1. Packages
  2. Panos Provider
  3. API Docs
  4. SecurityPolicyRules
panos 2.0.0 published on Tuesday, Apr 15, 2025 by paloaltonetworks

panos.SecurityPolicyRules

Explore with Pulumi AI

Example Usage

Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.panos.DeviceGroup;
import com.pulumi.panos.DeviceGroupArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationArgs;
import com.pulumi.panos.inputs.DeviceGroupLocationPanoramaArgs;
import com.pulumi.panos.SecurityPolicyRules;
import com.pulumi.panos.SecurityPolicyRulesArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesLocationArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesPositionArgs;
import com.pulumi.panos.inputs.SecurityPolicyRulesRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new DeviceGroup("example", DeviceGroupArgs.builder()
            .location(DeviceGroupLocationArgs.builder()
                .panorama()
                .build())
            .build());

        // Mange a group of security policy rules.
        //# Place the rule group at the top
        var example_1 = new SecurityPolicyRules("example-1", SecurityPolicyRulesArgs.builder()
            .location(SecurityPolicyRulesLocationArgs.builder()
                .device_group(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .position(SecurityPolicyRulesPositionArgs.builder()
                .where("first")
                .build())
            .rules(SecurityPolicyRulesRuleArgs.builder()
                .name("rule-1")
                .sourceZones("any")
                .sourceAddresses("1.1.1.1")
                .destinationZones("any")
                .destinationAddresses("172.0.0.0/8")
                .services("any")
                .applications("any")
                .build())
            .build());

        //# Place the rule group directly after rule-2
        var example_2 = new SecurityPolicyRules("example-2", SecurityPolicyRulesArgs.builder()
            .location(SecurityPolicyRulesLocationArgs.builder()
                .device_group(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .position(SecurityPolicyRulesPositionArgs.builder()
                .where("after")
                .directly(true)
                .pivot("rule-2")
                .build())
            .rules("TODO: ForExpression")
            .build());

    }
}
Copy
Coming soon!

