Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Create PolicyIntrusionServicePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyIntrusionServicePolicy(name: string, args: PolicyIntrusionServicePolicyArgs, opts?: CustomResourceOptions);@overload
def PolicyIntrusionServicePolicy(resource_name: str,
args: PolicyIntrusionServicePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyIntrusionServicePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
category: Optional[str] = None,
comments: Optional[str] = None,
context: Optional[PolicyIntrusionServicePolicyContextArgs] = None,
description: Optional[str] = None,
domain: Optional[str] = None,
locked: Optional[bool] = None,
nsx_id: Optional[str] = None,
policy_intrusion_service_policy_id: Optional[str] = None,
rules: Optional[Sequence[PolicyIntrusionServicePolicyRuleArgs]] = None,
sequence_number: Optional[float] = None,
tags: Optional[Sequence[PolicyIntrusionServicePolicyTagArgs]] = None)func NewPolicyIntrusionServicePolicy(ctx *Context, name string, args PolicyIntrusionServicePolicyArgs, opts ...ResourceOption) (*PolicyIntrusionServicePolicy, error)public PolicyIntrusionServicePolicy(string name, PolicyIntrusionServicePolicyArgs args, CustomResourceOptions? opts = null)
public PolicyIntrusionServicePolicy(String name, PolicyIntrusionServicePolicyArgs args)
public PolicyIntrusionServicePolicy(String name, PolicyIntrusionServicePolicyArgs args, CustomResourceOptions options)
type: nsxt:PolicyIntrusionServicePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "nsxt_policyintrusionservicepolicy" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args PolicyIntrusionServicePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyIntrusionServicePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyIntrusionServicePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyIntrusionServicePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyIntrusionServicePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyIntrusionServicePolicyResource = new Nsxt.PolicyIntrusionServicePolicy("policyIntrusionServicePolicyResource", new()
{
DisplayName = "string",
Category = "string",
Comments = "string",
Context = new Nsxt.Inputs.PolicyIntrusionServicePolicyContextArgs
{
ProjectId = "string",
},
Description = "string",
Domain = "string",
Locked = false,
NsxId = "string",
PolicyIntrusionServicePolicyId = "string",
Rules = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleArgs
{
DisplayName = "string",
IdsProfiles = new[]
{
"string",
},
NsxId = "string",
Logged = false,
Direction = "string",
Disabled = false,
DestinationGroups = new[]
{
"string",
},
Description = "string",
IpVersion = "string",
Path = "string",
Oversubscription = "string",
Notes = "string",
DestinationsExcluded = false,
Action = "string",
LogLabel = "string",
Profiles = new[]
{
"string",
},
Revision = 0,
RuleId = 0,
Scopes = new[]
{
"string",
},
SequenceNumber = 0,
ServiceEntries = new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesArgs
{
AlgorithmEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs
{
Algorithm = "string",
DestinationPort = "string",
Description = "string",
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
EtherTypeEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs
{
EtherType = 0,
Description = "string",
DisplayName = "string",
},
},
IcmpEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs
{
Protocol = "string",
Description = "string",
DisplayName = "string",
IcmpCode = "string",
IcmpType = "string",
},
},
IgmpEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs
{
Description = "string",
DisplayName = "string",
},
},
IpProtocolEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs
{
Protocol = 0,
Description = "string",
DisplayName = "string",
},
},
L4PortSetEntries = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs
{
Protocol = "string",
Description = "string",
DestinationPorts = new[]
{
"string",
},
DisplayName = "string",
SourcePorts = new[]
{
"string",
},
},
},
},
Services = new[]
{
"string",
},
SourceGroups = new[]
{
"string",
},
SourcesExcluded = false,
Tags = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyRuleTagArgs
{
Scope = "string",
Tag = "string",
},
},
},
},
SequenceNumber = 0,
Tags = new[]
{
new Nsxt.Inputs.PolicyIntrusionServicePolicyTagArgs
{
Scope = "string",
Tag = "string",
},
},
});
example, err := nsxt.NewPolicyIntrusionServicePolicy(ctx, "policyIntrusionServicePolicyResource", &nsxt.PolicyIntrusionServicePolicyArgs{
DisplayName: pulumi.String("string"),
Category: pulumi.String("string"),
Comments: pulumi.String("string"),
Context: &nsxt.PolicyIntrusionServicePolicyContextArgs{
ProjectId: pulumi.String("string"),
},
Description: pulumi.String("string"),
Domain: pulumi.String("string"),
Locked: pulumi.Bool(false),
NsxId: pulumi.String("string"),
PolicyIntrusionServicePolicyId: pulumi.String("string"),
Rules: nsxt.PolicyIntrusionServicePolicyRuleTypeArray{
&nsxt.PolicyIntrusionServicePolicyRuleTypeArgs{
DisplayName: pulumi.String("string"),
IdsProfiles: pulumi.StringArray{
pulumi.String("string"),
},
NsxId: pulumi.String("string"),
Logged: pulumi.Bool(false),
Direction: pulumi.String("string"),
Disabled: pulumi.Bool(false),
DestinationGroups: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
IpVersion: pulumi.String("string"),
Path: pulumi.String("string"),
Oversubscription: pulumi.String("string"),
Notes: pulumi.String("string"),
DestinationsExcluded: pulumi.Bool(false),
