Docs Home
Cisco Catalyst SD-WAN v0.3.0 published on Friday, Mar 28, 2025 by Pulumi
sdwan.SecurityPolicy
Explore with Pulumi AI
This resource can manage a Security Policy .
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sdwan.SecurityPolicy;
import com.pulumi.sdwan.SecurityPolicyArgs;
import com.pulumi.sdwan.inputs.SecurityPolicyDefinitionArgs;
import com.pulumi.sdwan.inputs.SecurityPolicyLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityPolicy("example", SecurityPolicyArgs.builder()
.name("Example")
.description("Example")
.mode("security")
.useCase("custom")
.definitions(SecurityPolicyDefinitionArgs.builder()
.id("7d299c34-981c-4fb3-9167-6be44ab1691f")
.type("urlFiltering")
.build())
.failureMode("close")
.loggings(SecurityPolicyLoggingArgs.builder()
.external_syslog_server_ip("10.0.0.1")
.external_syslog_server_vpn("123")
.build())
.build());
}
}
resources:
example:
type: sdwan:SecurityPolicy
properties:
name: Example
description: Example
mode: security
useCase: custom
definitions:
- id: 7d299c34-981c-4fb3-9167-6be44ab1691f
type: urlFiltering
failureMode: close
loggings:
- external_syslog_server_ip: 10.0.0.1
external_syslog_server_vpn: '123'
Create SecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityPolicy(name: string, args: SecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def SecurityPolicy(resource_name: str,
args: SecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
definitions: Optional[Sequence[SecurityPolicyDefinitionArgs]] = None,
loggings: Optional[Sequence[SecurityPolicyLoggingArgs]] = None,
direct_internet_applications: Optional[str] = None,
failure_mode: Optional[str] = None,
high_speed_logging_server_ip: Optional[str] = None,
high_speed_logging_server_port: Optional[str] = None,
high_speed_logging_server_source_interface: Optional[str] = None,
high_speed_logging_vpn: Optional[str] = None,
imcp_unreachable_allow: Optional[bool] = None,
audit_trail: Optional[str] = None,
match_statistics_per_filter: Optional[str] = None,
max_incomplete_icmp_limit: Optional[int] = None,
max_incomplete_tcp_limit: Optional[int] = None,
max_incomplete_udp_limit: Optional[int] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
session_reclassify_allow: Optional[bool] = None,
tcp_syn_flood_limit: Optional[str] = None,
unified_logging: Optional[bool] = None,
use_case: Optional[str] = None)func NewSecurityPolicy(ctx *Context, name string, args SecurityPolicyArgs, opts ...ResourceOption) (*SecurityPolicy, error)public SecurityPolicy(string name, SecurityPolicyArgs args, CustomResourceOptions? opts = null)
public SecurityPolicy(String name, SecurityPolicyArgs args)
public SecurityPolicy(String name, SecurityPolicyArgs args, CustomResourceOptions options)
type: sdwan:SecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securityPolicyResource = new Sdwan.SecurityPolicy("securityPolicyResource", new()
{
Description = "string",
Definitions = new[]
{
new Sdwan.Inputs.SecurityPolicyDefinitionArgs
{
Id = "string",
Type = "string",
DestinationZone = "string",
SourceZone = "string",
Version = 0,
},
},
Loggings = new[]
{
new Sdwan.Inputs.SecurityPolicyLoggingArgs
{
ExternalSyslogServerIp = "string",
ExternalSyslogServerSourceInterface = "string",
ExternalSyslogServerVpn = "string",
},
},
DirectInternetApplications = "string",
FailureMode = "string",
HighSpeedLoggingServerIp = "string",
HighSpeedLoggingServerPort = "string",
HighSpeedLoggingServerSourceInterface = "string",
HighSpeedLoggingVpn = "string",
ImcpUnreachableAllow = false,
AuditTrail = "string",
MatchStatisticsPerFilter = "string",
MaxIncompleteIcmpLimit = 0,
MaxIncompleteTcpLimit = 0,
MaxIncompleteUdpLimit = 0,
Mode = "string",
Name = "string",
SessionReclassifyAllow = false,
TcpSynFloodLimit = "string",
UnifiedLogging = false,
UseCase = "string",
});
example, err := sdwan.NewSecurityPolicy(ctx, "securityPolicyResource", &sdwan.SecurityPolicyArgs{
Description: pulumi.String("string"),
Definitions: sdwan.SecurityPolicyDefinitionArray{
&sdwan.SecurityPolicyDefinitionArgs{
Id: pulumi.String("string"),
Type: pulumi.String("string"),
DestinationZone: pulumi.String("string"),
SourceZone: pulumi.String("string"),
Version: pulumi.Int(0),
},
},
Loggings: sdwan.SecurityPolicyLoggingArray{
&sdwan.SecurityPolicyLoggingArgs{
