Viewing docs for Cisco Catalyst SD-WAN v0.8.1
published on Tuesday, Apr 7, 2026 by Pulumi
published on Tuesday, Apr 7, 2026 by Pulumi
Viewing docs for Cisco Catalyst SD-WAN v0.8.1
published on Tuesday, Apr 7, 2026 by Pulumi
published on Tuesday, Apr 7, 2026 by Pulumi
This resource can manage a Embedded Security Policy.
- Minimum SD-WAN Manager version:
20.15.0
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sdwan from "@pulumi/sdwan";
const example = new sdwan.EmbeddedSecurityPolicy("example", {
name: "Example",
description: "My Example",
featureProfileId: "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac",
assemblies: [{
ngfwPolicyId: "df8c5043-7438-47e2-97b0-8304d3bf1a82",
entries: [{
sourceZone: "untrusted",
destinationZone: "untrusted",
}],
}],
tcpSynFloodLimit: "432",
maxIncompleteTcpLimit: "12345",
maxIncompleteUdpLimit: "12345",
maxIncompleteIcmpLimit: "12345",
auditTrail: "on",
unifiedLogging: "on",
sessionReclassifyAllow: "on",
icmpUnreachableAllow: "on",
failureMode: "close",
nat: true,
downloadUrlDatabaseOnDevice: false,
resourceProfile: "low",
});
import pulumi
import pulumi_sdwan as sdwan
example = sdwan.EmbeddedSecurityPolicy("example",
name="Example",
description="My Example",
feature_profile_id="f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac",
assemblies=[{
"ngfw_policy_id": "df8c5043-7438-47e2-97b0-8304d3bf1a82",
"entries": [{
"source_zone": "untrusted",
"destination_zone": "untrusted",
}],
}],
tcp_syn_flood_limit="432",
max_incomplete_tcp_limit="12345",
max_incomplete_udp_limit="12345",
max_incomplete_icmp_limit="12345",
audit_trail="on",
unified_logging="on",
session_reclassify_allow="on",
icmp_unreachable_allow="on",
failure_mode="close",
nat=True,
download_url_database_on_device=False,
resource_profile="low")
package main
import (
"github.com/pulumi/pulumi-sdwan/sdk/go/sdwan"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sdwan.NewEmbeddedSecurityPolicy(ctx, "example", &sdwan.EmbeddedSecurityPolicyArgs{
Name: pulumi.String("Example"),
Description: pulumi.String("My Example"),
FeatureProfileId: pulumi.String("f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"),
Assemblies: sdwan.EmbeddedSecurityPolicyAssemblyArray{
&sdwan.EmbeddedSecurityPolicyAssemblyArgs{
NgfwPolicyId: pulumi.String("df8c5043-7438-47e2-97b0-8304d3bf1a82"),
Entries: sdwan.EmbeddedSecurityPolicyAssemblyEntryArray{
&sdwan.EmbeddedSecurityPolicyAssemblyEntryArgs{
SourceZone: pulumi.String("untrusted"),
DestinationZone: pulumi.String("untrusted"),
},
},
},
},
TcpSynFloodLimit: pulumi.String("432"),
MaxIncompleteTcpLimit: pulumi.String("12345"),
MaxIncompleteUdpLimit: pulumi.String("12345"),
MaxIncompleteIcmpLimit: pulumi.String("12345"),
AuditTrail: pulumi.String("on"),
UnifiedLogging: pulumi.String("on"),
SessionReclassifyAllow: pulumi.String("on"),
IcmpUnreachableAllow: pulumi.String("on"),
FailureMode: pulumi.String("close"),
Nat: pulumi.Bool(true),
DownloadUrlDatabaseOnDevice: pulumi.Bool(false),
ResourceProfile: pulumi.String("low"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sdwan = Pulumi.Sdwan;
return await Deployment.RunAsync(() =>
{
var example = new Sdwan.EmbeddedSecurityPolicy("example", new()
{
Name = "Example",
Description = "My Example",
FeatureProfileId = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac",
Assemblies = new[]
{
new Sdwan.Inputs.EmbeddedSecurityPolicyAssemblyArgs
{
NgfwPolicyId = "df8c5043-7438-47e2-97b0-8304d3bf1a82",
Entries = new[]
{
new Sdwan.Inputs.EmbeddedSecurityPolicyAssemblyEntryArgs
{
SourceZone = "untrusted",
DestinationZone = "untrusted",
},
},
},
},
TcpSynFloodLimit = "432",
MaxIncompleteTcpLimit = "12345",
MaxIncompleteUdpLimit = "12345",
MaxIncompleteIcmpLimit = "12345",
AuditTrail = "on",
UnifiedLogging = "on",
SessionReclassifyAllow = "on",
IcmpUnreachableAllow = "on",
FailureMode = "close",
Nat = true,
DownloadUrlDatabaseOnDevice = false,
ResourceProfile = "low",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sdwan.EmbeddedSecurityPolicy;
import com.pulumi.sdwan.EmbeddedSecurityPolicyArgs;