Action: pulumi.String("string"),
LogLabel: pulumi.String("string"),
Profiles: pulumi.StringArray{
pulumi.String("string"),
},
Revision: pulumi.Float64(0),
RuleId: pulumi.Float64(0),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SequenceNumber: pulumi.Float64(0),
ServiceEntries: &nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesArgs{
AlgorithmEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs{
Algorithm: pulumi.String("string"),
DestinationPort: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EtherTypeEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs{
EtherType: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IcmpEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
IcmpCode: pulumi.String("string"),
IcmpType: pulumi.String("string"),
},
},
IgmpEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs{
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
IpProtocolEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs{
Protocol: pulumi.Float64(0),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
L4PortSetEntries: nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArray{
&nsxt.PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs{
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
SourcePorts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceGroups: pulumi.StringArray{
pulumi.String("string"),
},
SourcesExcluded: pulumi.Bool(false),
Tags: nsxt.PolicyIntrusionServicePolicyRuleTagArray{
&nsxt.PolicyIntrusionServicePolicyRuleTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
},
},
SequenceNumber: pulumi.Float64(0),
Tags: nsxt.PolicyIntrusionServicePolicyTagArray{
&nsxt.PolicyIntrusionServicePolicyTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
})
resource "nsxt_policyintrusionservicepolicy" "policyIntrusionServicePolicyResource" {
display_name = "string"
category = "string"
comments = "string"
context = {
project_id = "string"
}
description = "string"
domain = "string"
locked = false
nsx_id = "string"
policy_intrusion_service_policy_id = "string"
rules {
display_name = "string"
ids_profiles = ["string"]
nsx_id = "string"
logged = false
direction = "string"
disabled = false
destination_groups = ["string"]
description = "string"
ip_version = "string"
path = "string"
oversubscription = "string"
notes = "string"
destinations_excluded = false
action = "string"
log_label = "string"
profiles = ["string"]
revision = 0
rule_id = 0
scopes = ["string"]
sequence_number = 0
service_entries = {
algorithm_entries = [{
"algorithm" = "string"
"destinationPort" = "string"
"description" = "string"
"displayName" = "string"
"sourcePorts" = ["string"]
}]
ether_type_entries = [{
"etherType" = 0
"description" = "string"
"displayName" = "string"
}]
icmp_entries = [{
"protocol" = "string"
"description" = "string"
"displayName" = "string"
"icmpCode" = "string"
"icmpType" = "string"
}]
igmp_entries = [{
"description" = "string"
"displayName" = "string"
}]
ip_protocol_entries = [{
"protocol" = 0
"description" = "string"
"displayName" = "string"
}]
l4_port_set_entries = [{
"protocol" = "string"
"description" = "string"
"destinationPorts" = ["string"]
"displayName" = "string"
"sourcePorts" = ["string"]
}]
}
services = ["string"]
source_groups = ["string"]
sources_excluded = false
tags {
scope = "string"
tag = "string"
}
}
sequence_number = 0
tags {
scope = "string"
tag = "string"
}
}
var policyIntrusionServicePolicyResource = new PolicyIntrusionServicePolicy("policyIntrusionServicePolicyResource", PolicyIntrusionServicePolicyArgs.builder()
.displayName("string")
.category("string")
.comments("string")
.context(PolicyIntrusionServicePolicyContextArgs.builder()
.projectId("string")
.build())
.description("string")
.domain("string")
.locked(false)
.nsxId("string")
.policyIntrusionServicePolicyId("string")
.rules(PolicyIntrusionServicePolicyRuleArgs.builder()
.displayName("string")
.idsProfiles("string")
.nsxId("string")
.logged(false)
.direction("string")
.disabled(false)
.destinationGroups("string")
.description("string")
.ipVersion("string")
.path("string")
.oversubscription("string")
.notes("string")
.destinationsExcluded(false)
.action("string")
.logLabel("string")
.profiles("string")
.revision(0.0)
.ruleId(0.0)
.scopes("string")
.sequenceNumber(0.0)
.serviceEntries(PolicyIntrusionServicePolicyRuleServiceEntriesArgs.builder()
.algorithmEntries(PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs.builder()
.algorithm("string")
.destinationPort("string")
.description("string")
.displayName("string")
.sourcePorts("string")
.build())
.etherTypeEntries(PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs.builder()
.etherType(0.0)
.description("string")
.displayName("string")
.build())
.icmpEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs.builder()
.protocol("string")
.description("string")
.displayName("string")
.icmpCode("string")
.icmpType("string")
.build())
.igmpEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs.builder()
.description("string")
.displayName("string")
.build())
.ipProtocolEntries(PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs.builder()
.protocol(0.0)
.description("string")
.displayName("string")
.build())
.l4PortSetEntries(PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs.builder()
.protocol("string")
.description("string")
.destinationPorts("string")
.displayName("string")
.sourcePorts("string")
.build())
.build())
.services("string")