ExternalSyslogServerIp: pulumi.String("string"),
ExternalSyslogServerSourceInterface: pulumi.String("string"),
ExternalSyslogServerVpn: pulumi.String("string"),
},
},
DirectInternetApplications: pulumi.String("string"),
FailureMode: pulumi.String("string"),
HighSpeedLoggingServerIp: pulumi.String("string"),
HighSpeedLoggingServerPort: pulumi.String("string"),
HighSpeedLoggingServerSourceInterface: pulumi.String("string"),
HighSpeedLoggingVpn: pulumi.String("string"),
ImcpUnreachableAllow: pulumi.Bool(false),
AuditTrail: pulumi.String("string"),
MatchStatisticsPerFilter: pulumi.String("string"),
MaxIncompleteIcmpLimit: pulumi.Int(0),
MaxIncompleteTcpLimit: pulumi.Int(0),
MaxIncompleteUdpLimit: pulumi.Int(0),
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
SessionReclassifyAllow: pulumi.Bool(false),
TcpSynFloodLimit: pulumi.String("string"),
UnifiedLogging: pulumi.Bool(false),
UseCase: pulumi.String("string"),
})
var securityPolicyResource = new SecurityPolicy("securityPolicyResource", SecurityPolicyArgs.builder()
.description("string")
.definitions(SecurityPolicyDefinitionArgs.builder()
.id("string")
.type("string")
.destinationZone("string")
.sourceZone("string")
.version(0)
.build())
.loggings(SecurityPolicyLoggingArgs.builder()
.externalSyslogServerIp("string")
.externalSyslogServerSourceInterface("string")
.externalSyslogServerVpn("string")
.build())
.directInternetApplications("string")
.failureMode("string")
.highSpeedLoggingServerIp("string")
.highSpeedLoggingServerPort("string")
.highSpeedLoggingServerSourceInterface("string")
.highSpeedLoggingVpn("string")
.imcpUnreachableAllow(false)
.auditTrail("string")
.matchStatisticsPerFilter("string")
.maxIncompleteIcmpLimit(0)
.maxIncompleteTcpLimit(0)
.maxIncompleteUdpLimit(0)
.mode("string")
.name("string")
.sessionReclassifyAllow(false)
.tcpSynFloodLimit("string")
.unifiedLogging(false)
.useCase("string")
.build());
security_policy_resource = sdwan.SecurityPolicy("securityPolicyResource",
description="string",
definitions=[{
"id": "string",
"type": "string",
"destination_zone": "string",
"source_zone": "string",
"version": 0,
}],
loggings=[{
"external_syslog_server_ip": "string",
"external_syslog_server_source_interface": "string",
"external_syslog_server_vpn": "string",
}],
direct_internet_applications="string",
failure_mode="string",
high_speed_logging_server_ip="string",
high_speed_logging_server_port="string",
high_speed_logging_server_source_interface="string",
high_speed_logging_vpn="string",
imcp_unreachable_allow=False,
audit_trail="string",
match_statistics_per_filter="string",
max_incomplete_icmp_limit=0,
max_incomplete_tcp_limit=0,
max_incomplete_udp_limit=0,
mode="string",
name="string",
session_reclassify_allow=False,
tcp_syn_flood_limit="string",
unified_logging=False,
use_case="string")
const securityPolicyResource = new sdwan.SecurityPolicy("securityPolicyResource", {
description: "string",
definitions: [{
id: "string",
type: "string",
destinationZone: "string",
sourceZone: "string",
version: 0,
}],
loggings: [{
externalSyslogServerIp: "string",
externalSyslogServerSourceInterface: "string",
externalSyslogServerVpn: "string",
}],
directInternetApplications: "string",
failureMode: "string",
highSpeedLoggingServerIp: "string",
highSpeedLoggingServerPort: "string",
highSpeedLoggingServerSourceInterface: "string",
highSpeedLoggingVpn: "string",
imcpUnreachableAllow: false,
auditTrail: "string",
matchStatisticsPerFilter: "string",
maxIncompleteIcmpLimit: 0,
maxIncompleteTcpLimit: 0,
maxIncompleteUdpLimit: 0,
mode: "string",
name: "string",
sessionReclassifyAllow: false,
tcpSynFloodLimit: "string",
unifiedLogging: false,
useCase: "string",
});
type: sdwan:SecurityPolicy
properties:
auditTrail: string
definitions:
- destinationZone: string
id: string
sourceZone: string
type: string
version: 0
description: string
directInternetApplications: string
failureMode: string
highSpeedLoggingServerIp: string
highSpeedLoggingServerPort: string
highSpeedLoggingServerSourceInterface: string
highSpeedLoggingVpn: string
imcpUnreachableAllow: false
loggings:
- externalSyslogServerIp: string
externalSyslogServerSourceInterface: string
externalSyslogServerVpn: string
matchStatisticsPerFilter: string
maxIncompleteIcmpLimit: 0