import com.pulumi.sdwan.inputs.EmbeddedSecurityPolicyAssemblyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new EmbeddedSecurityPolicy("example", EmbeddedSecurityPolicyArgs.builder()
.name("Example")
.description("My Example")
.featureProfileId("f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac")
.assemblies(EmbeddedSecurityPolicyAssemblyArgs.builder()
.ngfwPolicyId("df8c5043-7438-47e2-97b0-8304d3bf1a82")
.entries(EmbeddedSecurityPolicyAssemblyEntryArgs.builder()
.sourceZone("untrusted")
.destinationZone("untrusted")
.build())
.build())
.tcpSynFloodLimit("432")
.maxIncompleteTcpLimit("12345")
.maxIncompleteUdpLimit("12345")
.maxIncompleteIcmpLimit("12345")
.auditTrail("on")
.unifiedLogging("on")
.sessionReclassifyAllow("on")
.icmpUnreachableAllow("on")
.failureMode("close")
.nat(true)
.downloadUrlDatabaseOnDevice(false)
.resourceProfile("low")
.build());
}
}
resources:
example:
type: sdwan:EmbeddedSecurityPolicy
properties:
name: Example
description: My Example
featureProfileId: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
assemblies:
- ngfwPolicyId: df8c5043-7438-47e2-97b0-8304d3bf1a82
entries:
- sourceZone: untrusted
destinationZone: untrusted
tcpSynFloodLimit: '432'
maxIncompleteTcpLimit: '12345'
maxIncompleteUdpLimit: '12345'
maxIncompleteIcmpLimit: '12345'
auditTrail: on
unifiedLogging: on
sessionReclassifyAllow: on
icmpUnreachableAllow: on
failureMode: close
nat: true
downloadUrlDatabaseOnDevice: false
resourceProfile: low
Create EmbeddedSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EmbeddedSecurityPolicy(name: string, args: EmbeddedSecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def EmbeddedSecurityPolicy(resource_name: str,
args: EmbeddedSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EmbeddedSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
feature_profile_id: Optional[str] = None,
max_incomplete_icmp_limit: Optional[str] = None,
name: Optional[str] = None,
download_url_database_on_device: Optional[bool] = None,
download_url_database_on_device_variable: Optional[str] = None,
failure_mode: Optional[str] = None,
audit_trail: Optional[str] = None,
icmp_unreachable_allow: Optional[str] = None,
assemblies: Optional[Sequence[EmbeddedSecurityPolicyAssemblyArgs]] = None,
description: Optional[str] = None,
max_incomplete_tcp_limit: Optional[str] = None,
max_incomplete_udp_limit: Optional[str] = None,
nat: Optional[bool] = None,
nat_variable: Optional[str] = None,
resource_profile: Optional[str] = None,
resource_profile_variable: Optional[str] = None,
session_reclassify_allow: Optional[str] = None,
tcp_syn_flood_limit: Optional[str] = None,
unified_logging: Optional[str] = None)func NewEmbeddedSecurityPolicy(ctx *Context, name string, args EmbeddedSecurityPolicyArgs, opts ...ResourceOption) (*EmbeddedSecurityPolicy, error)public EmbeddedSecurityPolicy(string name, EmbeddedSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public EmbeddedSecurityPolicy(String name, EmbeddedSecurityPolicyArgs args)
public EmbeddedSecurityPolicy(String name, EmbeddedSecurityPolicyArgs args, CustomResourceOptions options)
type: sdwan:EmbeddedSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EmbeddedSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EmbeddedSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EmbeddedSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EmbeddedSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EmbeddedSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var embeddedSecurityPolicyResource = new Sdwan.Index.EmbeddedSecurityPolicy("embeddedSecurityPolicyResource", new()
{
FeatureProfileId = "string",
MaxIncompleteIcmpLimit = "string",
Name = "string",
DownloadUrlDatabaseOnDevice = false,
DownloadUrlDatabaseOnDeviceVariable = "string",
FailureMode = "string",
AuditTrail = "string",
IcmpUnreachableAllow = "string",
Assemblies = new[]
{
new Sdwan.Inputs.EmbeddedSecurityPolicyAssemblyArgs
{
AdvancedInspectionProfilePolicyId = "string",
Entries = new[]
{
new Sdwan.Inputs.EmbeddedSecurityPolicyAssemblyEntryArgs
{
DestinationZone = "string",
DestinationZoneListId = "string",