.sourceGroups("string")
.sourcesExcluded(false)
.tags(PolicyIntrusionServicePolicyRuleTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build())
.sequenceNumber(0.0)
.tags(PolicyIntrusionServicePolicyTagArgs.builder()
.scope("string")
.tag("string")
.build())
.build());
policy_intrusion_service_policy_resource = nsxt.PolicyIntrusionServicePolicy("policyIntrusionServicePolicyResource",
display_name="string",
category="string",
comments="string",
context={
"project_id": "string",
},
description="string",
domain="string",
locked=False,
nsx_id="string",
policy_intrusion_service_policy_id="string",
rules=[{
"display_name": "string",
"ids_profiles": ["string"],
"nsx_id": "string",
"logged": False,
"direction": "string",
"disabled": False,
"destination_groups": ["string"],
"description": "string",
"ip_version": "string",
"path": "string",
"oversubscription": "string",
"notes": "string",
"destinations_excluded": False,
"action": "string",
"log_label": "string",
"profiles": ["string"],
"revision": float(0),
"rule_id": float(0),
"scopes": ["string"],
"sequence_number": float(0),
"service_entries": {
"algorithm_entries": [{
"algorithm": "string",
"destination_port": "string",
"description": "string",
"display_name": "string",
"source_ports": ["string"],
}],
"ether_type_entries": [{
"ether_type": float(0),
"description": "string",
"display_name": "string",
}],
"icmp_entries": [{
"protocol": "string",
"description": "string",
"display_name": "string",
"icmp_code": "string",
"icmp_type": "string",
}],
"igmp_entries": [{
"description": "string",
"display_name": "string",
}],
"ip_protocol_entries": [{
"protocol": float(0),
"description": "string",
"display_name": "string",
}],
"l4_port_set_entries": [{
"protocol": "string",
"description": "string",
"destination_ports": ["string"],
"display_name": "string",
"source_ports": ["string"],
}],
},
"services": ["string"],
"source_groups": ["string"],
"sources_excluded": False,
"tags": [{
"scope": "string",
"tag": "string",
}],
}],
sequence_number=float(0),
tags=[{
"scope": "string",
"tag": "string",
}])
const policyIntrusionServicePolicyResource = new nsxt.PolicyIntrusionServicePolicy("policyIntrusionServicePolicyResource", {
displayName: "string",
category: "string",
comments: "string",
context: {
projectId: "string",
},
description: "string",
domain: "string",
locked: false,
nsxId: "string",
policyIntrusionServicePolicyId: "string",
rules: [{
displayName: "string",
idsProfiles: ["string"],
nsxId: "string",
logged: false,
direction: "string",
disabled: false,
destinationGroups: ["string"],
description: "string",
ipVersion: "string",
path: "string",
oversubscription: "string",
notes: "string",
destinationsExcluded: false,
action: "string",
logLabel: "string",
profiles: ["string"],
revision: 0,
ruleId: 0,
scopes: ["string"],
sequenceNumber: 0,
serviceEntries: {
algorithmEntries: [{
algorithm: "string",
destinationPort: "string",
description: "string",
displayName: "string",
sourcePorts: ["string"],
}],
etherTypeEntries: [{
etherType: 0,
description: "string",
displayName: "string",
}],
icmpEntries: [{
protocol: "string",
description: "string",
displayName: "string",
icmpCode: "string",
icmpType: "string",
}],
igmpEntries: [{
description: "string",
displayName: "string",
}],
ipProtocolEntries: [{
protocol: 0,
description: "string",
displayName: "string",
}],
l4PortSetEntries: [{
protocol: "string",
description: "string",
destinationPorts: ["string"],
displayName: "string",
sourcePorts: ["string"],
}],
},
services: ["string"],
sourceGroups: ["string"],
sourcesExcluded: false,
tags: [{
scope: "string",
tag: "string",
}],
}],
sequenceNumber: 0,
tags: [{
scope: "string",
tag: "string",
}],
});
type: nsxt:PolicyIntrusionServicePolicy
properties:
category: string
comments: string
context:
projectId: string
description: string
displayName: string
domain: string
locked: false
nsxId: string
policyIntrusionServicePolicyId: string
rules:
- action: string
description: string
destinationGroups:
- string
destinationsExcluded: false
direction: string
disabled: false
displayName: string
idsProfiles:
- string
ipVersion: string
logLabel: string
logged: false
notes: string
nsxId: string
oversubscription: string
path: string
profiles:
- string
revision: 0
ruleId: 0
scopes:
- string
sequenceNumber: 0
serviceEntries:
algorithmEntries:
- algorithm: string
description: string
destinationPort: string
displayName: string
sourcePorts:
- string
etherTypeEntries:
- description: string
displayName: string
etherType: 0
icmpEntries:
- description: string
displayName: string
icmpCode: string
icmpType: string
protocol: string
igmpEntries:
- description: string
displayName: string
ipProtocolEntries:
- description: string
displayName: string
protocol: 0
l4PortSetEntries:
- description: string
destinationPorts:
- string
displayName: string
protocol: string
sourcePorts:
- string
services:
- string
sourceGroups:
- string
sourcesExcluded: false
tags:
- scope: string
tag: string
sequenceNumber: 0
tags:
- scope: string
tag: string
PolicyIntrusionServicePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyIntrusionServicePolicy resource accepts the following input properties:
- Display
Name string - Display name of the resource.
- Category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - Comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- Context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- Description string
- Description of the resource.
- Domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - Locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- Rules
List<Policy
Intrusion Service Policy Rule> - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- Sequence
Number double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. -
List<Policy
Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Display
Name string - Display name of the resource.
- Category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - Comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- Context
Policy
Intrusion Service Policy Context Args - The context which the object belongs to
- Description string
- Description of the resource.
- Domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - Locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- Rules
[]Policy
Intrusion Service Policy Rule Type Args - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- Sequence
Number float64 - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. -
[]Policy
Intrusion Service Policy Tag Args - A list of scope + tag pairs to associate with this policy.
- display_
name string - Display name of the resource.
- category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context object
- The context which the object belongs to
- description string
- Description of the resource.
- domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx_
id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- policy_
intrusion_ stringservice_ policy_ id - ID of the IDS Policy.
- rules list(object)
- A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence_
number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - list(object)
- A list of scope + tag pairs to associate with this policy.
- display
Name String - Display name of the resource.
- category String
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments String
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- description String
- Description of the resource.
- domain String
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked Boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- policy
Intrusion StringService Policy Id - ID of the IDS Policy.
- rules
List<Policy
Intrusion Service Policy Rule> - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number Double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. -
List<Policy
Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- display
Name string - Display name of the resource.
- category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- description string
- Description of the resource.
- domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- rules
Policy
Intrusion Service Policy Rule[] - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. -
Policy
Intrusion Service Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- display_
name str - Display name of the resource.
- category str
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments str
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context Args - The context which the object belongs to
- description str
- Description of the resource.
- domain str
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx_
id str - The NSX ID of this resource. If set, this ID will be used to create the resource.
- policy_
intrusion_ strservice_ policy_ id - ID of the IDS Policy.
- rules
Sequence[Policy
Intrusion Service Policy Rule Args] - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence_
number float - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. -
Sequence[Policy
Intrusion Service Policy Tag Args] - A list of scope + tag pairs to associate with this policy.
- display
Name String - Display name of the resource.
- category String
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments String
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context Property Map
- The context which the object belongs to
- description String
- Description of the resource.
- domain String
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked Boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- policy
Intrusion StringService Policy Id - ID of the IDS Policy.
- rules List<Property Map>
- A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number Number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - List<Property Map>
- A list of scope + tag pairs to associate with this policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyIntrusionServicePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- The NSX policy path for this rule.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- The NSX policy path for this rule.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- id string
- The provider-assigned unique ID for this managed resource.
- path string
- The NSX policy path for this rule.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- The NSX policy path for this rule.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- stateful Boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- id string
- The provider-assigned unique ID for this managed resource.
- path string
- The NSX policy path for this rule.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- stateful boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- id str
- The provider-assigned unique ID for this managed resource.
- path str
- The NSX policy path for this rule.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- The NSX policy path for this rule.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- stateful Boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true.
Look up Existing PolicyIntrusionServicePolicy Resource
Get an existing PolicyIntrusionServicePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyIntrusionServicePolicyState, opts?: CustomResourceOptions): PolicyIntrusionServicePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
category: Optional[str] = None,
comments: Optional[str] = None,
context: Optional[PolicyIntrusionServicePolicyContextArgs] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
domain: Optional[str] = None,
locked: Optional[bool] = None,
nsx_id: Optional[str] = None,
path: Optional[str] = None,
policy_intrusion_service_policy_id: Optional[str] = None,
revision: Optional[float] = None,
rules: Optional[Sequence[PolicyIntrusionServicePolicyRuleArgs]] = None,
sequence_number: Optional[float] = None,
stateful: Optional[bool] = None,
tags: Optional[Sequence[PolicyIntrusionServicePolicyTagArgs]] = None) -> PolicyIntrusionServicePolicyfunc GetPolicyIntrusionServicePolicy(ctx *Context, name string, id IDInput, state *PolicyIntrusionServicePolicyState, opts ...ResourceOption) (*PolicyIntrusionServicePolicy, error)public static PolicyIntrusionServicePolicy Get(string name, Input<string> id, PolicyIntrusionServicePolicyState? state, CustomResourceOptions? opts = null)public static PolicyIntrusionServicePolicy get(String name, Output<String> id, PolicyIntrusionServicePolicyState state, CustomResourceOptions options)resources: _: type: nsxt:PolicyIntrusionServicePolicy get: id: ${id}import {
to = nsxt_policyintrusionservicepolicy.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - Comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- Context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - Locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Path string
- The NSX policy path for this rule.
- Policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rules
List<Policy
Intrusion Service Policy Rule> - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- Sequence
Number double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - Stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. -
List<Policy
Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- Category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - Comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- Context
Policy
Intrusion Service Policy Context Args - The context which the object belongs to
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - Locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Path string
- The NSX policy path for this rule.
- Policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rules
[]Policy
Intrusion Service Policy Rule Type Args - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- Sequence
Number float64 - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - Stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. -
[]Policy
Intrusion Service Policy Tag Args - A list of scope + tag pairs to associate with this policy.
- category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context object
- The context which the object belongs to
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx_
id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- path string
- The NSX policy path for this rule.
- policy_
intrusion_ stringservice_ policy_ id - ID of the IDS Policy.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules list(object)
- A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence_
number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. - list(object)
- A list of scope + tag pairs to associate with this policy.
