Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
The unifi.firewall.ZonePolicy resource manages firewall policies between zones in the UniFi controller. This resource allows you to create, update, and delete policies that define allowed or blocked traffic between zones.
!> This is experimental feature, that requires UniFi OS 9.0.0 or later and Zone Based Firewall feature enabled. Check official documentation how to migate to Zone-Based firewalls.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as unifi from "@pulumiverse/unifi";
const network = new unifi.Network("network", {
name: "my-network",
purpose: "corporate",
subnet: "10.0.10.0/24",
vlanId: 400,
});
const src = new unifi.firewall.Zone("src", {
name: "my-source-zone",
networks: [network.id],
});
const dst = new unifi.firewall.Zone("dst", {name: "my-destination-zone"});
// Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
const policy = new unifi.firewall.ZonePolicy("policy", {
name: "my-zone-policy",
action: "ALLOW",
protocol: "tcp_udp",
source: {
zoneId: src.id,
ips: ["192.168.1.1"],
port: 443,
matchOppositeIps: true,
matchOppositePorts: true,
},
destination: {
zoneId: dst.id,
},
schedule: {
mode: "EVERY_DAY",
timeAllDay: false,
timeFrom: "08:00",
timeTo: "17:00",
},
});
const web_ports = new unifi.firewall.Group("web-ports", {
name: "web-apps",
type: "port-group",
members: [
"80",
"443",
],
});
// Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
const policy2 = new unifi.firewall.ZonePolicy("policy2", {
name: "my-policy-2",
action: "BLOCK",
protocol: "tcp_udp",
source: {
zoneId: src.id,
},
destination: {
zoneId: dst.id,
portGroupId: web_ports.id,
},
});
import pulumi
import pulumiverse_unifi as unifi
network = unifi.Network("network",
name="my-network",
purpose="corporate",
subnet="10.0.10.0/24",
vlan_id=400)
src = unifi.firewall.Zone("src",
name="my-source-zone",
networks=[network.id])
dst = unifi.firewall.Zone("dst", name="my-destination-zone")
# Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
policy = unifi.firewall.ZonePolicy("policy",
name="my-zone-policy",
action="ALLOW",
protocol="tcp_udp",
source={
"zone_id": src.id,
"ips": ["192.168.1.1"],
"port": 443,
"match_opposite_ips": True,
"match_opposite_ports": True,
},
destination={
"zone_id": dst.id,
},
schedule={
"mode": "EVERY_DAY",
"time_all_day": False,
"time_from": "08:00",
"time_to": "17:00",
})
web_ports = unifi.firewall.Group("web-ports",
name="web-apps",
type="port-group",
members=[
"80",
"443",
])
# Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
policy2 = unifi.firewall.ZonePolicy("policy2",
name="my-policy-2",
action="BLOCK",
protocol="tcp_udp",
source={
"zone_id": src.id,
},
destination={
"zone_id": dst.id,
"port_group_id": web_ports.id,
})
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi"
"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := unifi.NewNetwork(ctx, "network", &unifi.NetworkArgs{
Name: pulumi.String("my-network"),
Purpose: pulumi.String("corporate"),
Subnet: pulumi.String("10.0.10.0/24"),
VlanId: pulumi.Int(400),
})
if err != nil {
return err
}
src, err := firewall.NewZone(ctx, "src", &firewall.ZoneArgs{
Name: pulumi.String("my-source-zone"),
Networks: pulumi.StringArray{
network.ID(),
},
})
if err != nil {
return err
}
dst, err := firewall.NewZone(ctx, "dst", &firewall.ZoneArgs{
Name: pulumi.String("my-destination-zone"),
})
if err != nil {
return err
}
// Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
_, err = firewall.NewZonePolicy(ctx, "policy", &firewall.ZonePolicyArgs{
Name: pulumi.String("my-zone-policy"),
Action: pulumi.String("ALLOW"),
Protocol: pulumi.String("tcp_udp"),
Source: &firewall.ZonePolicySourceArgs{
ZoneId: src.ID(),
Ips: pulumi.StringArray{
pulumi.String("192.168.1.1"),
},
Port: pulumi.Int(443),
MatchOppositeIps: pulumi.Bool(true),
MatchOppositePorts: pulumi.Bool(true),
},
Destination: &firewall.ZonePolicyDestinationArgs{
ZoneId: dst.ID(),
},
Schedule: &firewall.ZonePolicyScheduleArgs{
Mode: pulumi.String("EVERY_DAY"),
TimeAllDay: pulumi.Bool(false),
TimeFrom: pulumi.String("08:00"),
TimeTo: pulumi.String("17:00"),
},
})
if err != nil {
return err
}
web_ports, err := firewall.NewGroup(ctx, "web-ports", &firewall.GroupArgs{
Name: pulumi.String("web-apps"),
Type: pulumi.String("port-group"),
Members: pulumi.StringArray{
pulumi.String("80"),
pulumi.String("443"),
},
})
if err != nil {
return err
}
// Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
_, err = firewall.NewZonePolicy(ctx, "policy2", &firewall.ZonePolicyArgs{
Name: pulumi.String("my-policy-2"),
Action: pulumi.String("BLOCK"),
Protocol: pulumi.String("tcp_udp"),
Source: &firewall.ZonePolicySourceArgs{
ZoneId: src.ID(),
},
Destination: &firewall.ZonePolicyDestinationArgs{
ZoneId: dst.ID(),
PortGroupId: web_ports.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Unifi = Pulumiverse.Unifi;