Create SecurityPolicyRules Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityPolicyRules(name: string, args: SecurityPolicyRulesArgs, opts?: CustomResourceOptions);
@overload
def SecurityPolicyRules(resource_name: str,
                        args: SecurityPolicyRulesArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def SecurityPolicyRules(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        location: Optional[SecurityPolicyRulesLocationArgs] = None,
                        position: Optional[SecurityPolicyRulesPositionArgs] = None,
                        rules: Optional[Sequence[SecurityPolicyRulesRuleArgs]] = None)
func NewSecurityPolicyRules(ctx *Context, name string, args SecurityPolicyRulesArgs, opts ...ResourceOption) (*SecurityPolicyRules, error)
public SecurityPolicyRules(string name, SecurityPolicyRulesArgs args, CustomResourceOptions? opts = null)
public SecurityPolicyRules(String name, SecurityPolicyRulesArgs args)
public SecurityPolicyRules(String name, SecurityPolicyRulesArgs args, CustomResourceOptions options)
type: panos:SecurityPolicyRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SecurityPolicyRulesArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SecurityPolicyRulesArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SecurityPolicyRulesArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SecurityPolicyRulesArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SecurityPolicyRulesArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityPolicyRulesResource = new Panos.SecurityPolicyRules("securityPolicyRulesResource", new()
{
    Location = new Panos.Inputs.SecurityPolicyRulesLocationArgs
    {
        DeviceGroup = new Panos.Inputs.SecurityPolicyRulesLocationDeviceGroupArgs
        {
            Name = "string",
            PanoramaDevice = "string",
            Rulebase = "string",
        },
        Shared = new Panos.Inputs.SecurityPolicyRulesLocationSharedArgs
        {
            Rulebase = "string",
        },
        Vsys = new Panos.Inputs.SecurityPolicyRulesLocationVsysArgs
        {
            Name = "string",
            NgfwDevice = "string",
        },
    },
    Position = new Panos.Inputs.SecurityPolicyRulesPositionArgs
    {
        Where = "string",
        Directly = false,
        Pivot = "string",
    },
    Rules = new[]
    {
        new Panos.Inputs.SecurityPolicyRulesRuleArgs
        {
            Name = "string",
            NegateDestination = false,
            NegateSource = false,
            Description = "string",
            DestinationAddresses = new[]
            {
                "string",
            },
            DestinationHips = new[]
            {
                "string",
            },
            DestinationZones = new[]
            {
                "string",
            },
            DisableInspect = false,
            DisableServerResponseInspection = false,
            Disabled = false,
            GroupTag = "string",
            IcmpUnreachable = false,
            LogEnd = false,
            LogSetting = "string",
            LogStart = false,
            Categories = new[]
            {
                "string",
            },
            Applications = new[]
            {
                "string",
            },
            Qos = new Panos.Inputs.SecurityPolicyRulesRuleQosArgs
            {
                Marking = new Panos.Inputs.SecurityPolicyRulesRuleQosMarkingArgs
                {
                    FollowC2sFlow = null,
                    IpDscp = "string",
                    IpPrecedence = "string",
                },
            },
            ProfileSetting = new Panos.Inputs.SecurityPolicyRulesRuleProfileSettingArgs
            {
                Groups = new[]
                {
                    "string",
                },
                Profiles = new Panos.Inputs.SecurityPolicyRulesRuleProfileSettingProfilesArgs
                {
                    DataFilterings = new[]
                    {
                        "string",
                    },
                    FileBlockings = new[]
                    {
                        "string",
                    },
                    Gtps = new[]
                    {
                        "string",
                    },
                    Sctps = new[]
                    {
                        "string",
                    },
                    Spywares = new[]
                    {
                        "string",
                    },
                    UrlFilterings = new[]
                    {
                        "string",
                    },
                    Viri = new[]
                    {
                        "string",
                    },
                    Vulnerabilities = new[]
                    {
                        "string",
                    },
                    WildfireAnalyses = new[]
                    {
                        "string",
                    },
                },
            },
            Action = "string",
            RuleType = "string",
            Schedule = "string",
            Services = new[]
            {
                "string",
            },
            SourceAddresses = new[]
            {
                "string",
            },
            SourceHips = new[]
            {
                "string",
            },
            SourceImeis = new[]
            {
                "string",
            },
            SourceImsis = new[]
            {
                "string",
            },
            SourceNwSlices = new[]
            {
                "string",
            },
            SourceUsers = new[]
            {
                "string",
            },
            SourceZones = new[]
            {
                "string",
            },
            Tags = new[]
            {
                "string",
            },
            Target = new Panos.Inputs.SecurityPolicyRulesRuleTargetArgs
            {
                Devices = new[]
                {
                    new Panos.Inputs.SecurityPolicyRulesRuleTargetDeviceArgs
                    {
                        Name = "string",
                        Vsys = new[]
                        {
                            new Panos.Inputs.SecurityPolicyRulesRuleTargetDeviceVsyArgs
                            {
                                Name = "string",
                            },
                        },
                    },
                },
                Negate = false,
                Tags = new[]
                {
                    "string",
                },
            },
        },
    },
});
Copy