- category String
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments String
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- domain String
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked Boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- path String
- The NSX policy path for this rule.
- policy
Intrusion StringService Policy Id - ID of the IDS Policy.
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
List<Policy
Intrusion Service Policy Rule> - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number Double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - stateful Boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. -
List<Policy
Intrusion Service Policy Tag> - A list of scope + tag pairs to associate with this policy.
- category string
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments string
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context - The context which the object belongs to
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- domain string
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- path string
- The NSX policy path for this rule.
- policy
Intrusion stringService Policy Id - ID of the IDS Policy.
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
Policy
Intrusion Service Policy Rule[] - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - stateful boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. -
Policy
Intrusion Service Policy Tag[] - A list of scope + tag pairs to associate with this policy.
- category str
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments str
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context
Policy
Intrusion Service Policy Context Args - The context which the object belongs to
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- domain str
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked bool
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx_
id str - The NSX ID of this resource. If set, this ID will be used to create the resource.
- path str
- The NSX policy path for this rule.
- policy_
intrusion_ strservice_ policy_ id - ID of the IDS Policy.
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules
Sequence[Policy
Intrusion Service Policy Rule Args] - A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence_
number float - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - stateful bool
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. -
Sequence[Policy
Intrusion Service Policy Tag Args] - A list of scope + tag pairs to associate with this policy.
- category String
- Category of this policy. Must be one of:
ThreatRulesorEmergencyThreatRules. Default isThreatRules. - comments String
- Comments for this Intrusion Service Policy including lock/unlock comments.
- context Property Map
- The context which the object belongs to
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- domain String
- The domain to use for the resource. This domain must already exist. If not specified, this field is default to
default. - locked Boolean
- A boolean value indicating if the policy is locked. If locked, no other users can update the resource. Default is
false. - nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- path String
- The NSX policy path for this rule.
- policy
Intrusion StringService Policy Id - ID of the IDS Policy.
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rules List<Property Map>
- A repeatable block to specify rules for the Policy. Each rule includes the following fields:
- sequence
Number Number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - stateful Boolean
- A boolean value indicating if this Policy is stateful. Intrusion Service Policies are always stateful as they require connection state tracking for proper intrusion detection and prevention. This field is read-only and always returns
true. - List<Property Map>
- A list of scope + tag pairs to associate with this policy.
Supporting Types
PolicyIntrusionServicePolicyContext, PolicyIntrusionServicePolicyContextArgs
- Project
Id string - The ID of the project which the object belongs to
- Project
Id string - The ID of the project which the object belongs to
- project_
id string - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
- project
Id string - The ID of the project which the object belongs to
- project_
id str - The ID of the project which the object belongs to
- project
Id String - The ID of the project which the object belongs to
PolicyIntrusionServicePolicyRule, PolicyIntrusionServicePolicyRuleArgs
- Display
Name string - Display name of the resource.
- Ids
Profiles List<string> - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- Action string
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - Description string
- Description of the resource.
- Destination
Groups List<string> - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - Destinations
Excluded bool - A boolean value indicating negation of destination groups. Default is
false. - Direction string
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Default is
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog for this rule.
- Logged bool
- A boolean flag to enable packet logging. Default is
false. - Notes string
- Text for additional notes on changes for this rule.
- Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Oversubscription string
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - Path string
- The NSX policy path for this rule.
- Profiles List<string>
- List of profiles
- Revision double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id double - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes List<string>
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- Sequence
Number double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - Service
Entries PolicyIntrusion Service Policy Rule Service Entries - List of services to match
- Services List<string>
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - Source
Groups List<string> - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - Sources
Excluded bool - A boolean value indicating negation of source groups. Default is
false. -
List<Policy
Intrusion Service Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- Display
Name string - Display name of the resource.
- Ids
Profiles []string - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- Action string
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - Description string
- Description of the resource.
- Destination
Groups []string - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - Destinations
Excluded bool - A boolean value indicating negation of destination groups. Default is
false. - Direction string
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - Disabled bool
- A boolean value to indicate the rule is disabled. Default is
false. - Ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - Log
Label string - Additional information (string) which will be propagated to the rule syslog for this rule.
- Logged bool
- A boolean flag to enable packet logging. Default is
false. - Notes string
- Text for additional notes on changes for this rule.
- Nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- Oversubscription string
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - Path string
- The NSX policy path for this rule.
- Profiles []string
- List of profiles
- Revision float64
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- Rule
Id float64 - Unique positive number that is assigned by the system and is useful for debugging.
- Scopes []string
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- Sequence
Number float64 - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - Service
Entries PolicyIntrusion Service Policy Rule Service Entries - List of services to match
- Services []string
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - Source
Groups []string - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - Sources
Excluded bool - A boolean value indicating negation of source groups. Default is
false. -
[]Policy
Intrusion Service Policy Rule Tag - A list of scope + tag pairs to associate with this Rule.
- display_
name string - Display name of the resource.
- ids_
profiles list(string) - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- action string
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - description string
- Description of the resource.
- destination_
groups list(string) - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - destinations_
excluded bool - A boolean value indicating negation of destination groups. Default is
false. - direction string
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - disabled bool
- A boolean value to indicate the rule is disabled. Default is
false. - ip_
version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - log_
label string - Additional information (string) which will be propagated to the rule syslog for this rule.
