nsxt 3.8.0, Apr 14 25

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

nsxt.PolicyGatewayPolicy

Explore with Pulumi AI

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

Create PolicyGatewayPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new PolicyGatewayPolicy(name: string, args: PolicyGatewayPolicyArgs, opts?: CustomResourceOptions);

@overload
def PolicyGatewayPolicy(resource_name: str,
                        args: PolicyGatewayPolicyArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def PolicyGatewayPolicy(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        display_name: Optional[str] = None,
                        category: Optional[str] = None,
                        locked: Optional[bool] = None,
                        description: Optional[str] = None,
                        context: Optional[PolicyGatewayPolicyContextArgs] = None,
                        domain: Optional[str] = None,
                        comments: Optional[str] = None,
                        nsx_id: Optional[str] = None,
                        policy_gateway_policy_id: Optional[str] = None,
                        rules: Optional[Sequence[PolicyGatewayPolicyRuleArgs]] = None,
                        sequence_number: Optional[float] = None,
                        stateful: Optional[bool] = None,
                        tags: Optional[Sequence[PolicyGatewayPolicyTagArgs]] = None,
                        tcp_strict: Optional[bool] = None)

func NewPolicyGatewayPolicy(ctx *Context, name string, args PolicyGatewayPolicyArgs, opts ...ResourceOption) (*PolicyGatewayPolicy, error)

public PolicyGatewayPolicy(string name, PolicyGatewayPolicyArgs args, CustomResourceOptions? opts = null)

public PolicyGatewayPolicy(String name, PolicyGatewayPolicyArgs args)
public PolicyGatewayPolicy(String name, PolicyGatewayPolicyArgs args, CustomResourceOptions options)

type: nsxt:PolicyGatewayPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyGatewayPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyGatewayPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyGatewayPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyGatewayPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyGatewayPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var policyGatewayPolicyResource = new Nsxt.PolicyGatewayPolicy("policyGatewayPolicyResource", new()
{
    DisplayName = "string",
    Category = "string",
    Locked = false,
    Description = "string",
    Context = new Nsxt.Inputs.PolicyGatewayPolicyContextArgs
    {
        ProjectId = "string",
    },
    Domain = "string",
    Comments = "string",
    NsxId = "string",
    PolicyGatewayPolicyId = "string",
    Rules = new[]
    {
        new Nsxt.Inputs.PolicyGatewayPolicyRuleArgs
        {
            DisplayName = "string",
            Scopes = new[]
            {
                "string",
            },
            Notes = "string",
            NsxId = "string",
            Direction = "string",
            Disabled = false,
            DestinationGroups = new[]
            {
                "string",
            },
            IpVersion = "string",
            LogLabel = "string",
            Logged = false,
            Action = "string",
            DestinationsExcluded = false,
            Path = "string",
            Profiles = new[]
            {
                "string",
            },
            Revision = 0,
            RuleId = 0,
            Description = "string",
            SequenceNumber = 0,
            Services = new[]
            {
                "string",
            },
            SourceGroups = new[]
            {
                "string",
            },
            SourcesExcluded = false,
            Tags = new[]
            {
                new Nsxt.Inputs.PolicyGatewayPolicyRuleTagArgs
                {
                    Scope = "string",
                    Tag = "string",
                },
            },
        },
    },
    SequenceNumber = 0,
    Stateful = false,
    Tags = new[]
    {
        new Nsxt.Inputs.PolicyGatewayPolicyTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
    TcpStrict = false,
});