maxIncompleteTcpLimit: 0
maxIncompleteUdpLimit: 0
mode: string
name: string
sessionReclassifyAllow: false
tcpSynFloodLimit: string
unifiedLogging: false
useCase: string
SecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityPolicy resource accepts the following input properties:
- Definitions
List<Security
Policy Definition> - List of policy definitions
- Description string
- The description of the security policy
- Audit
Trail string - Audit trail - Choices:
on,off - Direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - Failure
Mode string - Failure mode - Choices:
open,close - High
Speed stringLogging Server Ip - High Speed Logging Server IP
- High
Speed stringLogging Server Port - High Speed Logging Port
- High
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- High
Speed stringLogging Vpn - High Speed Logging VPN
- Imcp
Unreachable boolAllow - ICMP Unreachable Allow
- Loggings
List<Security
Policy Logging> - Match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - Max
Incomplete intIcmp Limit - Max Incomplete ICMP Limit
- Max
Incomplete intTcp Limit - Max Incomplete TCP Limit
- Max
Incomplete intUdp Limit - Max Incomplete UDP Limit
- Mode string
- The policy mode - Choices:
security,unified- Default value:security - Name string
- The name of the security policy
- Session
Reclassify boolAllow - Session Reclassify Allow
- Tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- Unified
Logging bool - Unified Logging
- Use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
- Definitions
[]Security
Policy Definition Args - List of policy definitions
- Description string
- The description of the security policy
- Audit
Trail string - Audit trail - Choices:
on,off - Direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - Failure
Mode string - Failure mode - Choices:
open,close - High
Speed stringLogging Server Ip - High Speed Logging Server IP
- High
Speed stringLogging Server Port - High Speed Logging Port
- High
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- High
Speed stringLogging Vpn - High Speed Logging VPN
- Imcp
Unreachable boolAllow - ICMP Unreachable Allow
- Loggings
[]Security
Policy Logging Args - Match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - Max
Incomplete intIcmp Limit - Max Incomplete ICMP Limit
- Max
Incomplete intTcp Limit - Max Incomplete TCP Limit
- Max
Incomplete intUdp Limit - Max Incomplete UDP Limit
- Mode string
- The policy mode - Choices:
security,unified- Default value:security - Name string
- The name of the security policy
- Session
Reclassify boolAllow - Session Reclassify Allow
- Tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- Unified
Logging bool - Unified Logging
- Use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
- definitions
List<Security
Policy Definition> - List of policy definitions
- description String
- The description of the security policy
- audit
Trail String - Audit trail - Choices:
on,off - direct
Internet StringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode String - Failure mode - Choices:
open,close - high
Speed StringLogging Server Ip - High Speed Logging Server IP
- high
Speed StringLogging Server Port - High Speed Logging Port
- high
Speed StringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed StringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable BooleanAllow - ICMP Unreachable Allow
- loggings
List<Security
Policy Logging> - match
Statistics StringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete IntegerIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete IntegerTcp Limit - Max Incomplete TCP Limit
- max
Incomplete IntegerUdp Limit - Max Incomplete UDP Limit
- mode String
- The policy mode - Choices:
security,unified- Default value:security - name String
- The name of the security policy
- session
Reclassify BooleanAllow - Session Reclassify Allow
- tcp
Syn StringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging Boolean - Unified Logging
- use
Case String - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
- definitions
Security
Policy Definition[] - List of policy definitions
- description string
- The description of the security policy
- audit
Trail string - Audit trail - Choices:
on,off - direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode string - Failure mode - Choices:
open,close - high
Speed stringLogging Server Ip - High Speed Logging Server IP
- high
Speed stringLogging Server Port - High Speed Logging Port
- high
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed stringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable booleanAllow - ICMP Unreachable Allow
- loggings
Security
Policy Logging[] - match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete numberIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete numberTcp Limit - Max Incomplete TCP Limit
- max
Incomplete numberUdp Limit - Max Incomplete UDP Limit
- mode string
- The policy mode - Choices:
security,unified- Default value:security - name string
- The name of the security policy
- session
Reclassify booleanAllow - Session Reclassify Allow
- tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging boolean - Unified Logging
- use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
- definitions
Sequence[Security
Policy Definition Args] - List of policy definitions
- description str
- The description of the security policy
- audit_
trail str - Audit trail - Choices:
on,off - direct_
internet_ strapplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure_
mode str - Failure mode - Choices:
open,close - high_
speed_ strlogging_ server_ ip - High Speed Logging Server IP
- high_
speed_ strlogging_ server_ port - High Speed Logging Port
- high_
speed_ strlogging_ server_ source_ interface - High Speed Logging Source Interface
- high_
speed_ strlogging_ vpn - High Speed Logging VPN
- imcp_
unreachable_ boolallow - ICMP Unreachable Allow
- loggings
Sequence[Security
Policy Logging Args] - match_
statistics_ strper_ filter - Match Statistics per-filter - Choices:
on,off - max_
incomplete_ inticmp_ limit - Max Incomplete ICMP Limit
- max_
incomplete_ inttcp_ limit - Max Incomplete TCP Limit
- max_
incomplete_ intudp_ limit - Max Incomplete UDP Limit
- mode str
- The policy mode - Choices:
security,unified- Default value:security - name str
- The name of the security policy
- session_
reclassify_ boolallow - Session Reclassify Allow
- tcp_
syn_ strflood_ limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified_
logging bool - Unified Logging
- use_
case str - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
- definitions List<Property Map>
- List of policy definitions
- description String
- The description of the security policy
- audit
Trail String - Audit trail - Choices:
on,off - direct
Internet StringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode String - Failure mode - Choices:
open,close - high
Speed StringLogging Server Ip - High Speed Logging Server IP
- high
Speed StringLogging Server Port - High Speed Logging Port
- high
Speed StringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed StringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable BooleanAllow - ICMP Unreachable Allow
- loggings List<Property Map>
- match
Statistics StringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete NumberIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete NumberTcp Limit - Max Incomplete TCP Limit
- max
Incomplete NumberUdp Limit - Max Incomplete UDP Limit
- mode String
- The policy mode - Choices:
security,unified- Default value:security - name String
- The name of the security policy
- session
Reclassify BooleanAllow - Session Reclassify Allow
- tcp
Syn StringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging Boolean - Unified Logging
- use
Case String - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityPolicy resource produces the following output properties:
Look up Existing SecurityPolicy Resource
Get an existing SecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityPolicyState, opts?: CustomResourceOptions): SecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
audit_trail: Optional[str] = None,
definitions: Optional[Sequence[SecurityPolicyDefinitionArgs]] = None,
description: Optional[str] = None,
direct_internet_applications: Optional[str] = None,
failure_mode: Optional[str] = None,
high_speed_logging_server_ip: Optional[str] = None,
high_speed_logging_server_port: Optional[str] = None,
high_speed_logging_server_source_interface: Optional[str] = None,