- logged bool
- A boolean flag to enable packet logging. Default is
false. - notes string
- Text for additional notes on changes for this rule.
- nsx_
id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- oversubscription string
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - path string
- The NSX policy path for this rule.
- profiles list(string)
- List of profiles
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule_
id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes list(string)
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- sequence_
number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - service_
entries object - List of services to match
- services list(string)
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - source_
groups list(string) - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - sources_
excluded bool - A boolean value indicating negation of source groups. Default is
false. - list(object)
- A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- ids
Profiles List<String> - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- action String
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - destinations
Excluded Boolean - A boolean value indicating negation of destination groups. Default is
false. - direction String
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Default is
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog for this rule.
- logged Boolean
- A boolean flag to enable packet logging. Default is
false. - notes String
- Text for additional notes on changes for this rule.
- nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- oversubscription String
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - path String
- The NSX policy path for this rule.
- profiles List<String>
- List of profiles
- revision Double
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Double - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- sequence
Number Double - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - service
Entries PolicyIntrusion Service Policy Rule Service Entries - List of services to match
- services List<String>
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - source
Groups List<String> - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - sources
Excluded Boolean - A boolean value indicating negation of source groups. Default is
false. -
List<Policy
Intrusion Service Policy Rule Tag> - A list of scope + tag pairs to associate with this Rule.
- display
Name string - Display name of the resource.
- ids
Profiles string[] - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- action string
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - description string
- Description of the resource.
- destination
Groups string[] - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - destinations
Excluded boolean - A boolean value indicating negation of destination groups. Default is
false. - direction string
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - disabled boolean
- A boolean value to indicate the rule is disabled. Default is
false. - ip
Version string - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - log
Label string - Additional information (string) which will be propagated to the rule syslog for this rule.
- logged boolean
- A boolean flag to enable packet logging. Default is
false. - notes string
- Text for additional notes on changes for this rule.
- nsx
Id string - The NSX ID of this resource. If set, this ID will be used to create the resource.
- oversubscription string
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - path string
- The NSX policy path for this rule.
- profiles string[]
- List of profiles
- revision number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes string[]
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- sequence
Number number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - service
Entries PolicyIntrusion Service Policy Rule Service Entries - List of services to match
- services string[]
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - source
Groups string[] - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - sources
Excluded boolean - A boolean value indicating negation of source groups. Default is
false. -
Policy
Intrusion Service Policy Rule Tag[] - A list of scope + tag pairs to associate with this Rule.
- display_
name str - Display name of the resource.
- ids_
profiles Sequence[str] - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- action str
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - description str
- Description of the resource.
- destination_
groups Sequence[str] - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - destinations_
excluded bool - A boolean value indicating negation of destination groups. Default is
false. - direction str
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - disabled bool
- A boolean value to indicate the rule is disabled. Default is
false. - ip_
version str - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - log_
label str - Additional information (string) which will be propagated to the rule syslog for this rule.
- logged bool
- A boolean flag to enable packet logging. Default is
false. - notes str
- Text for additional notes on changes for this rule.
- nsx_
id str - The NSX ID of this resource. If set, this ID will be used to create the resource.
- oversubscription str
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - path str
- The NSX policy path for this rule.
- profiles Sequence[str]
- List of profiles
- revision float
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule_
id float - Unique positive number that is assigned by the system and is useful for debugging.
- scopes Sequence[str]
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- sequence_
number float - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - service_
entries PolicyIntrusion Service Policy Rule Service Entries - List of services to match
- services Sequence[str]
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - source_
groups Sequence[str] - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - sources_
excluded bool - A boolean value indicating negation of source groups. Default is
false. -
Sequence[Policy
Intrusion Service Policy Rule Tag] - A list of scope + tag pairs to associate with this Rule.
- display
Name String - Display name of the resource.
- ids
Profiles List<String> - Set of IDS profile paths for this rule. These profiles define the intrusion detection signatures to be applied.
- action String
- Rule action, one of
DETECT,DETECT_PREVENT,EXEMPT. Default isDETECT. Note:EXEMPTis only supported from NSX version 9.1.0 onwards. - description String
- Description of the resource.
- destination
Groups List<String> - Set of group paths that serve as the destination for this rule. An empty set can be used to specify
ANY. Default isANY. - destinations
Excluded Boolean - A boolean value indicating negation of destination groups. Default is
false. - direction String
- The traffic direction for the rule. Must be one of:
IN,OUTorIN_OUT. Default isIN_OUT. - disabled Boolean
- A boolean value to indicate the rule is disabled. Default is
false. - ip
Version String - The IP Protocol for the rule. Must be one of:
IPV4,IPV6orIPV4_IPV6. Default isIPV4_IPV6. - log
Label String - Additional information (string) which will be propagated to the rule syslog for this rule.
- logged Boolean
- A boolean flag to enable packet logging. Default is
false. - notes String
- Text for additional notes on changes for this rule.
- nsx
Id String - The NSX ID of this resource. If set, this ID will be used to create the resource.