example, err := panos.NewSecurityPolicyRules(ctx, "securityPolicyRulesResource", &panos.SecurityPolicyRulesArgs{
Location: &.SecurityPolicyRulesLocationArgs{
DeviceGroup: &.SecurityPolicyRulesLocationDeviceGroupArgs{
Name: pulumi.String("string"),
PanoramaDevice: pulumi.String("string"),
Rulebase: pulumi.String("string"),
},
Shared: &.SecurityPolicyRulesLocationSharedArgs{
Rulebase: pulumi.String("string"),
},
Vsys: &.SecurityPolicyRulesLocationVsysArgs{
Name: pulumi.String("string"),
NgfwDevice: pulumi.String("string"),
},
},
Position: &.SecurityPolicyRulesPositionArgs{
Where: pulumi.String("string"),
Directly: pulumi.Bool(false),
Pivot: pulumi.String("string"),
},
Rules: .SecurityPolicyRulesRuleArray{
&.SecurityPolicyRulesRuleArgs{
Name: pulumi.String("string"),
NegateDestination: pulumi.Bool(false),
NegateSource: pulumi.Bool(false),
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationHips: pulumi.StringArray{
pulumi.String("string"),
},
DestinationZones: pulumi.StringArray{
pulumi.String("string"),
},
DisableInspect: pulumi.Bool(false),
DisableServerResponseInspection: pulumi.Bool(false),
Disabled: pulumi.Bool(false),
GroupTag: pulumi.String("string"),
IcmpUnreachable: pulumi.Bool(false),
LogEnd: pulumi.Bool(false),
LogSetting: pulumi.String("string"),
LogStart: pulumi.Bool(false),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Applications: pulumi.StringArray{
pulumi.String("string"),
},
Qos: &.SecurityPolicyRulesRuleQosArgs{
Marking: &.SecurityPolicyRulesRuleQosMarkingArgs{
FollowC2sFlow: &.SecurityPolicyRulesRuleQosMarkingFollowC2sFlowArgs{
},
IpDscp: pulumi.String("string"),
IpPrecedence: pulumi.String("string"),
},
},
ProfileSetting: &.SecurityPolicyRulesRuleProfileSettingArgs{
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Profiles: &.SecurityPolicyRulesRuleProfileSettingProfilesArgs{
DataFilterings: pulumi.StringArray{
pulumi.String("string"),
},
FileBlockings: pulumi.StringArray{
pulumi.String("string"),
},
Gtps: pulumi.StringArray{
pulumi.String("string"),
},
Sctps: pulumi.StringArray{
pulumi.String("string"),
},
Spywares: pulumi.StringArray{
pulumi.String("string"),
},
UrlFilterings: pulumi.StringArray{
pulumi.String("string"),
},
Viri: pulumi.StringArray{
pulumi.String("string"),
},
Vulnerabilities: pulumi.StringArray{
pulumi.String("string"),
},
WildfireAnalyses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Action: pulumi.String("string"),
RuleType: pulumi.String("string"),
Schedule: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceHips: pulumi.StringArray{
pulumi.String("string"),
},
SourceImeis: pulumi.StringArray{
pulumi.String("string"),
},
SourceImsis: pulumi.StringArray{
pulumi.String("string"),
},
SourceNwSlices: pulumi.StringArray{
pulumi.String("string"),
},
SourceUsers: pulumi.StringArray{
pulumi.String("string"),
},
SourceZones: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Target: &.SecurityPolicyRulesRuleTargetArgs{
Devices: .SecurityPolicyRulesRuleTargetDeviceArray{
&.SecurityPolicyRulesRuleTargetDeviceArgs{
Name: pulumi.String("string"),
Vsys: .SecurityPolicyRulesRuleTargetDeviceVsyArray{
&.SecurityPolicyRulesRuleTargetDeviceVsyArgs{
Name: pulumi.String("string"),
},
},
},
},
Negate: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
})
Copy
var securityPolicyRulesResource = new SecurityPolicyRules("securityPolicyRulesResource", SecurityPolicyRulesArgs.builder()
    .location(SecurityPolicyRulesLocationArgs.builder()
        .deviceGroup(SecurityPolicyRulesLocationDeviceGroupArgs.builder()
            .name("string")
            .panoramaDevice("string")
            .rulebase("string")
            .build())
        .shared(SecurityPolicyRulesLocationSharedArgs.builder()
            .rulebase("string")
            .build())
        .vsys(SecurityPolicyRulesLocationVsysArgs.builder()
            .name("string")
            .ngfwDevice("string")
            .build())
        .build())
    .position(SecurityPolicyRulesPositionArgs.builder()
        .where("string")
        .directly(false)
        .pivot("string")
        .build())
    .rules(SecurityPolicyRulesRuleArgs.builder()
        .name("string")
        .negateDestination(false)
        .negateSource(false)
        .description("string")
        .destinationAddresses("string")
        .destinationHips("string")
        .destinationZones("string")
        .disableInspect(false)
        .disableServerResponseInspection(false)
        .disabled(false)
        .groupTag("string")
        .icmpUnreachable(false)
        .logEnd(false)
        .logSetting("string")
        .logStart(false)
        .categories("string")
        .applications("string")
        .qos(SecurityPolicyRulesRuleQosArgs.builder()
            .marking(SecurityPolicyRulesRuleQosMarkingArgs.builder()
                .followC2sFlow()
                .ipDscp("string")
                .ipPrecedence("string")
                .build())
            .build())
        .profileSetting(SecurityPolicyRulesRuleProfileSettingArgs.builder()
            .groups("string")
            .profiles(SecurityPolicyRulesRuleProfileSettingProfilesArgs.builder()
                .dataFilterings("string")
                .fileBlockings("string")
                .gtps("string")
                .sctps("string")
                .spywares("string")
                .urlFilterings("string")
                .viri("string")
                .vulnerabilities("string")
                .wildfireAnalyses("string")
                .build())
            .build())
        .action("string")
        .ruleType("string")
        .schedule("string")
        .services("string")
        .sourceAddresses("string")
        .sourceHips("string")
        .sourceImeis("string")
        .sourceImsis("string")
        .sourceNwSlices("string")
        .sourceUsers("string")
        .sourceZones("string")
        .tags("string")
        .target(SecurityPolicyRulesRuleTargetArgs.builder()
            .devices(SecurityPolicyRulesRuleTargetDeviceArgs.builder()
                .name("string")
                .vsys(SecurityPolicyRulesRuleTargetDeviceVsyArgs.builder()
                    .name("string")
                    .build())
                .build())
            .negate(false)
            .tags("string")
            .build())
        .build())
    .build());
Copy
security_policy_rules_resource = panos.SecurityPolicyRules("securityPolicyRulesResource",
    location={
        "device_group": {
            "name": "string",
            "panorama_device": "string",
            "rulebase": "string",
        },
        "shared": {
            "rulebase": "string",
        },
        "vsys": {
            "name": "string",
            "ngfw_device": "string",
        },
    },
    position={
        "where": "string",
        "directly": False,