high_speed_logging_vpn: Optional[str] = None,
imcp_unreachable_allow: Optional[bool] = None,
loggings: Optional[Sequence[SecurityPolicyLoggingArgs]] = None,
match_statistics_per_filter: Optional[str] = None,
max_incomplete_icmp_limit: Optional[int] = None,
max_incomplete_tcp_limit: Optional[int] = None,
max_incomplete_udp_limit: Optional[int] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
session_reclassify_allow: Optional[bool] = None,
tcp_syn_flood_limit: Optional[str] = None,
unified_logging: Optional[bool] = None,
use_case: Optional[str] = None,
version: Optional[int] = None) -> SecurityPolicyfunc GetSecurityPolicy(ctx *Context, name string, id IDInput, state *SecurityPolicyState, opts ...ResourceOption) (*SecurityPolicy, error)public static SecurityPolicy Get(string name, Input<string> id, SecurityPolicyState? state, CustomResourceOptions? opts = null)public static SecurityPolicy get(String name, Output<String> id, SecurityPolicyState state, CustomResourceOptions options)resources: _: type: sdwan:SecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Audit
Trail string - Audit trail - Choices:
on,off - Definitions
List<Security
Policy Definition> - List of policy definitions
- Description string
- The description of the security policy
- Direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - Failure
Mode string - Failure mode - Choices:
open,close - High
Speed stringLogging Server Ip - High Speed Logging Server IP
- High
Speed stringLogging Server Port - High Speed Logging Port
- High
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- High
Speed stringLogging Vpn - High Speed Logging VPN
- Imcp
Unreachable boolAllow - ICMP Unreachable Allow
- Loggings
List<Security
Policy Logging> - Match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - Max
Incomplete intIcmp Limit - Max Incomplete ICMP Limit
- Max
Incomplete intTcp Limit - Max Incomplete TCP Limit
- Max
Incomplete intUdp Limit - Max Incomplete UDP Limit
- Mode string
- The policy mode - Choices:
security,unified- Default value:security - Name string
- The name of the security policy
- Session
Reclassify boolAllow - Session Reclassify Allow
- Tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- Unified
Logging bool - Unified Logging
- Use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - Version int
- The version of the object
- Audit
Trail string - Audit trail - Choices:
on,off - Definitions
[]Security
Policy Definition Args - List of policy definitions
- Description string
- The description of the security policy
- Direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - Failure
Mode string - Failure mode - Choices:
open,close - High
Speed stringLogging Server Ip - High Speed Logging Server IP
- High
Speed stringLogging Server Port - High Speed Logging Port
- High
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- High
Speed stringLogging Vpn - High Speed Logging VPN
- Imcp
Unreachable boolAllow - ICMP Unreachable Allow
- Loggings
[]Security
Policy Logging Args - Match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - Max
Incomplete intIcmp Limit - Max Incomplete ICMP Limit
- Max
Incomplete intTcp Limit - Max Incomplete TCP Limit
- Max
Incomplete intUdp Limit - Max Incomplete UDP Limit
- Mode string
- The policy mode - Choices:
security,unified- Default value:security - Name string
- The name of the security policy
- Session
Reclassify boolAllow - Session Reclassify Allow
- Tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- Unified
Logging bool - Unified Logging
- Use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - Version int
- The version of the object
- audit
Trail String - Audit trail - Choices:
on,off - definitions
List<Security
Policy Definition> - List of policy definitions
- description String
- The description of the security policy
- direct
Internet StringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode String - Failure mode - Choices:
open,close - high
Speed StringLogging Server Ip - High Speed Logging Server IP
- high
Speed StringLogging Server Port - High Speed Logging Port
- high
Speed StringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed StringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable BooleanAllow - ICMP Unreachable Allow
- loggings
List<Security
