cloudflare.ZeroTrustGatewaySettings
Explore with Pulumi AI
Provides a Cloudflare Teams Account resource. The Teams Account resource defines configuration for secure web gateway.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const example = new cloudflare.ZeroTrustGatewaySettings("example", {
accountId: "f037e56e89293a057740de681ac9abbe",
tlsDecryptEnabled: true,
protocolDetectionEnabled: true,
blockPage: {
footerText: "hello",
headerText: "hello",
logoPath: "https://example.com/logo.jpg",
backgroundColor: "#000000",
},
bodyScanning: {
inspectionMode: "deep",
},
antivirus: {
enabledDownloadPhase: true,
enabledUploadPhase: false,
failClosed: true,
notificationSettings: {
enabled: true,
message: "you are blocked",
supportUrl: "https://example.com/blocked",
},
},
fips: {
tls: true,
},
proxy: {
tcp: true,
udp: true,
rootCa: true,
virtualIp: false,
disableForTime: 3600,
},
urlBrowserIsolationEnabled: true,
logging: {
redactPii: true,
settingsByRuleType: {
dns: {
logAll: false,
logBlocks: true,
},
http: {
logAll: true,
logBlocks: true,
},
l4: {
logAll: false,
logBlocks: true,
},
},
},
extendedEmailMatching: {
enabled: true,
},
});
import pulumi
import pulumi_cloudflare as cloudflare
example = cloudflare.ZeroTrustGatewaySettings("example",
account_id="f037e56e89293a057740de681ac9abbe",
tls_decrypt_enabled=True,
protocol_detection_enabled=True,
block_page={
"footer_text": "hello",
"header_text": "hello",
"logo_path": "https://example.com/logo.jpg",
"background_color": "#000000",
},
body_scanning={
"inspection_mode": "deep",
},
antivirus={
"enabled_download_phase": True,
"enabled_upload_phase": False,
"fail_closed": True,
"notification_settings": {
"enabled": True,
"message": "you are blocked",
"support_url": "https://example.com/blocked",
},
},
fips={
"tls": True,
},
proxy={
"tcp": True,
"udp": True,
"root_ca": True,
"virtual_ip": False,
"disable_for_time": 3600,
},
url_browser_isolation_enabled=True,
logging={
"redact_pii": True,
"settings_by_rule_type": {
"dns": {
"log_all": False,
"log_blocks": True,
},
"http": {
"log_all": True,
"log_blocks": True,
},
"l4": {
"log_all": False,
"log_blocks": True,
},
},
},
extended_email_matching={
"enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.NewZeroTrustGatewaySettings(ctx, "example", &cloudflare.ZeroTrustGatewaySettingsArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
TlsDecryptEnabled: pulumi.Bool(true),
ProtocolDetectionEnabled: pulumi.Bool(true),
BlockPage: &cloudflare.ZeroTrustGatewaySettingsBlockPageArgs{
FooterText: pulumi.String("hello"),
HeaderText: pulumi.String("hello"),
LogoPath: pulumi.String("https://example.com/logo.jpg"),
BackgroundColor: pulumi.String("#000000"),
},
BodyScanning: &cloudflare.ZeroTrustGatewaySettingsBodyScanningArgs{
InspectionMode: pulumi.String("deep"),
},
Antivirus: &cloudflare.ZeroTrustGatewaySettingsAntivirusArgs{
EnabledDownloadPhase: pulumi.Bool(true),
EnabledUploadPhase: pulumi.Bool(false),
FailClosed: pulumi.Bool(true),
NotificationSettings: &cloudflare.ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs{
Enabled: pulumi.Bool(true),
Message: pulumi.String("you are blocked"),
SupportUrl: pulumi.String("https://example.com/blocked"),
},
},
Fips: &cloudflare.ZeroTrustGatewaySettingsFipsArgs{
Tls: pulumi.Bool(true),
},
Proxy: &cloudflare.ZeroTrustGatewaySettingsProxyArgs{
Tcp: pulumi.Bool(true),
Udp: pulumi.Bool(true),
RootCa: pulumi.Bool(true),
VirtualIp: pulumi.Bool(false),
DisableForTime: pulumi.Int(3600),
},
UrlBrowserIsolationEnabled: pulumi.Bool(true),
Logging: &cloudflare.ZeroTrustGatewaySettingsLoggingArgs{
RedactPii: pulumi.Bool(true),
SettingsByRuleType: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs{
Dns: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs{
LogAll: pulumi.Bool(false),
LogBlocks: pulumi.Bool(true),
},
Http: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs{
LogAll: pulumi.Bool(true),
LogBlocks: pulumi.Bool(true),
},
L4: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args{
LogAll: pulumi.Bool(false),
LogBlocks: pulumi.Bool(true),
},
},
},
