Docs Home
vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware
vcd.NsxtDistributedFirewall
Explore with Pulumi AI
Create NsxtDistributedFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NsxtDistributedFirewall(name: string, args: NsxtDistributedFirewallArgs, opts?: CustomResourceOptions);@overload
def NsxtDistributedFirewall(resource_name: str,
args: NsxtDistributedFirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NsxtDistributedFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
rules: Optional[Sequence[NsxtDistributedFirewallRuleArgs]] = None,
vdc_group_id: Optional[str] = None,
nsxt_distributed_firewall_id: Optional[str] = None,
org: Optional[str] = None)func NewNsxtDistributedFirewall(ctx *Context, name string, args NsxtDistributedFirewallArgs, opts ...ResourceOption) (*NsxtDistributedFirewall, error)public NsxtDistributedFirewall(string name, NsxtDistributedFirewallArgs args, CustomResourceOptions? opts = null)
public NsxtDistributedFirewall(String name, NsxtDistributedFirewallArgs args)
public NsxtDistributedFirewall(String name, NsxtDistributedFirewallArgs args, CustomResourceOptions options)
type: vcd:NsxtDistributedFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NsxtDistributedFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NsxtDistributedFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NsxtDistributedFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NsxtDistributedFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NsxtDistributedFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var nsxtDistributedFirewallResource = new Vcd.NsxtDistributedFirewall("nsxtDistributedFirewallResource", new()
{
Rules = new[]
{
new Vcd.Inputs.NsxtDistributedFirewallRuleArgs
{
Action = "string",
Name = "string",
Direction = "string",
Description = "string",
DestinationGroupsExcluded = false,
DestinationIds = new[]
{
"string",
},
Comment = "string",
Enabled = false,
Id = "string",
IpProtocol = "string",
Logging = false,
AppPortProfileIds = new[]
{
"string",
},
NetworkContextProfileIds = new[]
{
"string",
},
SourceGroupsExcluded = false,
SourceIds = new[]
{
"string",
},
},
},
VdcGroupId = "string",
NsxtDistributedFirewallId = "string",
Org = "string",
});
example, err := vcd.NewNsxtDistributedFirewall(ctx, "nsxtDistributedFirewallResource", &vcd.NsxtDistributedFirewallArgs{
Rules: vcd.NsxtDistributedFirewallRuleTypeArray{
&vcd.NsxtDistributedFirewallRuleTypeArgs{
Action: pulumi.String("string"),
Name: pulumi.String("string"),
Direction: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationGroupsExcluded: pulumi.Bool(false),
DestinationIds: pulumi.StringArray{
pulumi.String("string"),
},
Comment: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Id: pulumi.String("string"),
IpProtocol: pulumi.String("string"),
Logging: pulumi.Bool(false),
AppPortProfileIds: pulumi.StringArray{
pulumi.String("string"),
},
NetworkContextProfileIds: pulumi.StringArray{
pulumi.String("string"),
},
SourceGroupsExcluded: pulumi.Bool(false),
SourceIds: pulumi.StringArray{
pulumi.String("string"),
},
},
},
VdcGroupId: pulumi.String("string"),
NsxtDistributedFirewallId: pulumi.String("string"),
Org: pulumi.String("string"),
})
var nsxtDistributedFirewallResource = new NsxtDistributedFirewall("nsxtDistributedFirewallResource", NsxtDistributedFirewallArgs.builder()
.rules(NsxtDistributedFirewallRuleArgs.builder()
.action("string")
.name("string")
.direction("string")
.description("string")
.destinationGroupsExcluded(false)
.destinationIds("string")
.comment("string")
.enabled(false)
.id("string")
.ipProtocol("string")
.logging(false)
.appPortProfileIds("string")
.networkContextProfileIds("string")
.sourceGroupsExcluded(false)
.sourceIds("string")
.build())
.vdcGroupId("string")
.nsxtDistributedFirewallId("string")
.org("string")
.build());
nsxt_distributed_firewall_resource = vcd.NsxtDistributedFirewall("nsxtDistributedFirewallResource",
rules=[{
"action": "string",
"name": "string",
"direction": "string",
"description": "string",
"destination_groups_excluded": False,
"destination_ids": ["string"],
"comment": "string",
"enabled": False,
"id": "string",
"ip_protocol": "string",
"logging": False,
"app_port_profile_ids": ["string"],
"network_context_profile_ids": ["string"],
"source_groups_excluded": False,
"source_ids": ["string"],
}],
vdc_group_id="string",
nsxt_distributed_firewall_id="string",
org="string")
const nsxtDistributedFirewallResource = new vcd.NsxtDistributedFirewall("nsxtDistributedFirewallResource", {
rules: [{
action: "string",
name: "string",
direction: "string",
description: "string",
destinationGroupsExcluded: false,
destinationIds: ["string"],
comment: "string",
enabled: false,
id: "string",
ipProtocol: "string",
logging: false,
appPortProfileIds: ["string"],
networkContextProfileIds: ["string"],
sourceGroupsExcluded: false,
sourceIds: ["string"],
}],
vdcGroupId: "string",