SourceZone = "string",
SourceZoneListId = "string",
},
},
NgfwPolicyId = "string",
SslDecryptionProfileId = "string",
},
},
Description = "string",
MaxIncompleteTcpLimit = "string",
MaxIncompleteUdpLimit = "string",
Nat = false,
NatVariable = "string",
ResourceProfile = "string",
ResourceProfileVariable = "string",
SessionReclassifyAllow = "string",
TcpSynFloodLimit = "string",
UnifiedLogging = "string",
});
example, err := sdwan.NewEmbeddedSecurityPolicy(ctx, "embeddedSecurityPolicyResource", &sdwan.EmbeddedSecurityPolicyArgs{
FeatureProfileId: pulumi.String("string"),
MaxIncompleteIcmpLimit: pulumi.String("string"),
Name: pulumi.String("string"),
DownloadUrlDatabaseOnDevice: pulumi.Bool(false),
DownloadUrlDatabaseOnDeviceVariable: pulumi.String("string"),
FailureMode: pulumi.String("string"),
AuditTrail: pulumi.String("string"),
IcmpUnreachableAllow: pulumi.String("string"),
Assemblies: sdwan.EmbeddedSecurityPolicyAssemblyArray{
&sdwan.EmbeddedSecurityPolicyAssemblyArgs{
AdvancedInspectionProfilePolicyId: pulumi.String("string"),
Entries: sdwan.EmbeddedSecurityPolicyAssemblyEntryArray{
&sdwan.EmbeddedSecurityPolicyAssemblyEntryArgs{
DestinationZone: pulumi.String("string"),
DestinationZoneListId: pulumi.String("string"),
SourceZone: pulumi.String("string"),
SourceZoneListId: pulumi.String("string"),
},
},
NgfwPolicyId: pulumi.String("string"),
SslDecryptionProfileId: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MaxIncompleteTcpLimit: pulumi.String("string"),
MaxIncompleteUdpLimit: pulumi.String("string"),
Nat: pulumi.Bool(false),
NatVariable: pulumi.String("string"),
ResourceProfile: pulumi.String("string"),
ResourceProfileVariable: pulumi.String("string"),
SessionReclassifyAllow: pulumi.String("string"),
TcpSynFloodLimit: pulumi.String("string"),
UnifiedLogging: pulumi.String("string"),
})
var embeddedSecurityPolicyResource = new EmbeddedSecurityPolicy("embeddedSecurityPolicyResource", EmbeddedSecurityPolicyArgs.builder()
.featureProfileId("string")
.maxIncompleteIcmpLimit("string")
.name("string")
.downloadUrlDatabaseOnDevice(false)
.downloadUrlDatabaseOnDeviceVariable("string")
.failureMode("string")
.auditTrail("string")
.icmpUnreachableAllow("string")
.assemblies(EmbeddedSecurityPolicyAssemblyArgs.builder()
.advancedInspectionProfilePolicyId("string")
.entries(EmbeddedSecurityPolicyAssemblyEntryArgs.builder()
.destinationZone("string")
.destinationZoneListId("string")
.sourceZone("string")
.sourceZoneListId("string")
.build())
.ngfwPolicyId("string")
.sslDecryptionProfileId("string")
.build())
.description("string")
.maxIncompleteTcpLimit("string")
.maxIncompleteUdpLimit("string")
.nat(false)
.natVariable("string")
.resourceProfile("string")
.resourceProfileVariable("string")
.sessionReclassifyAllow("string")
.tcpSynFloodLimit("string")
.unifiedLogging("string")
.build());
embedded_security_policy_resource = sdwan.EmbeddedSecurityPolicy("embeddedSecurityPolicyResource",
feature_profile_id="string",
max_incomplete_icmp_limit="string",
name="string",
download_url_database_on_device=False,
download_url_database_on_device_variable="string",
failure_mode="string",
audit_trail="string",
icmp_unreachable_allow="string",
assemblies=[{
"advanced_inspection_profile_policy_id": "string",
"entries": [{
"destination_zone": "string",
"destination_zone_list_id": "string",
"source_zone": "string",
"source_zone_list_id": "string",
}],
"ngfw_policy_id": "string",
"ssl_decryption_profile_id": "string",
}],
description="string",
max_incomplete_tcp_limit="string",
max_incomplete_udp_limit="string",
nat=False,
nat_variable="string",
resource_profile="string",
resource_profile_variable="string",
session_reclassify_allow="string",
tcp_syn_flood_limit="string",
unified_logging="string")
const embeddedSecurityPolicyResource = new sdwan.EmbeddedSecurityPolicy("embeddedSecurityPolicyResource", {
featureProfileId: "string",
maxIncompleteIcmpLimit: "string",
name: "string",
downloadUrlDatabaseOnDevice: false,
downloadUrlDatabaseOnDeviceVariable: "string",
failureMode: "string",
auditTrail: "string",