example, err := nsxt.NewPolicyGatewayPolicy(ctx, "policyGatewayPolicyResource", &nsxt.PolicyGatewayPolicyArgs{
	DisplayName: pulumi.String("string"),
	Category:    pulumi.String("string"),
	Locked:      pulumi.Bool(false),
	Description: pulumi.String("string"),
	Context: &nsxt.PolicyGatewayPolicyContextArgs{
		ProjectId: pulumi.String("string"),
	},
	Domain:                pulumi.String("string"),
	Comments:              pulumi.String("string"),
	NsxId:                 pulumi.String("string"),
	PolicyGatewayPolicyId: pulumi.String("string"),
	Rules: nsxt.PolicyGatewayPolicyRuleArray{
		&nsxt.PolicyGatewayPolicyRuleArgs{
			DisplayName: pulumi.String("string"),
			Scopes: pulumi.StringArray{
				pulumi.String("string"),
			},
			Notes:     pulumi.String("string"),
			NsxId:     pulumi.String("string"),
			Direction: pulumi.String("string"),
			Disabled:  pulumi.Bool(false),
			DestinationGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			IpVersion:            pulumi.String("string"),
			LogLabel:             pulumi.String("string"),
			Logged:               pulumi.Bool(false),
			Action:               pulumi.String("string"),
			DestinationsExcluded: pulumi.Bool(false),
			Path:                 pulumi.String("string"),
			Profiles: pulumi.StringArray{
				pulumi.String("string"),
			},
			Revision:       pulumi.Float64(0),
			RuleId:         pulumi.Float64(0),
			Description:    pulumi.String("string"),
			SequenceNumber: pulumi.Float64(0),
			Services: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourcesExcluded: pulumi.Bool(false),
			Tags: nsxt.PolicyGatewayPolicyRuleTagArray{
				&nsxt.PolicyGatewayPolicyRuleTagArgs{
					Scope: pulumi.String("string"),
					Tag:   pulumi.String("string"),
				},
			},
		},
	},
	SequenceNumber: pulumi.Float64(0),
	Stateful:       pulumi.Bool(false),
	Tags: nsxt.PolicyGatewayPolicyTagArray{
		&nsxt.PolicyGatewayPolicyTagArgs{
			Scope: pulumi.String("string"),
			Tag:   pulumi.String("string"),
		},
	},
	TcpStrict: pulumi.Bool(false),
})

var policyGatewayPolicyResource = new PolicyGatewayPolicy("policyGatewayPolicyResource", PolicyGatewayPolicyArgs.builder()
    .displayName("string")
    .category("string")
    .locked(false)
    .description("string")
    .context(PolicyGatewayPolicyContextArgs.builder()
        .projectId("string")
        .build())
    .domain("string")
    .comments("string")
    .nsxId("string")
    .policyGatewayPolicyId("string")
    .rules(PolicyGatewayPolicyRuleArgs.builder()
        .displayName("string")
        .scopes("string")
        .notes("string")
        .nsxId("string")
        .direction("string")
        .disabled(false)
        .destinationGroups("string")
        .ipVersion("string")
        .logLabel("string")
        .logged(false)
        .action("string")
        .destinationsExcluded(false)
        .path("string")
        .profiles("string")
        .revision(0)
        .ruleId(0)
        .description("string")
        .sequenceNumber(0)
        .services("string")
        .sourceGroups("string")
        .sourcesExcluded(false)
        .tags(PolicyGatewayPolicyRuleTagArgs.builder()
            .scope("string")
            .tag("string")
            .build())
        .build())
    .sequenceNumber(0)
    .stateful(false)
    .tags(PolicyGatewayPolicyTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .tcpStrict(false)
    .build());

policy_gateway_policy_resource = nsxt.PolicyGatewayPolicy("policyGatewayPolicyResource",
    display_name="string",
    category="string",
    locked=False,
    description="string",
    context={
        "project_id": "string",
    },
    domain="string",
    comments="string",
    nsx_id="string",
    policy_gateway_policy_id="string",
    rules=[{
        "display_name": "string",
        "scopes": ["string"],
        "notes": "string",
        "nsx_id": "string",
        "direction": "string",
        "disabled": False,
        "destination_groups": ["string"],
        "ip_version": "string",
        "log_label": "string",
        "logged": False,
        "action": "string",
        "destinations_excluded": False,
        "path": "string",
        "profiles": ["string"],
        "revision": 0,
        "rule_id": 0,
        "description": "string",
        "sequence_number": 0,
        "services": ["string"],
        "source_groups": ["string"],
        "sources_excluded": False,
        "tags": [{
            "scope": "string",
            "tag": "string",
        }],
    }],
    sequence_number=0,
    stateful=False,
    tags=[{
        "scope": "string",
        "tag": "string",
    }],
    tcp_strict=False)

const policyGatewayPolicyResource = new nsxt.PolicyGatewayPolicy("policyGatewayPolicyResource", {
    displayName: "string",
    category: "string",
    locked: false,
    description: "string",
    context: {
        projectId: "string",
    },
    domain: "string",
    comments: "string",
    nsxId: "string",
    policyGatewayPolicyId: "string",
    rules: [{
        displayName: "string",
        scopes: ["string"],
        notes: "string",
        nsxId: "string",
        direction: "string",
        disabled: false,
        destinationGroups: ["string"],
        ipVersion: "string",
        logLabel: "string",
        logged: false,
        action: "string",
        destinationsExcluded: false,
        path: "string",
        profiles: ["string"],
        revision: 0,
        ruleId: 0,
        description: "string",
        sequenceNumber: 0,
        services: ["string"],
        sourceGroups: ["string"],
        sourcesExcluded: false,
        tags: [{
            scope: "string",
            tag: "string",
        }],
    }],
    sequenceNumber: 0,
    stateful: false,
    tags: [{
        scope: "string",
        tag: "string",
    }],
    tcpStrict: false,
});