nsxtDistributedFirewallId: "string",
org: "string",
});
type: vcd:NsxtDistributedFirewall
properties:
nsxtDistributedFirewallId: string
org: string
rules:
- action: string
appPortProfileIds:
- string
comment: string
description: string
destinationGroupsExcluded: false
destinationIds:
- string
direction: string
enabled: false
id: string
ipProtocol: string
logging: false
name: string
networkContextProfileIds:
- string
sourceGroupsExcluded: false
sourceIds:
- string
vdcGroupId: string
NsxtDistributedFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NsxtDistributedFirewall resource accepts the following input properties:
- Rules
List<Nsxt
Distributed Firewall Rule> One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- Vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - Nsxt
Distributed stringFirewall Id - Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Rules
[]Nsxt
Distributed Firewall Rule Type Args One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- Vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - Nsxt
Distributed stringFirewall Id - Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
List<Nsxt
Distributed Firewall Rule> One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group StringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - nsxt
Distributed StringFirewall Id - org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
Nsxt
Distributed Firewall Rule[] One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - nsxt
Distributed stringFirewall Id - org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
Sequence[Nsxt
Distributed Firewall Rule Args] One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc_
group_ strid - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - nsxt_
distributed_ strfirewall_ id - org str
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules List<Property Map>
One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group StringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source. - nsxt
Distributed StringFirewall Id - org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
Outputs
All input properties are implicitly available as output properties. Additionally, the NsxtDistributedFirewall resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NsxtDistributedFirewall Resource
Get an existing NsxtDistributedFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NsxtDistributedFirewallState, opts?: CustomResourceOptions): NsxtDistributedFirewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
nsxt_distributed_firewall_id: Optional[str] = None,
org: Optional[str] = None,
rules: Optional[Sequence[NsxtDistributedFirewallRuleArgs]] = None,
vdc_group_id: Optional[str] = None) -> NsxtDistributedFirewallfunc GetNsxtDistributedFirewall(ctx *Context, name string, id IDInput, state *NsxtDistributedFirewallState, opts ...ResourceOption) (*NsxtDistributedFirewall, error)public static NsxtDistributedFirewall Get(string name, Input<string> id, NsxtDistributedFirewallState? state, CustomResourceOptions? opts = null)public static NsxtDistributedFirewall get(String name, Output<String> id, NsxtDistributedFirewallState state, CustomResourceOptions options)resources: _: type: vcd:NsxtDistributedFirewall get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Nsxt
Distributed stringFirewall Id - Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Rules
List<Nsxt
Distributed Firewall Rule> One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- Vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
- Nsxt
Distributed stringFirewall Id - Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Rules
[]Nsxt
Distributed Firewall Rule Type Args One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- Vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
- nsxt
Distributed StringFirewall Id - org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
List<Nsxt
Distributed Firewall Rule> One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group StringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
- nsxt
Distributed stringFirewall Id - org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
Nsxt
Distributed Firewall Rule[] One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group stringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
- nsxt_
distributed_ strfirewall_ id - org str
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules
Sequence[Nsxt
Distributed Firewall Rule Args] One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc_
group_ strid - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
- nsxt
Distributed StringFirewall Id - org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- rules List<Property Map>
One or more blocks with Firewall Rule definitions. Order defines firewall rule precedence
- vdc
Group StringId - The ID of VDC Group to manage Distributed Firewall in. Can be looked
up using
vcd.VdcGroupresource or data source.