        "pivot": "string",
    },
    rules=[{
        "name": "string",
        "negate_destination": False,
        "negate_source": False,
        "description": "string",
        "destination_addresses": ["string"],
        "destination_hips": ["string"],
        "destination_zones": ["string"],
        "disable_inspect": False,
        "disable_server_response_inspection": False,
        "disabled": False,
        "group_tag": "string",
        "icmp_unreachable": False,
        "log_end": False,
        "log_setting": "string",
        "log_start": False,
        "categories": ["string"],
        "applications": ["string"],
        "qos": {
            "marking": {
                "follow_c2s_flow": {},
                "ip_dscp": "string",
                "ip_precedence": "string",
            },
        },
        "profile_setting": {
            "groups": ["string"],
            "profiles": {
                "data_filterings": ["string"],
                "file_blockings": ["string"],
                "gtps": ["string"],
                "sctps": ["string"],
                "spywares": ["string"],
                "url_filterings": ["string"],
                "viri": ["string"],
                "vulnerabilities": ["string"],
                "wildfire_analyses": ["string"],
            },
        },
        "action": "string",
        "rule_type": "string",
        "schedule": "string",
        "services": ["string"],
        "source_addresses": ["string"],
        "source_hips": ["string"],
        "source_imeis": ["string"],
        "source_imsis": ["string"],
        "source_nw_slices": ["string"],
        "source_users": ["string"],
        "source_zones": ["string"],
        "tags": ["string"],
        "target": {
            "devices": [{
                "name": "string",
                "vsys": [{
                    "name": "string",
                }],
            }],
            "negate": False,
            "tags": ["string"],
        },
    }])
Copy
const securityPolicyRulesResource = new panos.SecurityPolicyRules("securityPolicyRulesResource", {
    location: {
        deviceGroup: {
            name: "string",
            panoramaDevice: "string",
            rulebase: "string",
        },
        shared: {
            rulebase: "string",
        },
        vsys: {
            name: "string",
            ngfwDevice: "string",
        },
    },
    position: {
        where: "string",
        directly: false,
        pivot: "string",
    },
    rules: [{
        name: "string",
        negateDestination: false,
        negateSource: false,
        description: "string",
        destinationAddresses: ["string"],
        destinationHips: ["string"],
        destinationZones: ["string"],
        disableInspect: false,
        disableServerResponseInspection: false,
        disabled: false,
        groupTag: "string",
        icmpUnreachable: false,
        logEnd: false,
        logSetting: "string",
        logStart: false,
        categories: ["string"],
        applications: ["string"],
        qos: {
            marking: {
                followC2sFlow: {},
                ipDscp: "string",
                ipPrecedence: "string",
            },
        },
        profileSetting: {
            groups: ["string"],
            profiles: {
                dataFilterings: ["string"],
                fileBlockings: ["string"],
                gtps: ["string"],
                sctps: ["string"],
                spywares: ["string"],
                urlFilterings: ["string"],
                viri: ["string"],
                vulnerabilities: ["string"],
                wildfireAnalyses: ["string"],
            },
        },
        action: "string",
        ruleType: "string",
        schedule: "string",
        services: ["string"],
        sourceAddresses: ["string"],
        sourceHips: ["string"],
        sourceImeis: ["string"],
        sourceImsis: ["string"],
        sourceNwSlices: ["string"],
        sourceUsers: ["string"],
        sourceZones: ["string"],
        tags: ["string"],
        target: {
            devices: [{
                name: "string",
                vsys: [{
                    name: "string",
                }],
            }],
            negate: false,
            tags: ["string"],
        },
    }],
});
Copy
type: panos:SecurityPolicyRules
properties:
    location:
        deviceGroup:
            name: string
            panoramaDevice: string
            rulebase: string
        shared:
            rulebase: string
        vsys:
            name: string
            ngfwDevice: string
    position:
        directly: false
        pivot: string
        where: string
    rules:
        - action: string
          applications:
            - string
          categories:
            - string
          description: string
          destinationAddresses:
            - string
          destinationHips:
            - string
          destinationZones:
            - string
          disableInspect: false
          disableServerResponseInspection: false
          disabled: false
          groupTag: string
          icmpUnreachable: false
          logEnd: false
          logSetting: string
          logStart: false
          name: string
          negateDestination: false
          negateSource: false
          profileSetting:
            groups:
                - string
            profiles:
                dataFilterings:
                    - string
                fileBlockings:
                    - string
                gtps:
                    - string
                sctps:
                    - string
                spywares:
                    - string
                urlFilterings:
                    - string
                viri:
                    - string
                vulnerabilities:
                    - string
                wildfireAnalyses:
                    - string
          qos:
            marking:
                followC2sFlow: {}
                ipDscp: string
                ipPrecedence: string
          ruleType: string
          schedule: string
          services:
            - string
          sourceAddresses:
            - string
          sourceHips:
            - string
          sourceImeis:
            - string
          sourceImsis:
            - string
          sourceNwSlices:
            - string
          sourceUsers:
            - string
          sourceZones:
            - string
          tags:
            - string
          target:
            devices:
                - name: string
                  vsys:
                    - name: string
            negate: false
            tags:
                - string
Copy