- oversubscription String
- Action to take when IDPS engine is oversubscribed. One of
BYPASSED,DROPPEDorINHERIT_GLOBAL. Default isINHERIT_GLOBAL.BYPASSED: Traffic bypasses IDPS when oversubscribed.DROPPED: Traffic is dropped when oversubscribed.INHERIT_GLOBAL: Inherit the behavior from the global IDPS settings. - path String
- The NSX policy path for this rule.
- profiles List<String>
- List of profiles
- revision Number
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
- rule
Id Number - Unique positive number that is assigned by the system and is useful for debugging.
- scopes List<String>
- Set of policy object paths where the rule is applied for East-West traffic inspection.
- sequence
Number Number - An int value used to resolve conflicts between intrusion service policies across domains. Default is
0. - service
Entries Property Map - List of services to match
- services List<String>
- Set of service paths to match for this rule. An empty set can be used to specify
ANY. Default isANY. - source
Groups List<String> - Set of group paths that serve as the source for this rule. An empty set can be used to specify
ANY. Default isANY. - sources
Excluded Boolean - A boolean value indicating negation of source groups. Default is
false. - List<Property Map>
- A list of scope + tag pairs to associate with this Rule.
PolicyIntrusionServicePolicyRuleServiceEntries, PolicyIntrusionServicePolicyRuleServiceEntriesArgs
- Algorithm
Entries List<PolicyIntrusion Service Policy Rule Service Entries Algorithm Entry> - Algorithm type service entry
- Ether
Type List<PolicyEntries Intrusion Service Policy Rule Service Entries Ether Type Entry> - Ether type service entry
- Icmp
Entries List<PolicyIntrusion Service Policy Rule Service Entries Icmp Entry> - ICMP type service entry
- Igmp
Entries List<PolicyIntrusion Service Policy Rule Service Entries Igmp Entry> - IGMP type service entry
- Ip
Protocol List<PolicyEntries Intrusion Service Policy Rule Service Entries Ip Protocol Entry> - IP Protocol type service entry
- L4Port
Set List<PolicyEntries Intrusion Service Policy Rule Service Entries L4Port Set Entry> - L4 port set type service entry
- Algorithm
Entries []PolicyIntrusion Service Policy Rule Service Entries Algorithm Entry - Algorithm type service entry
- Ether
Type []PolicyEntries Intrusion Service Policy Rule Service Entries Ether Type Entry - Ether type service entry
- Icmp
Entries []PolicyIntrusion Service Policy Rule Service Entries Icmp Entry - ICMP type service entry
- Igmp
Entries []PolicyIntrusion Service Policy Rule Service Entries Igmp Entry - IGMP type service entry
- Ip
Protocol []PolicyEntries Intrusion Service Policy Rule Service Entries Ip Protocol Entry - IP Protocol type service entry
- L4Port
Set []PolicyEntries Intrusion Service Policy Rule Service Entries L4Port Set Entry - L4 port set type service entry
- algorithm_
entries list(object) - Algorithm type service entry
- ether_
type_ list(object)entries - Ether type service entry
- icmp_
entries list(object) - ICMP type service entry
- igmp_
entries list(object) - IGMP type service entry
- ip_
protocol_ list(object)entries - IP Protocol type service entry
- l4_
port_ list(object)set_ entries - L4 port set type service entry
- algorithm
Entries List<PolicyIntrusion Service Policy Rule Service Entries Algorithm Entry> - Algorithm type service entry
- ether
Type List<PolicyEntries Intrusion Service Policy Rule Service Entries Ether Type Entry> - Ether type service entry
- icmp
Entries List<PolicyIntrusion Service Policy Rule Service Entries Icmp Entry> - ICMP type service entry
- igmp
Entries List<PolicyIntrusion Service Policy Rule Service Entries Igmp Entry> - IGMP type service entry
- ip
Protocol List<PolicyEntries Intrusion Service Policy Rule Service Entries Ip Protocol Entry> - IP Protocol type service entry
- l4Port
Set List<PolicyEntries Intrusion Service Policy Rule Service Entries L4Port Set Entry> - L4 port set type service entry
- algorithm
Entries PolicyIntrusion Service Policy Rule Service Entries Algorithm Entry[] - Algorithm type service entry
- ether
Type PolicyEntries Intrusion Service Policy Rule Service Entries Ether Type Entry[] - Ether type service entry
- icmp
Entries PolicyIntrusion Service Policy Rule Service Entries Icmp Entry[] - ICMP type service entry
- igmp
Entries PolicyIntrusion Service Policy Rule Service Entries Igmp Entry[] - IGMP type service entry
- ip
Protocol PolicyEntries Intrusion Service Policy Rule Service Entries Ip Protocol Entry[] - IP Protocol type service entry
- l4Port
Set PolicyEntries Intrusion Service Policy Rule Service Entries L4Port Set Entry[] - L4 port set type service entry
- algorithm_
entries Sequence[PolicyIntrusion Service Policy Rule Service Entries Algorithm Entry] - Algorithm type service entry
- ether_
type_ Sequence[Policyentries Intrusion Service Policy Rule Service Entries Ether Type Entry] - Ether type service entry
- icmp_
entries Sequence[PolicyIntrusion Service Policy Rule Service Entries Icmp Entry] - ICMP type service entry
- igmp_
entries Sequence[PolicyIntrusion Service Policy Rule Service Entries Igmp Entry] - IGMP type service entry
- ip_
protocol_ Sequence[Policyentries Intrusion Service Policy Rule Service Entries Ip Protocol Entry] - IP Protocol type service entry
- l4_
port_ Sequence[Policyset_ entries Intrusion Service Policy Rule Service Entries L4Port Set Entry] - L4 port set type service entry
- algorithm
Entries List<Property Map> - Algorithm type service entry
- ether
Type List<Property Map>Entries - Ether type service entry
- icmp
Entries List<Property Map> - ICMP type service entry
- igmp
Entries List<Property Map> - IGMP type service entry
- ip
Protocol List<Property Map>Entries - IP Protocol type service entry
- l4Port
Set List<Property Map>Entries - L4 port set type service entry
PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntry, PolicyIntrusionServicePolicyRuleServiceEntriesAlgorithmEntryArgs
- Algorithm string
- Algorithm
- Destination