Supporting Types
NsxtDistributedFirewallRule, NsxtDistributedFirewallRuleArgs
- Action string
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- Name string
- Firewall Rule name
- App
Port List<string>Profile Ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- Comment string
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- Description string
- Description is not shown in UI
- Destination
Groups boolExcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- Destination
Ids List<string> - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- Direction string
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- Enabled bool
- Defined if Firewall Rule is active
- Id string
- Firewall Rule ID
- Ip
Protocol string - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- Logging bool
- Defines if matching traffic should be logged
- Network
Context List<string>Profile Ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- Source
Groups boolExcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- Source
Ids List<string> - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- Action string
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- Name string
- Firewall Rule name
- App
Port []stringProfile Ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- Comment string
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- Description string
- Description is not shown in UI
- Destination
Groups boolExcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- Destination
Ids []string - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- Direction string
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- Enabled bool
- Defined if Firewall Rule is active
- Id string
- Firewall Rule ID
- Ip
Protocol string - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- Logging bool
- Defines if matching traffic should be logged
- Network
Context []stringProfile Ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- Source
Groups boolExcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- Source
Ids []string - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- action String
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- name String
- Firewall Rule name
- app
Port List<String>Profile Ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- comment String
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- description String
- Description is not shown in UI
- destination
Groups BooleanExcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- destination
Ids List<String> - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- direction String
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- enabled Boolean
- Defined if Firewall Rule is active
- id String
- Firewall Rule ID
- ip
Protocol String - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- logging Boolean
- Defines if matching traffic should be logged
- network
Context List<String>Profile Ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- source
Groups BooleanExcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- source
Ids List<String> - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- action string
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- name string
- Firewall Rule name
- app
Port string[]Profile Ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- comment string
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- description string
- Description is not shown in UI
- destination
Groups booleanExcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- destination
Ids string[] - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- direction string
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- enabled boolean
- Defined if Firewall Rule is active
- id string
- Firewall Rule ID
- ip
Protocol string - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- logging boolean
- Defines if matching traffic should be logged
- network
Context string[]Profile Ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- source
Groups booleanExcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- source
Ids string[] - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- action str
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- name str
- Firewall Rule name
- app_
port_ Sequence[str]profile_ ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- comment str
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- description str
- Description is not shown in UI
- destination_
groups_ boolexcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- destination_
ids Sequence[str] - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- direction str
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- enabled bool
- Defined if Firewall Rule is active
- id str
- Firewall Rule ID
- ip_
protocol str - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- logging bool
- Defines if matching traffic should be logged
- network_
context_ Sequence[str]profile_ ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- source_
groups_ boolexcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- source_
ids Sequence[str] - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- action String
- Defines if the rule should 'ALLOW', 'DROP', 'REJECT' matching traffic
- name String
- Firewall Rule name
- app
Port List<String>Profile Ids - A set of Application Port Profile IDs. Leaving it empty means 'Any'
- comment String
- Comment that is shown next to rule in UI (VCD 10.3.2+)
- description String
- Description is not shown in UI
- destination
Groups BooleanExcluded - Reverses firewall matching for to match all except Destinations Groups specified in 'destination_ids' (VCD 10.3.2+)
- destination
Ids List<String> - A set of Destination Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
- direction String
- Direction on which Firewall Rule applies (One of 'IN', 'OUT', 'IN_OUT')
- enabled Boolean
- Defined if Firewall Rule is active
- id String
- Firewall Rule ID
- ip
Protocol String - Firewall Rule Protocol (One of 'IPV4', 'IPV6', 'IPV4_IPV6')
- logging Boolean
- Defines if matching traffic should be logged
- network
Context List<String>Profile Ids - A set of Network Context Profile IDs. Leaving it empty means 'Any'
- source
Groups BooleanExcluded - Reverses firewall matching for to match all except Source Groups specified in 'source_ids' (VCD 10.3.2+)
- source
Ids List<String> - A set of Source Firewall Group IDs (IP Sets or Security Groups). Leaving it empty means 'Any'
Package Details
- Repository
- vcd vmware/terraform-provider-vcd
- License
- Notes
- This Pulumi package is based on the
vcdTerraform Provider.