SecurityPolicyRules Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityPolicyRules resource accepts the following input properties:

Location This property is required. SecurityPolicyRulesLocation
The location of this object.
Position This property is required. SecurityPolicyRulesPosition
Rules This property is required. List<SecurityPolicyRulesRule>
Location This property is required. SecurityPolicyRulesLocationArgs
The location of this object.
Position This property is required. SecurityPolicyRulesPositionArgs
Rules This property is required. []SecurityPolicyRulesRuleArgs
location This property is required. SecurityPolicyRulesLocation
The location of this object.
position This property is required. SecurityPolicyRulesPosition
rules This property is required. List<SecurityPolicyRulesRule>
location This property is required. SecurityPolicyRulesLocation
The location of this object.
position This property is required. SecurityPolicyRulesPosition
rules This property is required. SecurityPolicyRulesRule[]
location This property is required. SecurityPolicyRulesLocationArgs
The location of this object.
position This property is required. SecurityPolicyRulesPositionArgs
rules This property is required. Sequence[SecurityPolicyRulesRuleArgs]
location This property is required. Property Map
The location of this object.
position This property is required. Property Map
rules This property is required. List<Property Map>

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityPolicyRules resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing SecurityPolicyRules Resource

Get an existing SecurityPolicyRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityPolicyRulesState, opts?: CustomResourceOptions): SecurityPolicyRules
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        location: Optional[SecurityPolicyRulesLocationArgs] = None,
        position: Optional[SecurityPolicyRulesPositionArgs] = None,
        rules: Optional[Sequence[SecurityPolicyRulesRuleArgs]] = None) -> SecurityPolicyRules
func GetSecurityPolicyRules(ctx *Context, name string, id IDInput, state *SecurityPolicyRulesState, opts ...ResourceOption) (*SecurityPolicyRules, error)
public static SecurityPolicyRules Get(string name, Input<string> id, SecurityPolicyRulesState? state, CustomResourceOptions? opts = null)
public static SecurityPolicyRules get(String name, Output<String> id, SecurityPolicyRulesState state, CustomResourceOptions options)
resources:  _:    type: panos:SecurityPolicyRules    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