icmpUnreachableAllow: "string",
assemblies: [{
advancedInspectionProfilePolicyId: "string",
entries: [{
destinationZone: "string",
destinationZoneListId: "string",
sourceZone: "string",
sourceZoneListId: "string",
}],
ngfwPolicyId: "string",
sslDecryptionProfileId: "string",
}],
description: "string",
maxIncompleteTcpLimit: "string",
maxIncompleteUdpLimit: "string",
nat: false,
natVariable: "string",
resourceProfile: "string",
resourceProfileVariable: "string",
sessionReclassifyAllow: "string",
tcpSynFloodLimit: "string",
unifiedLogging: "string",
});
type: sdwan:EmbeddedSecurityPolicy
properties:
assemblies:
- advancedInspectionProfilePolicyId: string
entries:
- destinationZone: string
destinationZoneListId: string
sourceZone: string
sourceZoneListId: string
ngfwPolicyId: string
sslDecryptionProfileId: string
auditTrail: string
description: string
downloadUrlDatabaseOnDevice: false
downloadUrlDatabaseOnDeviceVariable: string
failureMode: string
featureProfileId: string
icmpUnreachableAllow: string
maxIncompleteIcmpLimit: string
maxIncompleteTcpLimit: string
maxIncompleteUdpLimit: string
name: string
nat: false
natVariable: string
resourceProfile: string
resourceProfileVariable: string
sessionReclassifyAllow: string
tcpSynFloodLimit: string
unifiedLogging: string
EmbeddedSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EmbeddedSecurityPolicy resource accepts the following input properties:
- Feature
Profile stringId - Feature Profile ID
- Assemblies
List<Embedded
Security Policy Assembly> - Audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Description string
- The description of the Policy
- Download
Url boolDatabase On Device - Download
Url stringDatabase On Device Variable - Variable name
- Failure
Mode string - Choices:
close,open
- Choices:
- Icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Max
Incomplete stringIcmp Limit - Max
Incomplete stringTcp Limit - Max
Incomplete stringUdp Limit - Name string
- The name of the Policy
- Nat bool
- Nat
Variable string - Variable name
- Resource
Profile string - Choices:
low,medium,high
- Choices:
- Resource
Profile stringVariable - Variable name
- Session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Tcp
Syn stringFlood Limit - Unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Feature
Profile stringId - Feature Profile ID
- Assemblies
[]Embedded
Security Policy Assembly Args - Audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Description string
- The description of the Policy
- Download
Url boolDatabase On Device - Download
Url stringDatabase On Device Variable - Variable name
- Failure
Mode string - Choices:
close,open
- Choices:
- Icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Max
Incomplete stringIcmp Limit - Max
Incomplete stringTcp Limit - Max
Incomplete stringUdp Limit - Name string
- The name of the Policy
- Nat bool
- Nat
Variable string - Variable name
- Resource
Profile string - Choices:
low,medium,high
- Choices:
- Resource
Profile stringVariable - Variable name
- Session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Tcp
Syn stringFlood Limit - Unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- feature
Profile StringId - Feature Profile ID
- assemblies
List<Embedded
Security Policy Assembly> - audit
Trail String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description String
- The description of the Policy
- download
Url BooleanDatabase On Device - download
Url StringDatabase On Device Variable - Variable name
- failure
Mode String - Choices:
close,open
- Choices:
- icmp
Unreachable StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete StringIcmp Limit - max
Incomplete StringTcp Limit - max
Incomplete StringUdp Limit - name String
- The name of the Policy
- nat Boolean
- nat
Variable String - Variable name
- resource
Profile String - Choices:
low,medium,high
- Choices:
- resource
Profile StringVariable - Variable name
- session
Reclassify StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn StringFlood Limit - unified
Logging String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- feature