Port string - A single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Source
Ports List<string> - Set of source ports or ranges
- Algorithm string
- Algorithm
- Destination
Port string - A single destination port
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Source
Ports []string - Set of source ports or ranges
- algorithm string
- Algorithm
- destination_
port string - A single destination port
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- source_
ports list(string) - Set of source ports or ranges
- algorithm String
- Algorithm
- destination
Port String - A single destination port
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- source
Ports List<String> - Set of source ports or ranges
- algorithm string
- Algorithm
- destination
Port string - A single destination port
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- source
Ports string[] - Set of source ports or ranges
- algorithm str
- Algorithm
- destination_
port str - A single destination port
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- source_
ports Sequence[str] - Set of source ports or ranges
- algorithm String
- Algorithm
- destination
Port String - A single destination port
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- source
Ports List<String> - Set of source ports or ranges
PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntry, PolicyIntrusionServicePolicyRuleServiceEntriesEtherTypeEntryArgs
- Ether
Type double - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Ether
Type float64 - Type of the encapsulated protocol
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- ether_
type number - Type of the encapsulated protocol
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- ether
Type Double - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- ether
Type number - Type of the encapsulated protocol
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- ether_
type float - Type of the encapsulated protocol
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- ether
Type Number - Type of the encapsulated protocol
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIcmpEntryArgs
- Protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- Protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Icmp
Code string - ICMP message code
- Icmp
Type string - ICMP message type
- protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- icmp_
code string - ICMP message code
- icmp_
type string - ICMP message type
- protocol String
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
- protocol string
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- icmp
Code string - ICMP message code
- icmp
Type string - ICMP message type
- protocol str
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- icmp_
code str - ICMP message code
- icmp_
type str - ICMP message type
- protocol String
- Version of ICMP protocol (ICMPv4/ICMPv6)
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- icmp
Code String - ICMP message code
- icmp
Type String - ICMP message type
PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIgmpEntryArgs
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntry, PolicyIntrusionServicePolicyRuleServiceEntriesIpProtocolEntryArgs
- Protocol double
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- Protocol float64
- IP protocol number
- Description string
- Description of the resource.
- Display
Name string - Display name of the resource.
- protocol number
- IP protocol number
- description string
- Description of the resource.
- display_
name string - Display name of the resource.
- protocol Double
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
- protocol number
- IP protocol number
- description string
- Description of the resource.
- display
Name string - Display name of the resource.
- protocol float
- IP protocol number
- description str
- Description of the resource.
- display_
name str - Display name of the resource.
- protocol Number
- IP protocol number
- description String
- Description of the resource.
- display
Name String - Display name of the resource.
PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntry, PolicyIntrusionServicePolicyRuleServiceEntriesL4PortSetEntryArgs
- Protocol string
- L4 Protocol
- Description string
- Description of the resource.
- Destination
Ports List<string> - Set of destination ports
- Display
Name string - Display name of the resource.
- Source
Ports List<string> - Set of source ports
- Protocol string
- L4 Protocol
- Description string
- Description of the resource.
- Destination
Ports []string - Set of destination ports
- Display
Name string - Display name of the resource.
- Source
Ports []string - Set of source ports
- protocol string
- L4 Protocol
- description string
- Description of the resource.
- destination_
ports list(string) - Set of destination ports
- display_
name string - Display name of the resource.
- source_
ports list(string) - Set of source ports
- protocol String
- L4 Protocol
- description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name of the resource.
- source
Ports List<String> - Set of source ports
- protocol string
- L4 Protocol
- description string
- Description of the resource.
- destination
Ports string[] - Set of destination ports
- display
Name string - Display name of the resource.
- source
Ports string[] - Set of source ports
- protocol str
- L4 Protocol
- description str
- Description of the resource.
- destination_
ports Sequence[str] - Set of destination ports
- display_
name str - Display name of the resource.
- source_
ports Sequence[str] - Set of source ports
- protocol String
- L4 Protocol
- description String
- Description of the resource.
- destination
Ports List<String> - Set of destination ports
- display
Name String - Display name of the resource.
- source
Ports List<String> - Set of source ports
PolicyIntrusionServicePolicyRuleTag, PolicyIntrusionServicePolicyRuleTagArgs
PolicyIntrusionServicePolicyTag, PolicyIntrusionServicePolicyTagArgs
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware