Skip to content

Latest commit

 

History

History

nsxt-distributed-firewall-policy

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

VMWare NSX-T Distributed Firewall Terraform Module

This Terraform configures a distributed firewall policy section and rules.

Requirements

Name Version
terraform >= 1.3.0
nsxt >= 3.2.7

Usage

Basic usage of this module is as follows:

module "example" {
	 source  = "<module-path>"

	 # Optional variables
	 category  = "Application"
	 comments  = null
	 custom_l4_services  = {}
	 display_name  = "vm_firewall"
	 domain  = null
	 locked  = true
	 resource_description  = "Terraform provisioned"
	 rules  = []
	 scope  = []
	 sequence_number  = null
	 stateful  = true
	 tags  = {}
	 tcp_strict  = true
}

Resources

Name Type
nsxt_policy_security_policy.this resource
nsxt_policy_service.this resource
nsxt_policy_group.policy_groups data source
nsxt_policy_service.this data source

Inputs

Name Description Type Default Required
category Category of this policy. For local manager must be one of Ethernet, Emergency, Infrastructure, Environment, Application. For global manager must be one of: Infrastructure, Environment, Application. string "Application" no
comments Comments for this firewall policy string null no
custom_l4_services A map of objects which is used to define custom TCP/UDP services which can be
added to firewall rules. Service objects allow all properties in the Terraform
[nsxt_policy_service l4_port_set_entry object]
(https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_service#l4_port_set_entry)		 
map(object({
    description       = string
    protocol          = optional(string)
    destination_ports = optional(list(number))
    source_ports      = optional(list(number))
    tags              = optional(map(string))
  }))
 {} no
display_name The name for the new firewall policy string "vm_firewall" no
domain The global manager domain id for the firewall policy string null no
locked Prevents multiple concurrent users from editing a firewall policy at the same time bool true no
resource_description A string added to the description field of all created resources string "Terraform provisioned" no
rules A list of objects which describe firewall rules. Rule objects allow all properties in the Terraform nsxt_policy_gateway_policy rule object. 
list(object({
    display_name          = string
    description           = optional(string)
    disabled              = optional(bool)
    action                = optional(string)
    direction             = optional(string)
    logged                = optional(bool)
    services              = optional(list(string))
    destination_groups    = optional(list(string))
    destinations_excluded = optional(bool)
    source_groups         = optional(list(string))
    sources_excluded      = optional(bool)
    tags                  = optional(map(string))
  }))
 [] no
scope The list of policy object paths where the rules in this policy will get applied. list(any) [] no
sequence_number An int value used to resolve conflicts between security policies across domains. If you do not intend to use multiple domains keep the default parameter. number null no
stateful Should the firewall policy do stateful inspection. VMware default is true bool true no
tags A map of NSX-T tag:scope pairs map(string) {} no
tcp_strict Enable NSX-T feature which enforces the TCP 3 way handshake and disables mid-session pick-up. VMware default is true bool true no

Outputs

Name Description
nsxt_firewall_section The NSX resource ID for the created policy.
nsxt_firewall_service The NSX firewall service.