type: nsxt:PolicyGatewayPolicy
properties:
    category: string
    comments: string
    context:
        projectId: string
    description: string
    displayName: string
    domain: string
    locked: false
    nsxId: string
    policyGatewayPolicyId: string
    rules:
        - action: string
          description: string
          destinationGroups:
            - string
          destinationsExcluded: false
          direction: string
          disabled: false
          displayName: string
          ipVersion: string
          logLabel: string
          logged: false
          notes: string
          nsxId: string
          path: string
          profiles:
            - string
          revision: 0
          ruleId: 0
          scopes:
            - string
          sequenceNumber: 0
          services:
            - string
          sourceGroups:
            - string
          sourcesExcluded: false
          tags:
            - scope: string
              tag: string
    sequenceNumber: 0
    stateful: false
    tags:
        - scope: string
          tag: string
    tcpStrict: false

PolicyGatewayPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyGatewayPolicy resource accepts the following input properties:

Category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
DisplayName string: Display name of the resource.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context PolicyGatewayPolicyContext: The context which the object belongs to
Description string: Description of the resource.
Domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
PolicyGatewayPolicyId string: ID of the Security Policy.
Rules List<PolicyGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber double: An int value used to resolve conflicts between security policies across domains
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags List<PolicyGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

Category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
DisplayName string: Display name of the resource.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context PolicyGatewayPolicyContextArgs: The context which the object belongs to
Description string: Description of the resource.
Domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
PolicyGatewayPolicyId string: ID of the Security Policy.
Rules []PolicyGatewayPolicyRuleArgs: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber float64: An int value used to resolve conflicts between security policies across domains
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags []PolicyGatewayPolicyTagArgs: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category String: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
displayName String: Display name of the resource.
comments String: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContext: The context which the object belongs to
description String: Description of the resource.
domain String: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
policyGatewayPolicyId String: ID of the Security Policy.
rules List<PolicyGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Double: An int value used to resolve conflicts between security policies across domains
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<PolicyGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
displayName string: Display name of the resource.
comments string: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContext: The context which the object belongs to
description string: Description of the resource.
domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
policyGatewayPolicyId string: ID of the Security Policy.
rules PolicyGatewayPolicyRule[]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber number: An int value used to resolve conflicts between security policies across domains
stateful boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags PolicyGatewayPolicyTag[]: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category str: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
display_name str: Display name of the resource.
comments str: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContextArgs: The context which the object belongs to
description str: Description of the resource.
domain str: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
policy_gateway_policy_id str: ID of the Security Policy.
rules Sequence[PolicyGatewayPolicyRuleArgs]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequence_number float: An int value used to resolve conflicts between security policies across domains
stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags Sequence[PolicyGatewayPolicyTagArgs]: A list of scope + tag pairs to associate with this Gateway Policy.
tcp_strict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category String: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
displayName String: Display name of the resource.
comments String: Comments for this Gateway Policy including lock/unlock comments.
context Property Map: The context which the object belongs to
description String: Description of the resource.
domain String: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
policyGatewayPolicyId String: ID of the Security Policy.
rules List<Property Map>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Number: An int value used to resolve conflicts between security policies across domains
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<Property Map>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyGatewayPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id str: The provider-assigned unique ID for this managed resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Look up Existing PolicyGatewayPolicy Resource

Get an existing PolicyGatewayPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: PolicyGatewayPolicyState, opts?: CustomResourceOptions): PolicyGatewayPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        category: Optional[str] = None,
        comments: Optional[str] = None,
        context: Optional[PolicyGatewayPolicyContextArgs] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        domain: Optional[str] = None,
        locked: Optional[bool] = None,
        nsx_id: Optional[str] = None,
        path: Optional[str] = None,
        policy_gateway_policy_id: Optional[str] = None,
        revision: Optional[float] = None,
        rules: Optional[Sequence[PolicyGatewayPolicyRuleArgs]] = None,
        sequence_number: Optional[float] = None,
        stateful: Optional[bool] = None,
        tags: Optional[Sequence[PolicyGatewayPolicyTagArgs]] = None,
        tcp_strict: Optional[bool] = None) -> PolicyGatewayPolicy

func GetPolicyGatewayPolicy(ctx *Context, name string, id IDInput, state *PolicyGatewayPolicyState, opts ...ResourceOption) (*PolicyGatewayPolicy, error)

public static PolicyGatewayPolicy Get(string name, Input<string> id, PolicyGatewayPolicyState? state, CustomResourceOptions? opts = null)

public static PolicyGatewayPolicy get(String name, Output<String> id, PolicyGatewayPolicyState state, CustomResourceOptions options)

resources:  _:    type: nsxt:PolicyGatewayPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context PolicyGatewayPolicyContext: The context which the object belongs to
Description string: Description of the resource.
DisplayName string: Display name of the resource.
Domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
PolicyGatewayPolicyId string: ID of the Security Policy.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules List<PolicyGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber double: An int value used to resolve conflicts between security policies across domains
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags List<PolicyGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