Supporting Types

SecurityPolicyRulesLocation
, SecurityPolicyRulesLocationArgs

DeviceGroup SecurityPolicyRulesLocationDeviceGroup
Located in a specific device group.
Shared SecurityPolicyRulesLocationShared
Located in a shared rulebase
Vsys SecurityPolicyRulesLocationVsys
Located in a specific vsys.
DeviceGroup SecurityPolicyRulesLocationDeviceGroup
Located in a specific device group.
Shared SecurityPolicyRulesLocationShared
Located in a shared rulebase
Vsys SecurityPolicyRulesLocationVsys
Located in a specific vsys.
deviceGroup SecurityPolicyRulesLocationDeviceGroup
Located in a specific device group.
shared SecurityPolicyRulesLocationShared
Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys
Located in a specific vsys.
deviceGroup SecurityPolicyRulesLocationDeviceGroup
Located in a specific device group.
shared SecurityPolicyRulesLocationShared
Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys
Located in a specific vsys.
device_group SecurityPolicyRulesLocationDeviceGroup
Located in a specific device group.
shared SecurityPolicyRulesLocationShared
Located in a shared rulebase
vsys SecurityPolicyRulesLocationVsys
Located in a specific vsys.
deviceGroup Property Map
Located in a specific device group.
shared Property Map
Located in a shared rulebase
vsys Property Map
Located in a specific vsys.

SecurityPolicyRulesLocationDeviceGroup
, SecurityPolicyRulesLocationDeviceGroupArgs

Name string
The device group.
PanoramaDevice string
The panorama device.
Rulebase string
The rulebase.
Name string
The device group.
PanoramaDevice string
The panorama device.
Rulebase string
The rulebase.
name String
The device group.
panoramaDevice String
The panorama device.
rulebase String
The rulebase.
name string
The device group.
panoramaDevice string
The panorama device.
rulebase string
The rulebase.
name str
The device group.
panorama_device str
The panorama device.
rulebase str
The rulebase.
name String
The device group.
panoramaDevice String
The panorama device.
rulebase String
The rulebase.

SecurityPolicyRulesLocationShared
, SecurityPolicyRulesLocationSharedArgs

Rulebase string
Rulebase name
Rulebase string
Rulebase name
rulebase String
Rulebase name
rulebase string
Rulebase name
rulebase str
Rulebase name
rulebase String
Rulebase name

SecurityPolicyRulesLocationVsys
, SecurityPolicyRulesLocationVsysArgs

Name string
The vsys name
NgfwDevice string
The NGFW device
Name string
The vsys name
NgfwDevice string
The NGFW device
name String
The vsys name
ngfwDevice String
The NGFW device
name string
The vsys name
ngfwDevice string
The NGFW device
name str
The vsys name
ngfw_device str
The NGFW device
name String
The vsys name
ngfwDevice String
The NGFW device

SecurityPolicyRulesPosition
, SecurityPolicyRulesPositionArgs

Where This property is required. string
Directly bool
Pivot string
Where This property is required. string
Directly bool
Pivot string
where This property is required. String
directly Boolean
pivot String
where This property is required. string
directly boolean
pivot string
where This property is required. str
directly bool
pivot str
where This property is required. String
directly Boolean
pivot String