ExtendedEmailMatching: &cloudflare.ZeroTrustGatewaySettingsExtendedEmailMatchingArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var example = new Cloudflare.ZeroTrustGatewaySettings("example", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
TlsDecryptEnabled = true,
ProtocolDetectionEnabled = true,
BlockPage = new Cloudflare.Inputs.ZeroTrustGatewaySettingsBlockPageArgs
{
FooterText = "hello",
HeaderText = "hello",
LogoPath = "https://example.com/logo.jpg",
BackgroundColor = "#000000",
},
BodyScanning = new Cloudflare.Inputs.ZeroTrustGatewaySettingsBodyScanningArgs
{
InspectionMode = "deep",
},
Antivirus = new Cloudflare.Inputs.ZeroTrustGatewaySettingsAntivirusArgs
{
EnabledDownloadPhase = true,
EnabledUploadPhase = false,
FailClosed = true,
NotificationSettings = new Cloudflare.Inputs.ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs
{
Enabled = true,
Message = "you are blocked",
SupportUrl = "https://example.com/blocked",
},
},
Fips = new Cloudflare.Inputs.ZeroTrustGatewaySettingsFipsArgs
{
Tls = true,
},
Proxy = new Cloudflare.Inputs.ZeroTrustGatewaySettingsProxyArgs
{
Tcp = true,
Udp = true,
RootCa = true,
VirtualIp = false,
DisableForTime = 3600,
},
UrlBrowserIsolationEnabled = true,
Logging = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingArgs
{
RedactPii = true,
SettingsByRuleType = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs
{
Dns = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs
{
LogAll = false,
LogBlocks = true,
},
Http = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs
{
LogAll = true,
LogBlocks = true,
},
L4 = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args
{
LogAll = false,
LogBlocks = true,
},
},
},
ExtendedEmailMatching = new Cloudflare.Inputs.ZeroTrustGatewaySettingsExtendedEmailMatchingArgs
{
Enabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustGatewaySettings;
import com.pulumi.cloudflare.ZeroTrustGatewaySettingsArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsBlockPageArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsBodyScanningArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsAntivirusArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsFipsArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsProxyArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsLoggingArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args;
import com.pulumi.cloudflare.inputs.ZeroTrustGatewaySettingsExtendedEmailMatchingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ZeroTrustGatewaySettings("example", ZeroTrustGatewaySettingsArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.tlsDecryptEnabled(true)
.protocolDetectionEnabled(true)
.blockPage(ZeroTrustGatewaySettingsBlockPageArgs.builder()
.footerText("hello")
.headerText("hello")
.logoPath("https://example.com/logo.jpg")
.backgroundColor("#000000")
.build())
.bodyScanning(ZeroTrustGatewaySettingsBodyScanningArgs.builder()
.inspectionMode("deep")
.build())
.antivirus(ZeroTrustGatewaySettingsAntivirusArgs.builder()
.enabledDownloadPhase(true)
.enabledUploadPhase(false)
.failClosed(true)
.notificationSettings(ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs.builder()
.enabled(true)
.message("you are blocked")
.supportUrl("https://example.com/blocked")
.build())
.build())
.fips(ZeroTrustGatewaySettingsFipsArgs.builder()
.tls(true)
.build())
.proxy(ZeroTrustGatewaySettingsProxyArgs.builder()
.tcp(true)
.udp(true)
.rootCa(true)
.virtualIp(false)
.disableForTime(3600)
.build())
.urlBrowserIsolationEnabled(true)
.logging(ZeroTrustGatewaySettingsLoggingArgs.builder()
.redactPii(true)
.settingsByRuleType(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs.builder()
.dns(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs.builder()
.logAll(false)
.logBlocks(true)
.build())
.http(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs.builder()
.logAll(true)
.logBlocks(true)
.build())
.l4(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args.builder()
.logAll(false)
.logBlocks(true)
.build())
.build())
.build())
.extendedEmailMatching(ZeroTrustGatewaySettingsExtendedEmailMatchingArgs.builder()
.enabled(true)
.build())
