnel DNS servers
- Resolve
All boolFqdns Using Dns Servers Assigned By The Tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
- allow
Icmp BooleanFor Troubleshooting - Allow ICMP for troubleshooting
- block
All BooleanOther Unmatched Outbound Connections - Block all other unmatched outbound connections
- block
Inbound BooleanAccess When Connected To Tunnel - Block inbound access when connected to tunnel
- block
Non BooleanTcp Non Udp Traffic When Connected To Tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- block
Outbound BooleanLan Access When Connected To Tunnel - Block outbound LAN access when connected to tunnel
- enforcer
Fqdn BooleanDns Resolution Via Dns Servers - Enforce FQDN DNS resolution via tunnel DNS servers
- resolve
All BooleanFqdns Using Dns Servers Assigned By The Tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
- allow
Icmp booleanFor Troubleshooting - Allow ICMP for troubleshooting
- block
All booleanOther Unmatched Outbound Connections - Block all other unmatched outbound connections
- block
Inbound booleanAccess When Connected To Tunnel - Block inbound access when connected to tunnel
- block
Non booleanTcp Non Udp Traffic When Connected To Tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- block
Outbound booleanLan Access When Connected To Tunnel - Block outbound LAN access when connected to tunnel
- enforcer
Fqdn booleanDns Resolution Via Dns Servers - Enforce FQDN DNS resolution via tunnel DNS servers
- resolve
All booleanFqdns Using Dns Servers Assigned By The Tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
- allow_
icmp_ boolfor_ troubleshooting - Allow ICMP for troubleshooting
- block_
all_ boolother_ unmatched_ outbound_ connections - Block all other unmatched outbound connections
- block_
inbound_ boolaccess_ when_ connected_ to_ tunnel - Block inbound access when connected to tunnel
- block_
non_ booltcp_ non_ udp_ traffic_ when_ connected_ to_ tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- block_
outbound_ boollan_ access_ when_ connected_ to_ tunnel - Block outbound LAN access when connected to tunnel
- enforcer_
fqdn_ booldns_ resolution_ via_ dns_ servers - Enforce FQDN DNS resolution via tunnel DNS servers
- resolve_
all_ boolfqdns_ using_ dns_ servers_ assigned_ by_ the_ tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
- allow
Icmp BooleanFor Troubleshooting - Allow ICMP for troubleshooting
- block
All BooleanOther Unmatched Outbound Connections - Block all other unmatched outbound connections
- block
Inbound BooleanAccess When Connected To Tunnel - Block inbound access when connected to tunnel
- block
Non BooleanTcp Non Udp Traffic When Connected To Tunnel - Block Non-TCP Non UDP based traffic when connected to tunnel
- block
Outbound BooleanLan Access When Connected To Tunnel - Block outbound LAN access when connected to tunnel
- enforcer
Fqdn BooleanDns Resolution Via Dns Servers - Enforce FQDN DNS resolution via tunnel DNS servers
- resolve
All BooleanFqdns Using Dns Servers Assigned By The Tunnel - Resolve All FQDNs using DNS servers assigned by the tunnel (Windows Only)
ForwardingProfileTypeZtnaAgentForwardingRule, ForwardingProfileTypeZtnaAgentForwardingRuleArgs
- Name string
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- Destinations string
- Destination scope this ZTNA forwarding rule applies to
- Enabled bool
- Enable a forwarding rule ztna
- Source
Applications string - Source applications this ZTNA rule applies to
- Traffic
Type string - Type of traffic this ZTNA rule applies to (dns, network, or both)
- User
Locations string - User location scope this ZTNA rule applies to
- Name string
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- Connectivity string
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- Destinations string
- Destination scope this ZTNA forwarding rule applies to
- Enabled bool
- Enable a forwarding rule ztna
- Source
Applications string - Source applications this ZTNA rule applies to
- Traffic
Type string - Type of traffic this ZTNA rule applies to (dns, network, or both)
- User
Locations string - User location scope this ZTNA rule applies to
- name String
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- destinations String
- Destination scope this ZTNA forwarding rule applies to
- enabled Boolean
- Enable a forwarding rule ztna
- source
Applications String - Source applications this ZTNA rule applies to
- traffic
Type String - Type of traffic this ZTNA rule applies to (dns, network, or both)
- user
Locations String - User location scope this ZTNA rule applies to
- name string
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity string
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- destinations string
- Destination scope this ZTNA forwarding rule applies to
- enabled boolean
- Enable a forwarding rule ztna
- source
Applications string - Source applications this ZTNA rule applies to
- traffic
Type string - Type of traffic this ZTNA rule applies to (dns, network, or both)
- user
Locations string - User location scope this ZTNA rule applies to
- name str
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity str
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- destinations str
- Destination scope this ZTNA forwarding rule applies to
- enabled bool
- Enable a forwarding rule ztna
- source_
applications str - Source applications this ZTNA rule applies to
- traffic_
type str - Type of traffic this ZTNA rule applies to (dns, network, or both)
- user_
locations str - User location scope this ZTNA rule applies to
- name String
- Forwarding rule ZTNA name as an alphanumeric string [ 0-9a-zA-Z._ -]
- connectivity String
- Connectivity method for this ZTNA forwarding rule (e.g. direct)
- destinations String
- Destination scope this ZTNA forwarding rule applies to
- enabled Boolean
- Enable a forwarding rule ztna
- source
Applications String - Source applications this ZTNA rule applies to
- traffic
Type String - Type of traffic this ZTNA rule applies to (dns, network, or both)
- user
Locations String - User location scope this ZTNA rule applies to
Import
The following command can be used to import a resource not managed by Terraform:
$ pulumi import scm:index/forwardingProfile:ForwardingProfile example folder:::id
or
$ pulumi import scm:index/forwardingProfile:ForwardingProfile example :snippet::id
or
$ pulumi import scm:index/forwardingProfile:ForwardingProfile example ::device:id
Note: Please provide just one of folder, snippet, or device for the import command.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- scm pulumi/pulumi-scm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scmTerraform Provider.
Viewing docs for Strata Cloud Manager v1.0.6
published on Saturday, Apr 25, 2026 by Pulumi
published on Saturday, Apr 25, 2026 by Pulumi