Profile stringId - Feature Profile ID
- assemblies
Embedded
Security Policy Assembly[] - audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description string
- The description of the Policy
- download
Url booleanDatabase On Device - download
Url stringDatabase On Device Variable - Variable name
- failure
Mode string - Choices:
close,open
- Choices:
- icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete stringIcmp Limit - max
Incomplete stringTcp Limit - max
Incomplete stringUdp Limit - name string
- The name of the Policy
- nat boolean
- nat
Variable string - Variable name
- resource
Profile string - Choices:
low,medium,high
- Choices:
- resource
Profile stringVariable - Variable name
- session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn stringFlood Limit - unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- feature_
profile_ strid - Feature Profile ID
- assemblies
Sequence[Embedded
Security Policy Assembly Args] - audit_
trail str - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description str
- The description of the Policy
- download_
url_ booldatabase_ on_ device - download_
url_ strdatabase_ on_ device_ variable - Variable name
- failure_
mode str - Choices:
close,open
- Choices:
- icmp_
unreachable_ strallow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max_
incomplete_ stricmp_ limit - max_
incomplete_ strtcp_ limit - max_
incomplete_ strudp_ limit - name str
- The name of the Policy
- nat bool
- nat_
variable str - Variable name
- resource_
profile str - Choices:
low,medium,high
- Choices:
- resource_
profile_ strvariable - Variable name
- session_
reclassify_ strallow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp_
syn_ strflood_ limit - unified_
logging str - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- feature
Profile StringId - Feature Profile ID
- assemblies List<Property Map>
- audit
Trail String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description String
- The description of the Policy
- download
Url BooleanDatabase On Device - download
Url StringDatabase On Device Variable - Variable name
- failure
Mode String - Choices:
close,open
- Choices:
- icmp
Unreachable StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete StringIcmp Limit - max
Incomplete StringTcp Limit - max
Incomplete StringUdp Limit - name String
- The name of the Policy
- nat Boolean
- nat
Variable String - Variable name
- resource
Profile String - Choices:
low,medium,high
- Choices:
- resource
Profile StringVariable - Variable name
- session
Reclassify StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn StringFlood Limit - unified
Logging String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
Outputs
All input properties are implicitly available as output properties. Additionally, the EmbeddedSecurityPolicy resource produces the following output properties:
Look up Existing EmbeddedSecurityPolicy Resource
Get an existing EmbeddedSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EmbeddedSecurityPolicyState, opts?: CustomResourceOptions): EmbeddedSecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assemblies: Optional[Sequence[EmbeddedSecurityPolicyAssemblyArgs]] = None,
audit_trail: Optional[str] = None,
description: Optional[str] = None,
download_url_database_on_device: Optional[bool] = None,
download_url_database_on_device_variable: Optional[str] = None,
failure_mode: Optional[str] = None,
feature_profile_id: Optional[str] = None,
icmp_unreachable_allow: Optional[str] = None,
max_incomplete_icmp_limit: Optional[str] = None,
max_incomplete_tcp_limit: Optional[str] = None,
max_incomplete_udp_limit: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[bool] = None,
nat_variable: Optional[str] = None,
resource_profile: Optional[str] = None,
resource_profile_variable: Optional[str] = None,
session_reclassify_allow: Optional[str] = None,
tcp_syn_flood_limit: Optional[str] = None,
unified_logging: Optional[str] = None,