Policy Logging> - match
Statistics StringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete IntegerIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete IntegerTcp Limit - Max Incomplete TCP Limit
- max
Incomplete IntegerUdp Limit - Max Incomplete UDP Limit
- mode String
- The policy mode - Choices:
security,unified- Default value:security - name String
- The name of the security policy
- session
Reclassify BooleanAllow - Session Reclassify Allow
- tcp
Syn StringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging Boolean - Unified Logging
- use
Case String - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - version Integer
- The version of the object
- audit
Trail string - Audit trail - Choices:
on,off - definitions
Security
Policy Definition[] - List of policy definitions
- description string
- The description of the security policy
- direct
Internet stringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode string - Failure mode - Choices:
open,close - high
Speed stringLogging Server Ip - High Speed Logging Server IP
- high
Speed stringLogging Server Port - High Speed Logging Port
- high
Speed stringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed stringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable booleanAllow - ICMP Unreachable Allow
- loggings
Security
Policy Logging[] - match
Statistics stringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete numberIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete numberTcp Limit - Max Incomplete TCP Limit
- max
Incomplete numberUdp Limit - Max Incomplete UDP Limit
- mode string
- The policy mode - Choices:
security,unified- Default value:security - name string
- The name of the security policy
- session
Reclassify booleanAllow - Session Reclassify Allow
- tcp
Syn stringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging boolean - Unified Logging
- use
Case string - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - version number
- The version of the object
- audit_
trail str - Audit trail - Choices:
on,off - definitions
Sequence[Security
Policy Definition Args] - List of policy definitions
- description str
- The description of the security policy
- direct_
internet_ strapplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure_
mode str - Failure mode - Choices:
open,close - high_
speed_ strlogging_ server_ ip - High Speed Logging Server IP
- high_
speed_ strlogging_ server_ port - High Speed Logging Port
- high_
speed_ strlogging_ server_ source_ interface - High Speed Logging Source Interface
- high_
speed_ strlogging_ vpn - High Speed Logging VPN
- imcp_
unreachable_ boolallow - ICMP Unreachable Allow
- loggings
Sequence[Security
Policy Logging Args] - match_
statistics_ strper_ filter - Match Statistics per-filter - Choices:
on,off - max_
incomplete_ inticmp_ limit - Max Incomplete ICMP Limit
- max_
incomplete_ inttcp_ limit - Max Incomplete TCP Limit
- max_
incomplete_ intudp_ limit - Max Incomplete UDP Limit
- mode str
- The policy mode - Choices:
security,unified- Default value:security - name str
- The name of the security policy
- session_
reclassify_ boolallow - Session Reclassify Allow
- tcp_
syn_ strflood_ limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified_
logging bool - Unified Logging
- use_
case str - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - version int
- The version of the object
- audit
Trail String - Audit trail - Choices:
on,off - definitions List<Property Map>
- List of policy definitions
- description String
- The description of the security policy
- direct
Internet StringApplications - Bypass firewall policy and allow all Internet traffic to/from VPN 0 - Choices:
allow,deny - failure
Mode String - Failure mode - Choices:
open,close - high
Speed StringLogging Server Ip - High Speed Logging Server IP
- high
Speed StringLogging Server Port - High Speed Logging Port
- high
Speed StringLogging Server Source Interface - High Speed Logging Source Interface
- high
Speed StringLogging Vpn - High Speed Logging VPN
- imcp
Unreachable BooleanAllow - ICMP Unreachable Allow
- loggings List<Property Map>
- match
Statistics StringPer Filter - Match Statistics per-filter - Choices:
on,off - max
Incomplete NumberIcmp Limit - Max Incomplete ICMP Limit