Category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context PolicyGatewayPolicyContextArgs: The context which the object belongs to
Description string: Description of the resource.
DisplayName string: Display name of the resource.
Domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
PolicyGatewayPolicyId string: ID of the Security Policy.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules []PolicyGatewayPolicyRuleArgs: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber float64: An int value used to resolve conflicts between security policies across domains
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags []PolicyGatewayPolicyTagArgs: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category String: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
comments String: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContext: The context which the object belongs to
description String: Description of the resource.
displayName String: Display name of the resource.
domain String: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
policyGatewayPolicyId String: ID of the Security Policy.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<PolicyGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Double: An int value used to resolve conflicts between security policies across domains
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<PolicyGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category string: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
comments string: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContext: The context which the object belongs to
description string: Description of the resource.
displayName string: Display name of the resource.
domain string: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path string: The NSX path of the policy resource.
policyGatewayPolicyId string: ID of the Security Policy.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules PolicyGatewayPolicyRule[]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber number: An int value used to resolve conflicts between security policies across domains
stateful boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags PolicyGatewayPolicyTag[]: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category str: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
comments str: Comments for this Gateway Policy including lock/unlock comments.
context PolicyGatewayPolicyContextArgs: The context which the object belongs to
description str: Description of the resource.
display_name str: Display name of the resource.
domain str: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path str: The NSX path of the policy resource.
policy_gateway_policy_id str: ID of the Security Policy.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules Sequence[PolicyGatewayPolicyRuleArgs]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequence_number float: An int value used to resolve conflicts between security policies across domains
stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags Sequence[PolicyGatewayPolicyTagArgs]: A list of scope + tag pairs to associate with this Gateway Policy.
tcp_strict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

category String: The category to use for priority of this Gateway Policy. For local manager must be one of: Emergency, SystemRules, SharedPreRules, LocalGatewayRules, AutoServiceRules and Default. For global manager must be SharedPreRules or LocalGatewayRules.
comments String: Comments for this Gateway Policy including lock/unlock comments.
context Property Map: The context which the object belongs to
description String: Description of the resource.
displayName String: Display name of the resource.
domain String: The domain to use for the Gateway Policy. This domain must already exist. For VMware Cloud on AWS use cgw.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
policyGatewayPolicyId String: ID of the Security Policy.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<Property Map>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Number: An int value used to resolve conflicts between security policies across domains
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<Property Map>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.

Supporting Types

PolicyGatewayPolicyContext
, PolicyGatewayPolicyContextArgs

ProjectId string: The ID of the project which the object belongs to

ProjectId string: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

projectId string: The ID of the project which the object belongs to

project_id str: The ID of the project which the object belongs to

projectId String: The ID of the project which the object belongs to

PolicyGatewayPolicyRule
, PolicyGatewayPolicyRuleArgs

DisplayName string: Display name of the resource.
Scopes List<string>: List of policy paths where the rule is applied.
Action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: A boolean flag to enable packet logging.
Notes string: Text for additional notes on changes for the rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Profiles List<string>: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.
SequenceNumber double: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services List<string>: List of services to match.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: Negation of source groups
Tags List<PolicyGatewayPolicyRuleTag>: A list of scope + tag pairs to associate with this Rule.