return await Deployment.RunAsync(() =>
{
var network = new Unifi.Network("network", new()
{
Name = "my-network",
Purpose = "corporate",
Subnet = "10.0.10.0/24",
VlanId = 400,
});
var src = new Unifi.Firewall.Zone("src", new()
{
Name = "my-source-zone",
Networks = new[]
{
network.Id,
},
});
var dst = new Unifi.Firewall.Zone("dst", new()
{
Name = "my-destination-zone",
});
// Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
var policy = new Unifi.Firewall.ZonePolicy("policy", new()
{
Name = "my-zone-policy",
Action = "ALLOW",
Protocol = "tcp_udp",
Source = new Unifi.Firewall.Inputs.ZonePolicySourceArgs
{
ZoneId = src.Id,
Ips = new[]
{
"192.168.1.1",
},
Port = 443,
MatchOppositeIps = true,
MatchOppositePorts = true,
},
Destination = new Unifi.Firewall.Inputs.ZonePolicyDestinationArgs
{
ZoneId = dst.Id,
},
Schedule = new Unifi.Firewall.Inputs.ZonePolicyScheduleArgs
{
Mode = "EVERY_DAY",
TimeAllDay = false,
TimeFrom = "08:00",
TimeTo = "17:00",
},
});
var web_ports = new Unifi.Firewall.Group("web-ports", new()
{
Name = "web-apps",
Type = "port-group",
Members = new[]
{
"80",
"443",
},
});
// Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
var policy2 = new Unifi.Firewall.ZonePolicy("policy2", new()
{
Name = "my-policy-2",
Action = "BLOCK",
Protocol = "tcp_udp",
Source = new Unifi.Firewall.Inputs.ZonePolicySourceArgs
{
ZoneId = src.Id,
},
Destination = new Unifi.Firewall.Inputs.ZonePolicyDestinationArgs
{
ZoneId = dst.Id,
PortGroupId = web_ports.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumiverse.unifi.Network;
import com.pulumiverse.unifi.NetworkArgs;
import com.pulumiverse.unifi.firewall.Zone;
import com.pulumiverse.unifi.firewall.ZoneArgs;
import com.pulumiverse.unifi.firewall.ZonePolicy;
import com.pulumiverse.unifi.firewall.ZonePolicyArgs;
import com.pulumi.unifi.firewall.inputs.ZonePolicySourceArgs;
import com.pulumi.unifi.firewall.inputs.ZonePolicyDestinationArgs;
import com.pulumi.unifi.firewall.inputs.ZonePolicyScheduleArgs;
import com.pulumiverse.unifi.firewall.Group;
import com.pulumiverse.unifi.firewall.GroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.name("my-network")
.purpose("corporate")
.subnet("10.0.10.0/24")
.vlanId(400)
.build());
var src = new Zone("src", ZoneArgs.builder()
.name("my-source-zone")
.networks(network.id())
.build());
var dst = new Zone("dst", ZoneArgs.builder()
.name("my-destination-zone")
.build());
// Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
var policy = new ZonePolicy("policy", ZonePolicyArgs.builder()
.name("my-zone-policy")
.action("ALLOW")
.protocol("tcp_udp")
.source(ZonePolicySourceArgs.builder()
.zoneId(src.id())
.ips("192.168.1.1")
.port(443)
.matchOppositeIps(true)
.matchOppositePorts(true)
.build())
.destination(ZonePolicyDestinationArgs.builder()
.zoneId(dst.id())
.build())
.schedule(ZonePolicyScheduleArgs.builder()
.mode("EVERY_DAY")
.timeAllDay(false)
.timeFrom("08:00")
.timeTo("17:00")
.build())
.build());
var web_ports = new Group("web-ports", GroupArgs.builder()
.name("web-apps")
.type("port-group")
.members(
"80",
"443")
.build());
// Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
var policy2 = new ZonePolicy("policy2", ZonePolicyArgs.builder()
.name("my-policy-2")
.action("BLOCK")
.protocol("tcp_udp")
.source(ZonePolicySourceArgs.builder()
.zoneId(src.id())
.build())
.destination(ZonePolicyDestinationArgs.builder()
.zoneId(dst.id())
.portGroupId(web_ports.id())
.build())
.build());
}
}
resources:
network:
type: unifi:Network
properties:
name: my-network
purpose: corporate
subnet: 10.0.10.0/24
vlanId: '400'
src:
type: unifi:firewall:Zone
properties:
name: my-source-zone
networks:
- ${network.id}
dst:
type: unifi:firewall:Zone
properties:
name: my-destination-zone
# Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
policy:
type: unifi:firewall:ZonePolicy
properties:
name: my-zone-policy
action: ALLOW
protocol: tcp_udp
source:
zoneId: ${src.id}
ips:
- 192.168.1.1
port: '443'
matchOppositeIps: true
matchOppositePorts: true
destination:
zoneId: ${dst.id}
schedule:
mode: EVERY_DAY
timeAllDay: false
timeFrom: 08:00
timeTo: 17:00
web-ports:
type: unifi:firewall:Group
properties:
name: web-apps
type: port-group
members:
- '80'
- '443'
# Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
policy2:
type: unifi:firewall:ZonePolicy
properties:
name: my-policy-2
action: BLOCK
protocol: tcp_udp
source:
zoneId: ${src.id}
destination:
zoneId: ${dst.id}
portGroupId: ${["web-ports"].id}
Create ZonePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZonePolicy(name: string, args: ZonePolicyArgs, opts?: CustomResourceOptions);@overload
def ZonePolicy(resource_name: str,
args: ZonePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZonePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
destination: Optional[ZonePolicyDestinationArgs] = None,