version: Optional[int] = None) -> EmbeddedSecurityPolicyfunc GetEmbeddedSecurityPolicy(ctx *Context, name string, id IDInput, state *EmbeddedSecurityPolicyState, opts ...ResourceOption) (*EmbeddedSecurityPolicy, error)public static EmbeddedSecurityPolicy Get(string name, Input<string> id, EmbeddedSecurityPolicyState? state, CustomResourceOptions? opts = null)public static EmbeddedSecurityPolicy get(String name, Output<String> id, EmbeddedSecurityPolicyState state, CustomResourceOptions options)resources: _: type: sdwan:EmbeddedSecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Assemblies
List<Embedded
Security Policy Assembly> - Audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Description string
- The description of the Policy
- Download
Url boolDatabase On Device - Download
Url stringDatabase On Device Variable - Variable name
- Failure
Mode string - Choices:
close,open
- Choices:
- Feature
Profile stringId - Feature Profile ID
- Icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Max
Incomplete stringIcmp Limit - Max
Incomplete stringTcp Limit - Max
Incomplete stringUdp Limit - Name string
- The name of the Policy
- Nat bool
- Nat
Variable string - Variable name
- Resource
Profile string - Choices:
low,medium,high
- Choices:
- Resource
Profile stringVariable - Variable name
- Session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Tcp
Syn stringFlood Limit - Unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Version int
- The version of the Policy
- Assemblies
[]Embedded
Security Policy Assembly Args - Audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Description string
- The description of the Policy
- Download
Url boolDatabase On Device - Download
Url stringDatabase On Device Variable - Variable name
- Failure
Mode string - Choices:
close,open
- Choices:
- Feature
Profile stringId - Feature Profile ID
- Icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Max
Incomplete stringIcmp Limit - Max
Incomplete stringTcp Limit - Max
Incomplete stringUdp Limit - Name string
- The name of the Policy
- Nat bool
- Nat
Variable string - Variable name
- Resource
Profile string - Choices:
low,medium,high
- Choices:
- Resource
Profile stringVariable - Variable name
- Session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Tcp
Syn stringFlood Limit - Unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- Version int
- The version of the Policy
- assemblies
List<Embedded
Security Policy Assembly> - audit
Trail String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description String
- The description of the Policy
- download
Url BooleanDatabase On Device - download
Url StringDatabase On Device Variable - Variable name
- failure
Mode String - Choices:
close,open
- Choices:
- feature
Profile StringId - Feature Profile ID
- icmp
Unreachable StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete StringIcmp Limit - max
Incomplete StringTcp Limit - max
Incomplete StringUdp Limit - name String
- The name of the Policy
- nat Boolean
- nat
Variable String - Variable name
- resource
Profile String - Choices:
low,medium,high
- Choices:
- resource
Profile StringVariable - Variable name
- session
Reclassify StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn StringFlood Limit - unified
Logging String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- version Integer
- The version of the Policy
- assemblies
Embedded
Security Policy Assembly[] - audit
Trail string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description string
- The description of the Policy
- download
Url booleanDatabase On Device - download
Url stringDatabase On Device Variable - Variable name
- failure
Mode string - Choices:
close,open
- Choices:
- feature
Profile stringId - Feature Profile ID
- icmp
Unreachable stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete stringIcmp Limit - max
Incomplete stringTcp Limit - max
Incomplete stringUdp Limit - name string
- The name of the Policy
- nat boolean
- nat
Variable string - Variable name
- resource
Profile string - Choices:
low,medium,high
- Choices:
- resource
Profile stringVariable - Variable name
- session
