Skip to content

Latest commit

 

History

History

nsxt-gateway-firewall

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

VMWare NSX-T Gateway Firewall Terraform Module

This Terraform configures a gateway firewall policy and rules for a NSX-T Tier 0 or Tier 1 North/South Firewall

Requirements

Name Version
terraform >= 1.3.0
nsxt >= 3.2.7

Usage

Basic usage of this module is as follows:

module "example" {
	 source  = "<module-path>"

	 # Required variables
	 scope_path  = 

	 # Optional variables
	 comments  = null
	 custom_l4_services  = {}
	 display_name  = "vm_firewall"
	 domain  = null
	 locked  = true
	 resource_description  = "Terraform provisioned"
	 rules  = []
	 sequence_number  = null
	 stateful  = true
	 tags  = {}
	 tcp_strict  = true
}

Resources

Name Type
nsxt_policy_gateway_policy.this resource
nsxt_policy_service.this resource
nsxt_policy_group.policy_groups data source
nsxt_policy_service.this data source

Inputs

Name Description Type Default Required
comments Comments for this firewall policy string null no
custom_l4_services A map of objects which is used to define custom TCP/UDP services which can be
added to firewall rules. Service objects allow all properties in the Terraform
[nsxt_policy_service l4_port_set_entry object]
(https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_service#l4_port_set_entry)		 
map(object({
    description       = string
    protocol          = optional(string)
    destination_ports = optional(list(number))
    source_ports      = optional(list(number))
    tags              = optional(map(string))
  }))
 {} no
display_name The name for the new firewall policy string "vm_firewall" no
domain The global manager domain id for the firewall policy string null no
locked Prevents multiple concurrent users from editing a firewall policy at the same time bool true no
resource_description A string added to the description field of all created resources string "Terraform provisioned" no
rules A list of objects which describe firewall rules. Rule objects allow all properties in the Terraform nsxt_policy_gateway_policy rule object. 
list(object({
    display_name          = string
    description           = optional(string)
    disabled              = optional(bool)
    action                = optional(string)
    direction             = optional(string)
    logged                = optional(bool)
    services              = optional(list(string))
    destination_groups    = optional(list(string))
    destinations_excluded = optional(bool)
    source_groups         = optional(list(string))
    sources_excluded      = optional(bool)
    tags                  = optional(map(string))
  }))
 [] no
scope_path The NSX resource path for the already existing NSX-T Tier-0 or Tier-1 gateway string n/a yes
sequence_number An int value used to resolve conflicts between security policies across domains. If you do not intend to use multiple domains keep the default parameter. number null no
stateful Should the firewall policy do stateful inspection. VMware default is true bool true no
tags A map of NSX-T tag:scope pairs map(string) {} no
tcp_strict Enable NSX-T feature which enforces the TCP 3 way handshake and disables mid-session pick-up. VMware default is true bool true no

Outputs

Name Description
id The NSX resource ID for the created policy.
path The NSX resource path for the created policy.
revision The NSX object revision path for the policy.
rule The NSX object revision path for the load balancer pool.