DisplayName string: Display name of the resource.
Scopes []string: List of policy paths where the rule is applied.
Action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: A boolean flag to enable packet logging.
Notes string: Text for additional notes on changes for the rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Profiles []string: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.
SequenceNumber float64: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services []string: List of services to match.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool: Negation of source groups
Tags []PolicyGatewayPolicyRuleTag: A list of scope + tag pairs to associate with this Rule.

displayName String: Display name of the resource.
scopes List<String>: List of policy paths where the rule is applied.
action String: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: A boolean flag to enable packet logging.
notes String: Text for additional notes on changes for the rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
profiles List<String>: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.
sequenceNumber Double: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>: List of services to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: Negation of source groups
tags List<PolicyGatewayPolicyRuleTag>: A list of scope + tag pairs to associate with this Rule.

displayName string: Display name of the resource.
scopes string[]: List of policy paths where the rule is applied.
action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded boolean: A boolean value indicating negation of destination groups.
direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel string: Additional information (string) which will be propagated to the rule syslog.
logged boolean: A boolean flag to enable packet logging.
notes string: Text for additional notes on changes for the rule.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path string: The NSX path of the policy resource.
profiles string[]: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.
sequenceNumber number: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services string[]: List of services to match.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded boolean: Negation of source groups
tags PolicyGatewayPolicyRuleTag[]: A list of scope + tag pairs to associate with this Rule.

display_name str: Display name of the resource.
scopes Sequence[str]: List of policy paths where the rule is applied.
action str: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinations_excluded bool: A boolean value indicating negation of destination groups.
direction str: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
ip_version str: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
log_label str: Additional information (string) which will be propagated to the rule syslog.
logged bool: A boolean flag to enable packet logging.
notes str: Text for additional notes on changes for the rule.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path str: The NSX path of the policy resource.
profiles Sequence[str]: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.
sequence_number float: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services Sequence[str]: List of services to match.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sources_excluded bool: Negation of source groups
tags Sequence[PolicyGatewayPolicyRuleTag]: A list of scope + tag pairs to associate with this Rule.

displayName String: Display name of the resource.
scopes List<String>: List of policy paths where the rule is applied.
action String: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: A boolean flag to enable packet logging.
notes String: Text for additional notes on changes for the rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
profiles List<String>: A list of context profiles for the rule. Note: due to platform issue, this setting is only supported with NSX 3.2 onwards.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.
sequenceNumber Number: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>: List of services to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean: Negation of source groups
tags List<Property Map>: A list of scope + tag pairs to associate with this Rule.

PolicyGatewayPolicyRuleTag
, PolicyGatewayPolicyRuleTagArgs

Scope string: List of policy paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

Scope string: List of policy paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope String: List of policy paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

scope string: List of policy paths where the rule is applied.
tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope str: List of policy paths where the rule is applied.
tag str: A list of scope + tag pairs to associate with this Gateway Policy.

scope String: List of policy paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

PolicyGatewayPolicyTag
, PolicyGatewayPolicyTagArgs

Scope string: List of policy paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

Scope string: List of policy paths where the rule is applied.
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope String: List of policy paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

scope string: List of policy paths where the rule is applied.
tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope str: List of policy paths where the rule is applied.
tag str: A list of scope + tag pairs to associate with this Gateway Policy.

scope String: List of policy paths where the rule is applied.
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

Package Details

Repository: nsxt vmware/terraform-provider-nsxt
License
Notes: This Pulumi package is based on the nsxt Terraform Provider.

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-nsxt

nsxt.PolicyGatewayPolicy

On this page

On this page

Create PolicyGatewayPolicy Resource

Constructor syntax

Parameters

Constructor example

PolicyGatewayPolicy Resource Properties

Inputs

Outputs

Look up Existing PolicyGatewayPolicy Resource

Supporting Types

PolicyGatewayPolicyContext
, PolicyGatewayPolicyContextArgs

PolicyGatewayPolicyRule
, PolicyGatewayPolicyRuleArgs

PolicyGatewayPolicyRuleTag
, PolicyGatewayPolicyRuleTagArgs

PolicyGatewayPolicyTag
, PolicyGatewayPolicyTagArgs

Package Details

On this page

On this page

nsxt.PolicyGatewayPolicy

On this page

On this page

Create PolicyGatewayPolicy Resource

Constructor syntax

Parameters

Constructor example

PolicyGatewayPolicy Resource Properties

Inputs

Outputs

Look up Existing PolicyGatewayPolicy Resource

Supporting Types

PolicyGatewayPolicyContext, PolicyGatewayPolicyContextArgs

PolicyGatewayPolicyRule, PolicyGatewayPolicyRuleArgs

PolicyGatewayPolicyRuleTag, PolicyGatewayPolicyRuleTagArgs

PolicyGatewayPolicyTag, PolicyGatewayPolicyTagArgs

Package Details

On this page

On this page

PolicyGatewayPolicyContext
, PolicyGatewayPolicyContextArgs

PolicyGatewayPolicyRule
, PolicyGatewayPolicyRuleArgs

PolicyGatewayPolicyRuleTag
, PolicyGatewayPolicyRuleTagArgs

PolicyGatewayPolicyTag
, PolicyGatewayPolicyTagArgs