Reclassify stringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn stringFlood Limit - unified
Logging string - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- version number
- The version of the Policy
- assemblies
Sequence[Embedded
Security Policy Assembly Args] - audit_
trail str - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description str
- The description of the Policy
- download_
url_ booldatabase_ on_ device - download_
url_ strdatabase_ on_ device_ variable - Variable name
- failure_
mode str - Choices:
close,open
- Choices:
- feature_
profile_ strid - Feature Profile ID
- icmp_
unreachable_ strallow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max_
incomplete_ stricmp_ limit - max_
incomplete_ strtcp_ limit - max_
incomplete_ strudp_ limit - name str
- The name of the Policy
- nat bool
- nat_
variable str - Variable name
- resource_
profile str - Choices:
low,medium,high
- Choices:
- resource_
profile_ strvariable - Variable name
- session_
reclassify_ strallow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp_
syn_ strflood_ limit - unified_
logging str - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- version int
- The version of the Policy
- assemblies List<Property Map>
- audit
Trail String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- description String
- The description of the Policy
- download
Url BooleanDatabase On Device - download
Url StringDatabase On Device Variable - Variable name
- failure
Mode String - Choices:
close,open
- Choices:
- feature
Profile StringId - Feature Profile ID
- icmp
Unreachable StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- max
Incomplete StringIcmp Limit - max
Incomplete StringTcp Limit - max
Incomplete StringUdp Limit - name String
- The name of the Policy
- nat Boolean
- nat
Variable String - Variable name
- resource
Profile String - Choices:
low,medium,high
- Choices:
- resource
Profile StringVariable - Variable name
- session
Reclassify StringAllow - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- tcp
Syn StringFlood Limit - unified
Logging String - Setting can be string 'on' or missing for off
- Choices:
on
- Choices:
- version Number
- The version of the Policy
Supporting Types
EmbeddedSecurityPolicyAssembly, EmbeddedSecurityPolicyAssemblyArgs
EmbeddedSecurityPolicyAssemblyEntry, EmbeddedSecurityPolicyAssemblyEntryArgs
- Destination
Zone string - Choices:
self,default,untrusted
- Choices:
- Destination
Zone stringList Id - Source
Zone string - Choices:
self,default,untrusted
- Choices:
- Source
Zone stringList Id
- Destination
Zone string - Choices:
self,default,untrusted
- Choices:
- Destination
Zone stringList Id - Source
Zone string - Choices:
self,default,untrusted
- Choices:
- Source
Zone stringList Id
- destination
Zone String - Choices:
self,default,untrusted
- Choices:
- destination
Zone StringList Id - source
Zone String - Choices:
self,default,untrusted
- Choices:
- source
Zone StringList Id
- destination
Zone string - Choices:
self,default,untrusted
- Choices:
- destination
Zone stringList Id - source
Zone string - Choices:
self,default,untrusted
- Choices:
- source
Zone stringList Id
- destination_
zone str - Choices:
self,default,untrusted
- Choices:
- destination_
zone_ strlist_ id - source_
zone str - Choices:
self,default,untrusted
- Choices:
- source_
zone_ strlist_ id
- destination
Zone String - Choices:
self,default,untrusted
- Choices:
- destination
Zone StringList Id - source
Zone String - Choices:
self,default,untrusted
- Choices:
- source
Zone StringList Id
Import
The pulumi import command can be used, for example:
Expected import identifier with the format: “embedded_security_policy_id,feature_profile_id”
$ pulumi import sdwan:index/embeddedSecurityPolicy:EmbeddedSecurityPolicy example "f6b2c44c-693c-4763-b010-895aa3d236bd,f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sdwan pulumi/pulumi-sdwan
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdwanTerraform Provider.
Viewing docs for Cisco Catalyst SD-WAN v0.8.1
published on Tuesday, Apr 7, 2026 by Pulumi
published on Tuesday, Apr 7, 2026 by Pulumi