- max
Incomplete NumberTcp Limit - Max Incomplete TCP Limit
- max
Incomplete NumberUdp Limit - Max Incomplete UDP Limit
- mode String
- The policy mode - Choices:
security,unified- Default value:security - name String
- The name of the security policy
- session
Reclassify BooleanAllow - Session Reclassify Allow
- tcp
Syn StringFlood Limit - TCP SYN Flood Limit, value from 1 to 4294967295
- unified
Logging Boolean - Unified Logging
- use
Case String - The use case of the security policy - Choices:
custom,compliance,guestAccess,directCloudAccess,directInternetAccess,directCloudAccess- Default value:custom - version Number
- The version of the object
Supporting Types
SecurityPolicyDefinition, SecurityPolicyDefinitionArgs
- Id string
- Policy definition ID
- Type string
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- Destination
Zone string - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - Source
Zone string - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - Version int
- Policy definition version
- Id string
- Policy definition ID
- Type string
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- Destination
Zone string - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - Source
Zone string - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - Version int
- Policy definition version
- id String
- Policy definition ID
- type String
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- destination
Zone String - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - source
Zone String - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - version Integer
- Policy definition version
- id string
- Policy definition ID
- type string
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- destination
Zone string - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - source
Zone string - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - version number
- Policy definition version
- id str
- Policy definition ID
- type str
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- destination_
zone str - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - source_
zone str - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - version int
- Policy definition version
- id String
- Policy definition ID
- type String
- Policy definition type
- Choices:
urlFiltering,zoneBasedFW,intrusionPrevention,sslDecryption,advancedMalwareProtection,dnsSecurity
- Choices:
- destination
Zone String - Destination Zone, Attribute conditional on
typebeing equal tozoneBasedFW - source
Zone String - Source Zone, Attribute conditional on
typebeing equal tozoneBasedFW - version Number
- Policy definition version
SecurityPolicyLogging, SecurityPolicyLoggingArgs
- External
Syslog stringServer Ip - External Syslog Server IP
- External
Syslog stringServer Source Interface - External Syslog Server Source Interface
- External
Syslog stringServer Vpn - External Syslog Server VPN
- External
Syslog stringServer Ip - External Syslog Server IP
- External
Syslog stringServer Source Interface - External Syslog Server Source Interface
- External
Syslog stringServer Vpn - External Syslog Server VPN
- external
Syslog StringServer Ip - External Syslog Server IP
- external
Syslog StringServer Source Interface - External Syslog Server Source Interface
- external
Syslog StringServer Vpn - External Syslog Server VPN
- external
Syslog stringServer Ip - External Syslog Server IP
- external
Syslog stringServer Source Interface - External Syslog Server Source Interface
- external
Syslog stringServer Vpn - External Syslog Server VPN
- external_
syslog_ strserver_ ip - External Syslog Server IP
- external_
syslog_ strserver_ source_ interface - External Syslog Server Source Interface
- external_
syslog_ strserver_ vpn - External Syslog Server VPN
- external
Syslog StringServer Ip - External Syslog Server IP
- external
Syslog StringServer Source Interface - External Syslog Server Source Interface
- external
Syslog StringServer Vpn - External Syslog Server VPN
Import
$ pulumi import sdwan:index/securityPolicy:SecurityPolicy example "f6b2c44c-693c-4763-b010-895aa3d236bd"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sdwan pulumi/pulumi-sdwan
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdwanTerraform Provider.