This Terraform configures a gateway firewall policy and rules for a NSX-T Tier 0 or Tier 1 North/South Firewall
Name | Version |
---|---|
terraform | >= 1.3.0 |
nsxt | >= 3.2.7 |
Basic usage of this module is as follows:
module "example" {
source = "<module-path>"
# Required variables
scope_path =
# Optional variables
comments = null
custom_l4_services = {}
display_name = "vm_firewall"
domain = null
locked = true
resource_description = "Terraform provisioned"
rules = []
sequence_number = null
stateful = true
tags = {}
tcp_strict = true
}
Name | Type |
---|---|
nsxt_policy_gateway_policy.this | resource |
nsxt_policy_service.this | resource |
nsxt_policy_group.policy_groups | data source |
nsxt_policy_service.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
comments | Comments for this firewall policy | string |
null |
no |
custom_l4_services | A map of objects which is used to define custom TCP/UDP services which can be added to firewall rules. Service objects allow all properties in the Terraform [nsxt_policy_service l4_port_set_entry object] (https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_service#l4_port_set_entry) |
map(object({ |
{} |
no |
display_name | The name for the new firewall policy | string |
"vm_firewall" |
no |
domain | The global manager domain id for the firewall policy | string |
null |
no |
locked | Prevents multiple concurrent users from editing a firewall policy at the same time | bool |
true |
no |
resource_description | A string added to the description field of all created resources | string |
"Terraform provisioned" |
no |
rules | A list of objects which describe firewall rules. Rule objects allow all properties in the Terraform nsxt_policy_gateway_policy rule object. | list(object({ |
[] |
no |
scope_path | The NSX resource path for the already existing NSX-T Tier-0 or Tier-1 gateway | string |
n/a | yes |
sequence_number | An int value used to resolve conflicts between security policies across domains. If you do not intend to use multiple domains keep the default parameter. | number |
null |
no |
stateful | Should the firewall policy do stateful inspection. VMware default is true |
bool |
true |
no |
tags | A map of NSX-T tag:scope pairs | map(string) |
{} |
no |
tcp_strict | Enable NSX-T feature which enforces the TCP 3 way handshake and disables mid-session pick-up. VMware default is true |
bool |
true |
no |
Name | Description |
---|---|
id | The NSX resource ID for the created policy. |
path | The NSX resource path for the created policy. |
revision | The NSX object revision path for the policy. |
rule | The NSX object revision path for the load balancer pool. |