source: Optional[ZonePolicySourceArgs] = None,
action: Optional[str] = None,
ip_version: Optional[str] = None,
match_ip_sec_type: Optional[str] = None,
connection_states: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
index: Optional[int] = None,
connection_state_type: Optional[str] = None,
logging: Optional[bool] = None,
description: Optional[str] = None,
match_opposite_protocol: Optional[bool] = None,
name: Optional[str] = None,
protocol: Optional[str] = None,
schedule: Optional[ZonePolicyScheduleArgs] = None,
site: Optional[str] = None,
auto_allow_return_traffic: Optional[bool] = None)func NewZonePolicy(ctx *Context, name string, args ZonePolicyArgs, opts ...ResourceOption) (*ZonePolicy, error)public ZonePolicy(string name, ZonePolicyArgs args, CustomResourceOptions? opts = null)
public ZonePolicy(String name, ZonePolicyArgs args)
public ZonePolicy(String name, ZonePolicyArgs args, CustomResourceOptions options)
type: unifi:firewall:ZonePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZonePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZonePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZonePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZonePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZonePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zonePolicyResource = new Unifi.Firewall.ZonePolicy("zonePolicyResource", new()
{
Destination = new Unifi.Firewall.Inputs.ZonePolicyDestinationArgs
{
ZoneId = "string",
AppCategoryIds = new[]
{
"string",
},
AppIds = new[]
{
"string",
},
IpGroupId = "string",
Ips = new[]
{
"string",
},
MatchOppositeIps = false,
MatchOppositePorts = false,
Port = 0,
PortGroupId = "string",
Regions = new[]
{
"string",
},
WebDomains = new[]
{
"string",
},
},
Source = new Unifi.Firewall.Inputs.ZonePolicySourceArgs
{
ZoneId = "string",
ClientMacs = new[]
{
"string",
},
IpGroupId = "string",
Ips = new[]
{
"string",
},
Mac = "string",
Macs = new[]
{
"string",
},
MatchOppositeIps = false,
MatchOppositeNetworks = false,
MatchOppositePorts = false,
NetworkIds = new[]
{
"string",
},
Port = 0,
PortGroupId = "string",
},
Action = "string",
IpVersion = "string",
MatchIpSecType = "string",
ConnectionStates = new[]
{
"string",
},
Enabled = false,
Index = 0,
ConnectionStateType = "string",
Logging = false,
Description = "string",
MatchOppositeProtocol = false,
Name = "string",
Protocol = "string",
Schedule = new Unifi.Firewall.Inputs.ZonePolicyScheduleArgs
{
Date = "string",
DateEnd = "string",
DateStart = "string",
Mode = "string",
RepeatOnDays = new[]
{
"string",
},
TimeAllDay = false,
TimeFrom = "string",
TimeTo = "string",
},
Site = "string",
AutoAllowReturnTraffic = false,
});
example, err := firewall.NewZonePolicy(ctx, "zonePolicyResource", &firewall.ZonePolicyArgs{
Destination: &firewall.ZonePolicyDestinationArgs{
ZoneId: pulumi.String("string"),
AppCategoryIds: pulumi.StringArray{
pulumi.String("string"),
},
AppIds: pulumi.StringArray{
pulumi.String("string"),
},
IpGroupId: pulumi.String("string"),
Ips: pulumi.StringArray{
pulumi.String("string"),
},
MatchOppositeIps: pulumi.Bool(false),
MatchOppositePorts: pulumi.Bool(false),
Port: pulumi.Int(0),
PortGroupId: pulumi.String("string"),
Regions: pulumi.StringArray{
pulumi.String("string"),
},
WebDomains: pulumi.StringArray{
pulumi.String("string"),
},
},
Source: &firewall.ZonePolicySourceArgs{
ZoneId: pulumi.String("string"),
ClientMacs: pulumi.StringArray{
pulumi.String("string"),
},
IpGroupId: pulumi.String("string"),
Ips: pulumi.StringArray{
pulumi.String("string"),
},
Mac: pulumi.String("string"),
Macs: pulumi.StringArray{
pulumi.String("string"),
},
MatchOppositeIps: pulumi.Bool(false),
MatchOppositeNetworks: pulumi.Bool(false),
MatchOppositePorts: pulumi.Bool(false),
NetworkIds: pulumi.StringArray{
pulumi.String("string"),
},
Port: pulumi.Int(0),
PortGroupId: pulumi.String("string"),
},
Action: pulumi.String("string"),
IpVersion: pulumi.String("string"),
MatchIpSecType: pulumi.String("string"),
ConnectionStates: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Index: pulumi.Int(0),
ConnectionStateType: pulumi.String("string"),
Logging: pulumi.Bool(false),
Description: pulumi.String("string"),
MatchOppositeProtocol: pulumi.Bool(false),
Name: pulumi.String("string"),
Protocol: pulumi.String("string"),
Schedule: &firewall.ZonePolicyScheduleArgs{
Date: pulumi.String("string"),
DateEnd: pulumi.String("string"),
DateStart: pulumi.String("string"),
Mode: pulumi.String("string"),
RepeatOnDays: pulumi.StringArray{
pulumi.String("string"),
},
TimeAllDay: pulumi.Bool(false),
TimeFrom: pulumi.String("string"),
TimeTo: pulumi.String("string"),
},
Site: pulumi.String("string"),
AutoAllowReturnTraffic: pulumi.Bool(false),
})
var zonePolicyResource = new ZonePolicy("zonePolicyResource", ZonePolicyArgs.builder()
.destination(ZonePolicyDestinationArgs.builder()
.zoneId("string")
.appCategoryIds("string")
.appIds("string")
.ipGroupId("string")
.ips("string")
.matchOppositeIps(false)
.matchOppositePorts(false)
.port(0)
.portGroupId("string")
.regions("string")
.webDomains("string")
.build())
.source(ZonePolicySourceArgs.builder()
.zoneId("string")
.clientMacs("string")
.ipGroupId("string")
.ips("string")
.mac("string")
.macs("string")
.matchOppositeIps(false)
.matchOppositeNetworks(false)
.matchOppositePorts(false)
.networkIds("string")
.port(0)
.portGroupId("string")
.build())
.action("string")
.ipVersion("string")
.matchIpSecType("string")
.connectionStates("string")
.enabled(false)
.index(0)
.connectionStateType("string")
.logging(false)
.description("string")
.matchOppositeProtocol(false)
.name("string")
.protocol("string")
.schedule(ZonePolicyScheduleArgs.builder()
.date("string")
.dateEnd("string")
.dateStart("string")
.mode("string")
.repeatOnDays("string")
.timeAllDay(false)
.timeFrom("string")
.timeTo("string")
.build())
.site("string")
.autoAllowReturnTraffic(false)
.build());
zone_policy_resource = unifi.firewall.ZonePolicy("zonePolicyResource",
destination={
"zone_id": "string",
"app_category_ids": ["string"],
"app_ids": ["string"],
"ip_group_id": "string",
"ips": ["string"],
"match_opposite_ips": False,
"match_opposite_ports": False,
"port": 0,
"port_group_id": "string",
"regions": ["string"],
"web_domains": ["string"],
},
source={
"zone_id": "string",
"client_macs": ["string"],
"ip_group_id": "string",
"ips": ["string"],
"mac": "string",
"macs": ["string"],
"match_opposite_ips": False,
"match_opposite_networks": False,
"match_opposite_ports": False,
"network_ids": ["string"],
"port": 0,
"port_group_id": "string",
},
action="string",
ip_version="string",
match_ip_sec_type="string",
connection_states=["string"],
enabled=False,
index=0,
connection_state_type="string",
logging=False,
description="string",
match_opposite_protocol=False,
name="string",
protocol="string",
schedule={
"date": "string",
"date_end": "string",
"date_start": "string",
"mode": "string",
"repeat_on_days": ["string"],
"time_all_day": False,
"time_from": "string",
"time_to": "string",
},
site="string",
auto_allow_return_traffic=False)
const zonePolicyResource = new unifi.firewall.ZonePolicy("zonePolicyResource", {
destination: {
zoneId: "string",
appCategoryIds: ["string"],
appIds: ["string"],
ipGroupId: "string",
ips: ["string"],
matchOppositeIps: false,
matchOppositePorts: false,
port: 0,
portGroupId: "string",
regions: ["string"],
webDomains: ["string"],
},
source: {
zoneId: "string",
clientMacs: ["string"],
ipGroupId: "string",
ips: ["string"],
mac: "string",
macs: ["string"],
matchOppositeIps: false,
matchOppositeNetworks: false,
matchOppositePorts: false,
networkIds: ["string"],
port: 0,
portGroupId: "string",
},
action: "string",
ipVersion: "string",
matchIpSecType: "string",
connectionStates: ["string"],
enabled: false,
index: 0,
connectionStateType: "string",
logging: false,
description: "string",
matchOppositeProtocol: false,
name: "string",
protocol: "string",
schedule: {
date: "string",
dateEnd: "string",
dateStart: "string",
mode: "string",
repeatOnDays: ["string"],
timeAllDay: false,
timeFrom: "string",
timeTo: "string",
},
site: "string",
autoAllowReturnTraffic: false,
});
type: unifi:firewall:ZonePolicy
properties:
action: string
autoAllowReturnTraffic: false
connectionStateType: string
connectionStates:
- string
description: string
destination:
appCategoryIds:
- string
appIds:
- string
ipGroupId: string
ips:
- string
matchOppositeIps: false
matchOppositePorts: false
port: 0
portGroupId: string
regions:
- string
webDomains:
- string
zoneId: string
enabled: false
index: 0
ipVersion: string
logging: false
matchIpSecType: string
matchOppositeProtocol: false
name: string
protocol: string
schedule:
date: string
dateEnd: string
dateStart: string
mode: string
repeatOnDays:
- string
timeAllDay: false
timeFrom: string
timeTo: string
site: string
source:
clientMacs:
- string
ipGroupId: string
ips:
- string
mac: string
macs:
- string
matchOppositeIps: false
matchOppositeNetworks: false
matchOppositePorts: false
networkIds:
- string
port: 0
portGroupId: string
zoneId: string
ZonePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZonePolicy resource accepts the following input properties:
- Action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - Destination
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- Source
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- Auto
Allow boolReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- Connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - Connection
States List<string> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - Description string
- Description of the firewall zone policy.
- Enabled bool
- Enable the policy
- Index int
- Priority index for the policy.
- Ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - Logging bool
- Enable to generate syslog entries when traffic is matched.
- Match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - Match
Opposite boolProtocol - Whether to match the opposite protocol.
- Name string
- The name of the firewall zone policy.
- Protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - Schedule
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Schedule - Enforce this policy at specific times.
- Site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- Action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - Destination
Zone
Policy Destination Args - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- Source
Zone
Policy Source Args - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- Auto
Allow boolReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- Connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - Connection
States []string - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - Description string
- Description of the firewall zone policy.
- Enabled bool
- Enable the policy
- Index int
- Priority index for the policy.
- Ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - Logging bool
- Enable to generate syslog entries when traffic is matched.
- Match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - Match
Opposite boolProtocol - Whether to match the opposite protocol.
- Name string
- The name of the firewall zone policy.
- Protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - Schedule
Zone
Policy Schedule Args - Enforce this policy at specific times.
- Site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- action String
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - destination
Zone
Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- source
Zone
Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- auto
Allow BooleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State StringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States List<String> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description String
- Description of the firewall zone policy.
- enabled Boolean
- Enable the policy
- index Integer
- Priority index for the policy.
- ip
Version String - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging Boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip StringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite BooleanProtocol - Whether to match the opposite protocol.
- name String
- The name of the firewall zone policy.
- protocol String
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule - Enforce this policy at specific times.
- site String
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - destination
Zone
Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- source
Zone
Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- auto
Allow booleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States string[] - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description string
- Description of the firewall zone policy.
- enabled boolean
- Enable the policy
- index number
- Priority index for the policy.
- ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite booleanProtocol - Whether to match the opposite protocol.
- name string
- The name of the firewall zone policy.
- protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule - Enforce this policy at specific times.
- site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- action str
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - destination
Zone
Policy Destination Args - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- source
Zone
Policy Source Args - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- auto_
allow_ boolreturn_ traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection_
state_ strtype - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection_
states Sequence[str] - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description str
- Description of the firewall zone policy.
- enabled bool
- Enable the policy
- index int
- Priority index for the policy.
- ip_
version str - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging bool
- Enable to generate syslog entries when traffic is matched.
- match_
ip_ strsec_ type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match_
opposite_ boolprotocol - Whether to match the opposite protocol.
- name str
- The name of the firewall zone policy.
- protocol str
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule Args - Enforce this policy at specific times.
- site str
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- action String
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - destination Property Map
- The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- source Property Map
- The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- auto
Allow BooleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State StringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States List<String> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description String
- Description of the firewall zone policy.
- enabled Boolean
- Enable the policy
- index Number
- Priority index for the policy.
- ip
Version String - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging Boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip StringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite BooleanProtocol - Whether to match the opposite protocol.
- name String
- The name of the firewall zone policy.
- protocol String
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule Property Map
- Enforce this policy at specific times.
- site String
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZonePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ZonePolicy Resource
Get an existing ZonePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZonePolicyState, opts?: CustomResourceOptions): ZonePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
auto_allow_return_traffic: Optional[bool] = None,
connection_state_type: Optional[str] = None,
connection_states: Optional[Sequence[str]] = None,
description: Optional[str] = None,
destination: Optional[ZonePolicyDestinationArgs] = None,
enabled: Optional[bool] = None,
index: Optional[int] = None,
ip_version: Optional[str] = None,
logging: Optional[bool] = None,
match_ip_sec_type: Optional[str] = None,
match_opposite_protocol: Optional[bool] = None,
name: Optional[str] = None,
protocol: Optional[str] = None,
schedule: Optional[ZonePolicyScheduleArgs] = None,
site: Optional[str] = None,
source: Optional[ZonePolicySourceArgs] = None) -> ZonePolicyfunc GetZonePolicy(ctx *Context, name string, id IDInput, state *ZonePolicyState, opts ...ResourceOption) (*ZonePolicy, error)public static ZonePolicy Get(string name, Input<string> id, ZonePolicyState? state, CustomResourceOptions? opts = null)public static ZonePolicy get(String name, Output<String> id, ZonePolicyState state, CustomResourceOptions options)resources: _: type: unifi:firewall:ZonePolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - Auto
Allow boolReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- Connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - Connection
States List<string> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - Description string
- Description of the firewall zone policy.
- Destination
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- Enabled bool
- Enable the policy
- Index int
- Priority index for the policy.
- Ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - Logging bool
- Enable to generate syslog entries when traffic is matched.
- Match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - Match
Opposite boolProtocol - Whether to match the opposite protocol.
- Name string
- The name of the firewall zone policy.
- Protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - Schedule
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Schedule - Enforce this policy at specific times.
- Site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- Source
Pulumiverse.
Unifi. Firewall. Inputs. Zone Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- Action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - Auto
Allow boolReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- Connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - Connection
States []string - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - Description string
- Description of the firewall zone policy.
- Destination
Zone
Policy Destination Args - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- Enabled bool
- Enable the policy
- Index int
- Priority index for the policy.
- Ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - Logging bool
- Enable to generate syslog entries when traffic is matched.
- Match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - Match
Opposite boolProtocol - Whether to match the opposite protocol.
- Name string
- The name of the firewall zone policy.
- Protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - Schedule
Zone
Policy Schedule Args - Enforce this policy at specific times.
- Site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- Source
Zone
Policy Source Args - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- action String
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - auto
Allow BooleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State StringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States List<String> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description String
- Description of the firewall zone policy.
- destination
Zone
Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- enabled Boolean
- Enable the policy
- index Integer
- Priority index for the policy.
- ip
Version String - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging Boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip StringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite BooleanProtocol - Whether to match the opposite protocol.
- name String
- The name of the firewall zone policy.
- protocol String
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule - Enforce this policy at specific times.
- site String
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- source
Zone
Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- action string
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - auto
Allow booleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State stringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States string[] - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description string
- Description of the firewall zone policy.
- destination
Zone
Policy Destination - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- enabled boolean
- Enable the policy
- index number
- Priority index for the policy.
- ip
Version string - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip stringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite booleanProtocol - Whether to match the opposite protocol.
- name string
- The name of the firewall zone policy.
- protocol string
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule - Enforce this policy at specific times.
- site string
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- source
Zone
Policy Source - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- action str
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - auto_
allow_ boolreturn_ traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection_
state_ strtype - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection_
states Sequence[str] - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description str
- Description of the firewall zone policy.
- destination
Zone
Policy Destination Args - The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- enabled bool
- Enable the policy
- index int
- Priority index for the policy.
- ip_
version str - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging bool
- Enable to generate syslog entries when traffic is matched.
- match_
ip_ strsec_ type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match_
opposite_ boolprotocol - Whether to match the opposite protocol.
- name str
- The name of the firewall zone policy.
- protocol str
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule
Zone
Policy Schedule Args - Enforce this policy at specific times.
- site str
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- source
Zone
Policy Source Args - The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
- action String
- Determines which action to take on matching traffic. Must be one of
BLOCK,ALLOW, orREJECT. - auto
Allow BooleanReturn Traffic - Creates a built-in policy for the opposite Zone Pair to automatically allow the return traffic. If disabled, return traffic must be manually allowed
- connection
State StringType - Optionally match on a firewall connection state such as traffic associated with an already existing connection. Valid values are
ALL,RESPOND_ONLY, orCUSTOM. - connection
States List<String> - Connection states to match when
connection_state_typeisCUSTOM. Valid values includeESTABLISHED,NEW,RELATED, andINVALID. - description String
- Description of the firewall zone policy.
- destination Property Map
- The zone matching the destination of the traffic. Optionally match on a specific destination inside the zone.
- enabled Boolean
- Enable the policy
- index Number
- Priority index for the policy.
- ip
Version String - Optionally match on only IPv4 or IPv6. Valid values are
BOTH,IPV4, orIPV6. - logging Boolean
- Enable to generate syslog entries when traffic is matched.
- match
Ip StringSec Type - Optionally match on traffic encrypted by IPsec. This is typically used for Ipsec Policy-Based VPNs. Valid values are
MATCH_IP_SECorMATCH_NON_IP_SEC. - match
Opposite BooleanProtocol - Whether to match the opposite protocol.
- name String
- The name of the firewall zone policy.
- protocol String
- Optionally match a specific protocol. Valid values include:
all,tcp_udp,tcp,udp, etc. - schedule Property Map
- Enforce this policy at specific times.
- site String
- The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
- source Property Map
- The zone matching the source of the traffic. Optionally match on a specific source inside the zone.
Supporting Types
ZonePolicyDestination, ZonePolicyDestinationArgs
- Zone
Id string - ID of the firewall zone.
- App
Category List<string>Ids - List of application category IDs.
- App
Ids List<string> - List of application IDs.
- Ip
Group stringId - ID of the source IP group.
- Ips List<string>
- List of source IPs.
- Match
Opposite boolIps - Whether to match opposite IPs.
- Match
Opposite boolPorts - Whether to match opposite ports.
- Port int
- Source port.
- Port
Group stringId - ID of the source port group.
- Regions List<string>
- List of regions.
- Web
Domains List<string> - List of web domains.
- Zone
Id string - ID of the firewall zone.
- App
Category []stringIds - List of application category IDs.
- App
Ids []string - List of application IDs.
- Ip
Group stringId - ID of the source IP group.
- Ips []string
- List of source IPs.
- Match
Opposite boolIps - Whether to match opposite IPs.
- Match
Opposite boolPorts - Whether to match opposite ports.
- Port int
- Source port.
- Port
Group stringId - ID of the source port group.
- Regions []string
- List of regions.
- Web
Domains []string - List of web domains.
- zone
Id String - ID of the firewall zone.
- app
Category List<String>Ids - List of application category IDs.
- app
Ids List<String> - List of application IDs.
- ip
Group StringId - ID of the source IP group.
- ips List<String>
- List of source IPs.
- match
Opposite BooleanIps - Whether to match opposite IPs.
- match
Opposite BooleanPorts - Whether to match opposite ports.
- port Integer
- Source port.
- port
Group StringId - ID of the source port group.
- regions List<String>
- List of regions.
- web
Domains List<String> - List of web domains.
- zone
Id string - ID of the firewall zone.
- app
Category string[]Ids - List of application category IDs.
- app
Ids string[] - List of application IDs.
- ip
Group stringId - ID of the source IP group.
- ips string[]
- List of source IPs.
- match
Opposite booleanIps - Whether to match opposite IPs.
- match
Opposite booleanPorts - Whether to match opposite ports.
- port number
- Source port.
- port
Group stringId - ID of the source port group.
- regions string[]
- List of regions.
- web
Domains string[] - List of web domains.
- zone_
id str - ID of the firewall zone.
- app_
category_ Sequence[str]ids - List of application category IDs.
- app_
ids Sequence[str] - List of application IDs.
- ip_
group_ strid - ID of the source IP group.
- ips Sequence[str]
- List of source IPs.
- match_
opposite_ boolips - Whether to match opposite IPs.
- match_
opposite_ boolports - Whether to match opposite ports.
- port int
- Source port.
- port_
group_ strid - ID of the source port group.
- regions Sequence[str]
- List of regions.
- web_
domains Sequence[str] - List of web domains.
- zone
Id String - ID of the firewall zone.
- app
Category List<String>Ids - List of application category IDs.
- app
Ids List<String> - List of application IDs.
- ip
Group StringId - ID of the source IP group.
- ips List<String>
- List of source IPs.
- match
Opposite BooleanIps - Whether to match opposite IPs.
- match
Opposite BooleanPorts - Whether to match opposite ports.
- port Number
- Source port.
- port
Group StringId - ID of the source port group.
- regions List<String>
- List of regions.
- web
Domains List<String> - List of web domains.
ZonePolicySchedule, ZonePolicyScheduleArgs
- Date string
- Date for the schedule.
- Date
End string - End date for the schedule.
- Date
Start string - Start date for the schedule.
- Mode string
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - Repeat
On List<string>Days - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - Time
All boolDay - Whether the schedule applies all day.
- Time
From string - Schedule starting time in 24-hour format (HH:MM).
- Time
To string - Schedule ending time in 24-hour format (HH:MM).
- Date string
- Date for the schedule.
- Date
End string - End date for the schedule.
- Date
Start string - Start date for the schedule.
- Mode string
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - Repeat
On []stringDays - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - Time
All boolDay - Whether the schedule applies all day.
- Time
From string - Schedule starting time in 24-hour format (HH:MM).
- Time
To string - Schedule ending time in 24-hour format (HH:MM).
- date String
- Date for the schedule.
- date
End String - End date for the schedule.
- date
Start String - Start date for the schedule.
- mode String
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - repeat
On List<String>Days - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - time
All BooleanDay - Whether the schedule applies all day.
- time
From String - Schedule starting time in 24-hour format (HH:MM).
- time
To String - Schedule ending time in 24-hour format (HH:MM).
- date string
- Date for the schedule.
- date
End string - End date for the schedule.
- date
Start string - Start date for the schedule.
- mode string
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - repeat
On string[]Days - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - time
All booleanDay - Whether the schedule applies all day.
- time
From string - Schedule starting time in 24-hour format (HH:MM).
- time
To string - Schedule ending time in 24-hour format (HH:MM).
- date str
- Date for the schedule.
- date_
end str - End date for the schedule.
- date_
start str - Start date for the schedule.
- mode str
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - repeat_
on_ Sequence[str]days - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - time_
all_ boolday - Whether the schedule applies all day.
- time_
from str - Schedule starting time in 24-hour format (HH:MM).
- time_
to str - Schedule ending time in 24-hour format (HH:MM).
- date String
- Date for the schedule.
- date
End String - End date for the schedule.
- date
Start String - Start date for the schedule.
- mode String
- Schedule mode. Valid values are
ALWAYS,EVERY_DAY,EVERY_WEEK,ONE_TIME_ONLY, orCUSTOM. - repeat
On List<String>Days - Days of the week when schedule repeats. Valid values include
mon,tue,wed,thu,fri,sat, andsun. - time
All BooleanDay - Whether the schedule applies all day.
- time
From String - Schedule starting time in 24-hour format (HH:MM).
- time
To String - Schedule ending time in 24-hour format (HH:MM).
ZonePolicySource, ZonePolicySourceArgs
- Zone
Id string - ID of the firewall zone.
- Client
Macs List<string> - List of client MAC addresses.
- Ip
Group stringId - ID of the source IP group.
- Ips List<string>
- List of source IPs.
- Mac string
- Source MAC address.
- Macs List<string>
- List of MAC addresses.
- Match
Opposite boolIps - Whether to match opposite IPs.
- Match
Opposite boolNetworks - Whether to match opposite networks.
- Match
Opposite boolPorts - Whether to match opposite ports.
- Network
Ids List<string> - List of network IDs.
- Port int
- Source port.
- Port
Group stringId - ID of the source port group.
- Zone
Id string - ID of the firewall zone.
- Client
Macs []string - List of client MAC addresses.
- Ip
Group stringId - ID of the source IP group.
- Ips []string
- List of source IPs.
- Mac string
- Source MAC address.
- Macs []string
- List of MAC addresses.
- Match
Opposite boolIps - Whether to match opposite IPs.
- Match
Opposite boolNetworks - Whether to match opposite networks.
- Match
Opposite boolPorts - Whether to match opposite ports.
- Network
Ids []string - List of network IDs.
- Port int
- Source port.
- Port
Group stringId - ID of the source port group.
- zone
Id String - ID of the firewall zone.
- client
Macs List<String> - List of client MAC addresses.
- ip
Group StringId - ID of the source IP group.
- ips List<String>
- List of source IPs.
- mac String
- Source MAC address.
- macs List<String>
- List of MAC addresses.
- match
Opposite BooleanIps - Whether to match opposite IPs.
- match
Opposite BooleanNetworks - Whether to match opposite networks.
- match
Opposite BooleanPorts - Whether to match opposite ports.
- network
Ids List<String> - List of network IDs.
- port Integer
- Source port.
- port
Group StringId - ID of the source port group.
- zone
Id string - ID of the firewall zone.
- client
Macs string[] - List of client MAC addresses.
- ip
Group stringId - ID of the source IP group.
- ips string[]
- List of source IPs.
- mac string
- Source MAC address.
- macs string[]
- List of MAC addresses.
- match
Opposite booleanIps - Whether to match opposite IPs.
- match
Opposite booleanNetworks - Whether to match opposite networks.
- match
Opposite booleanPorts - Whether to match opposite ports.
- network
Ids string[] - List of network IDs.
- port number
- Source port.
- port
Group stringId - ID of the source port group.
- zone_
id str - ID of the firewall zone.
- client_
macs Sequence[str] - List of client MAC addresses.
- ip_
group_ strid - ID of the source IP group.
- ips Sequence[str]
- List of source IPs.
- mac str
- Source MAC address.
- macs Sequence[str]
- List of MAC addresses.
- match_
opposite_ boolips - Whether to match opposite IPs.
- match_
opposite_ boolnetworks - Whether to match opposite networks.
- match_
opposite_ boolports - Whether to match opposite ports.
- network_
ids Sequence[str] - List of network IDs.
- port int
- Source port.
- port_
group_ strid - ID of the source port group.
- zone
Id String - ID of the firewall zone.
- client
Macs List<String> - List of client MAC addresses.
- ip
Group StringId - ID of the source IP group.
- ips List<String>
- List of source IPs.
- mac String
- Source MAC address.
- macs List<String>
- List of MAC addresses.
- match
Opposite BooleanIps - Whether to match opposite IPs.
- match
Opposite BooleanNetworks - Whether to match opposite networks.
- match
Opposite BooleanPorts - Whether to match opposite ports.
- network
Ids List<String> - List of network IDs.
- port Number
- Source port.
- port
Group StringId - ID of the source port group.
Import
import from provider configured site
$ pulumi import unifi:firewall/zonePolicy:ZonePolicy mynetwork 5dc28e5e9106d105bdc87217
import from another site
$ pulumi import unifi:firewall/zonePolicy:ZonePolicy mynetwork zone:5dc28e5e9106d105bdc87217
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- unifi pulumiverse/pulumi-unifi
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
unifiTerraform Provider.
Unifi v0.2.0 published on Tuesday, Feb 17, 2026 by Pulumiverse