SecurityPolicyRulesRule
, SecurityPolicyRulesRuleArgs

Name This property is required. string
Action string
Applications List<string>
Categories List<string>
Description string
DestinationAddresses List<string>
DestinationHips List<string>
DestinationZones List<string>
DisableInspect bool
DisableServerResponseInspection bool
Disable inspection of server side traffic
Disabled bool
Disable the rule
GroupTag string
IcmpUnreachable bool
Send ICMP unreachable error when action is drop or reset
LogEnd bool
Log at session end (required for certain ACC tables)
LogSetting string
LogStart bool
Log at session start
NegateDestination bool
NegateSource bool
ProfileSetting SecurityPolicyRulesRuleProfileSetting
Qos SecurityPolicyRulesRuleQos
RuleType string
Schedule string
Services List<string>
SourceAddresses List<string>
SourceHips List<string>
SourceImeis List<string>
SourceImsis List<string>
SourceNwSlices List<string>
SourceUsers List<string>
SourceZones List<string>
Tags List<string>
Target SecurityPolicyRulesRuleTarget
Name This property is required. string
Action string
Applications []string
Categories []string
Description string
DestinationAddresses []string
DestinationHips []string
DestinationZones []string
DisableInspect bool
DisableServerResponseInspection bool
Disable inspection of server side traffic
Disabled bool
Disable the rule
GroupTag string
IcmpUnreachable bool
Send ICMP unreachable error when action is drop or reset
LogEnd bool
Log at session end (required for certain ACC tables)
LogSetting string
LogStart bool
Log at session start
NegateDestination bool
NegateSource bool
ProfileSetting SecurityPolicyRulesRuleProfileSetting
Qos SecurityPolicyRulesRuleQos
RuleType string
Schedule string
Services []string
SourceAddresses []string
SourceHips []string
SourceImeis []string
SourceImsis []string
SourceNwSlices []string
SourceUsers []string
SourceZones []string
Tags []string
Target SecurityPolicyRulesRuleTarget
name This property is required. String
action String
applications List<String>
categories List<String>
description String
destinationAddresses List<String>
destinationHips List<String>
destinationZones List<String>
disableInspect Boolean
disableServerResponseInspection Boolean
Disable inspection of server side traffic
disabled Boolean
Disable the rule
groupTag String
icmpUnreachable Boolean
Send ICMP unreachable error when action is drop or reset
logEnd Boolean
Log at session end (required for certain ACC tables)
logSetting String
logStart Boolean
Log at session start
negateDestination Boolean
negateSource Boolean
profileSetting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
ruleType String
schedule String
services List<String>
sourceAddresses List<String>
sourceHips List<String>
sourceImeis List<String>
sourceImsis List<String>
sourceNwSlices List<String>
sourceUsers List<String>
sourceZones List<String>
tags List<String>
target SecurityPolicyRulesRuleTarget
name This property is required. string
action string
applications string[]
categories string[]
description string
destinationAddresses string[]
destinationHips string[]
destinationZones string[]
disableInspect boolean
disableServerResponseInspection boolean
Disable inspection of server side traffic
disabled boolean
Disable the rule
groupTag string
icmpUnreachable boolean
Send ICMP unreachable error when action is drop or reset
logEnd boolean
Log at session end (required for certain ACC tables)
logSetting string
logStart boolean
Log at session start
negateDestination boolean
negateSource boolean
profileSetting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
ruleType string
schedule string
services string[]
sourceAddresses string[]
sourceHips string[]
sourceImeis string[]
sourceImsis string[]
sourceNwSlices string[]
sourceUsers string[]
sourceZones string[]
tags string[]
target SecurityPolicyRulesRuleTarget
name This property is required. str
action str
applications Sequence[str]
categories Sequence[str]
description str
destination_addresses Sequence[str]
destination_hips Sequence[str]
destination_zones Sequence[str]
disable_inspect bool
disable_server_response_inspection bool
Disable inspection of server side traffic
disabled bool
Disable the rule
group_tag str
icmp_unreachable bool
Send ICMP unreachable error when action is drop or reset
log_end bool
Log at session end (required for certain ACC tables)
log_setting str
log_start bool
Log at session start
negate_destination bool
negate_source bool
profile_setting SecurityPolicyRulesRuleProfileSetting
qos SecurityPolicyRulesRuleQos
rule_type str
schedule str
services Sequence[str]
source_addresses Sequence[str]
source_hips Sequence[str]
source_imeis Sequence[str]
source_imsis Sequence[str]
source_nw_slices Sequence[str]
source_users Sequence[str]
source_zones Sequence[str]
tags Sequence[str]
target SecurityPolicyRulesRuleTarget
name This property is required. String
action String
applications List<String>
categories List<String>
description String
destinationAddresses List<String>
destinationHips List<String>
destinationZones List<String>
disableInspect Boolean
disableServerResponseInspection Boolean
Disable inspection of server side traffic
disabled Boolean
Disable the rule
groupTag String
icmpUnreachable Boolean
Send ICMP unreachable error when action is drop or reset
logEnd Boolean
Log at session end (required for certain ACC tables)
logSetting String
logStart Boolean
Log at session start
negateDestination Boolean
negateSource Boolean
profileSetting Property Map
qos Property Map
ruleType String
schedule String
services List<String>
sourceAddresses List<String>
sourceHips List<String>
sourceImeis List<String>
sourceImsis List<String>
sourceNwSlices List<String>
sourceUsers List<String>
sourceZones List<String>
tags List<String>
target Property Map

SecurityPolicyRulesRuleProfileSetting
, SecurityPolicyRulesRuleProfileSettingArgs

SecurityPolicyRulesRuleProfileSettingProfiles
, SecurityPolicyRulesRuleProfileSettingProfilesArgs

DataFilterings List<string>
FileBlockings List<string>
Gtps List<string>
Sctps List<string>
Spywares List<string>
UrlFilterings List<string>
Viri List<string>
Vulnerabilities List<string>
WildfireAnalyses List<string>
DataFilterings []string
FileBlockings []string
Gtps []string
Sctps []string
Spywares []string
UrlFilterings []string
Viri []string
Vulnerabilities []string
WildfireAnalyses []string
dataFilterings List<String>
fileBlockings List<String>
gtps List<String>
sctps List<String>
spywares List<String>
urlFilterings List<String>
viri List<String>
vulnerabilities List<String>
wildfireAnalyses List<String>
dataFilterings string[]
fileBlockings string[]
gtps string[]
sctps string[]
spywares string[]
urlFilterings string[]
viri string[]
vulnerabilities string[]
wildfireAnalyses string[]
data_filterings Sequence[str]
file_blockings Sequence[str]
gtps Sequence[str]
sctps Sequence[str]
spywares Sequence[str]
url_filterings Sequence[str]
viri Sequence[str]
vulnerabilities Sequence[str]
wildfire_analyses Sequence[str]
dataFilterings List<String>
fileBlockings List<String>
gtps List<String>
sctps List<String>
spywares List<String>
urlFilterings List<String>
viri List<String>
vulnerabilities List<String>
wildfireAnalyses List<String>

SecurityPolicyRulesRuleQos
, SecurityPolicyRulesRuleQosArgs

SecurityPolicyRulesRuleQosMarking
, SecurityPolicyRulesRuleQosMarkingArgs

followC2sFlow Property Map
ipDscp String
IP DSCP
ipPrecedence String
IP Precedence

SecurityPolicyRulesRuleTarget
, SecurityPolicyRulesRuleTargetArgs

Devices List<SecurityPolicyRulesRuleTargetDevice>
Negate bool
Target to all but these specified devices and tags
Tags List<string>
Devices []SecurityPolicyRulesRuleTargetDevice
Negate bool
Target to all but these specified devices and tags
Tags []string
devices List<SecurityPolicyRulesRuleTargetDevice>
negate Boolean
Target to all but these specified devices and tags
tags List<String>
devices SecurityPolicyRulesRuleTargetDevice[]
negate boolean
Target to all but these specified devices and tags
tags string[]
devices Sequence[SecurityPolicyRulesRuleTargetDevice]
negate bool
Target to all but these specified devices and tags
tags Sequence[str]
devices List<Property Map>
negate Boolean
Target to all but these specified devices and tags
tags List<String>

SecurityPolicyRulesRuleTargetDevice
, SecurityPolicyRulesRuleTargetDeviceArgs

Name This property is required. string
Vsys List<SecurityPolicyRulesRuleTargetDeviceVsy>
Name This property is required. string
Vsys []SecurityPolicyRulesRuleTargetDeviceVsy
name This property is required. String
vsys List<SecurityPolicyRulesRuleTargetDeviceVsy>
name This property is required. string
vsys SecurityPolicyRulesRuleTargetDeviceVsy[]
name This property is required. String
vsys List<Property Map>

SecurityPolicyRulesRuleTargetDeviceVsy
, SecurityPolicyRulesRuleTargetDeviceVsyArgs

Name This property is required. string
Name This property is required. string
name This property is required. String
name This property is required. string
name This property is required. str
name This property is required. String

Import

A set of rules can be imported by providing the following base64 encoded object as the ID

{

location = {

    device_group = {

    name = "example-device-group"

    rulebase = "pre-rulebase"

    panorama_device = "localhost.localdomain"

    }

}

position = { where = "after", directly = true, pivot = "rule-2" }

names = [

    "rule-8",

    "rule-9"

]

}

$ pulumi import panos:index/securityPolicyRules:SecurityPolicyRules example $(echo '{"location":{"device_group":{"name":"example-device-group","panorama_device":"localhost.localdomain","rulebase":"pre-rulebase"}},"names":["rule-8","rule-9"],"position":{"directly":true,"pivot":"rule-2","where":"after"}}' | base64)
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
panos paloaltonetworks/terraform-provider-panos
License
Notes
This Pulumi package is based on the panos Terraform Provider.