.build());
}
}
resources:
example:
type: cloudflare:ZeroTrustGatewaySettings
properties:
accountId: f037e56e89293a057740de681ac9abbe
tlsDecryptEnabled: true
protocolDetectionEnabled: true
blockPage:
footerText: hello
headerText: hello
logoPath: https://example.com/logo.jpg
backgroundColor: '#000000'
bodyScanning:
inspectionMode: deep
antivirus:
enabledDownloadPhase: true
enabledUploadPhase: false
failClosed: true
notificationSettings:
enabled: true
message: you are blocked
supportUrl: https://example.com/blocked
fips:
tls: true
proxy:
tcp: true
udp: true
rootCa: true
virtualIp: false
disableForTime: 3600
urlBrowserIsolationEnabled: true
logging:
redactPii: true
settingsByRuleType:
dns:
logAll: false
logBlocks: true
http:
logAll: true
logBlocks: true
l4:
logAll: false
logBlocks: true
extendedEmailMatching:
enabled: true
Create ZeroTrustGatewaySettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ZeroTrustGatewaySettings(name: string, args: ZeroTrustGatewaySettingsArgs, opts?: CustomResourceOptions);
@overload
def ZeroTrustGatewaySettings(resource_name: str,
args: ZeroTrustGatewaySettingsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ZeroTrustGatewaySettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
activity_log_enabled: Optional[bool] = None,
antivirus: Optional[ZeroTrustGatewaySettingsAntivirusArgs] = None,
block_page: Optional[ZeroTrustGatewaySettingsBlockPageArgs] = None,
body_scanning: Optional[ZeroTrustGatewaySettingsBodyScanningArgs] = None,
certificate: Optional[ZeroTrustGatewaySettingsCertificateArgs] = None,
custom_certificate: Optional[ZeroTrustGatewaySettingsCustomCertificateArgs] = None,
extended_email_matching: Optional[ZeroTrustGatewaySettingsExtendedEmailMatchingArgs] = None,
fips: Optional[ZeroTrustGatewaySettingsFipsArgs] = None,
logging: Optional[ZeroTrustGatewaySettingsLoggingArgs] = None,
non_identity_browser_isolation_enabled: Optional[bool] = None,
payload_log: Optional[ZeroTrustGatewaySettingsPayloadLogArgs] = None,
protocol_detection_enabled: Optional[bool] = None,
proxy: Optional[ZeroTrustGatewaySettingsProxyArgs] = None,
ssh_session_log: Optional[ZeroTrustGatewaySettingsSshSessionLogArgs] = None,
tls_decrypt_enabled: Optional[bool] = None,
url_browser_isolation_enabled: Optional[bool] = None)
func NewZeroTrustGatewaySettings(ctx *Context, name string, args ZeroTrustGatewaySettingsArgs, opts ...ResourceOption) (*ZeroTrustGatewaySettings, error)
public ZeroTrustGatewaySettings(string name, ZeroTrustGatewaySettingsArgs args, CustomResourceOptions? opts = null)
public ZeroTrustGatewaySettings(String name, ZeroTrustGatewaySettingsArgs args)
public ZeroTrustGatewaySettings(String name, ZeroTrustGatewaySettingsArgs args, CustomResourceOptions options)
type: cloudflare:ZeroTrustGatewaySettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ZeroTrustGatewaySettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ZeroTrustGatewaySettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ZeroTrustGatewaySettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ZeroTrustGatewaySettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ZeroTrustGatewaySettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var zeroTrustGatewaySettingsResource = new Cloudflare.ZeroTrustGatewaySettings("zeroTrustGatewaySettingsResource", new()
{
AccountId = "string",
ActivityLogEnabled = false,
Antivirus = new Cloudflare.Inputs.ZeroTrustGatewaySettingsAntivirusArgs
{
EnabledDownloadPhase = false,
EnabledUploadPhase = false,
FailClosed = false,
NotificationSettings = new Cloudflare.Inputs.ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs
{
Enabled = false,
Message = "string",
SupportUrl = "string",
},
},
BlockPage = new Cloudflare.Inputs.ZeroTrustGatewaySettingsBlockPageArgs
{
BackgroundColor = "string",
Enabled = false,
FooterText = "string",
HeaderText = "string",
LogoPath = "string",
MailtoAddress = "string",
MailtoSubject = "string",
Name = "string",
},
BodyScanning = new Cloudflare.Inputs.ZeroTrustGatewaySettingsBodyScanningArgs
{
InspectionMode = "string",
},
Certificate = new Cloudflare.Inputs.ZeroTrustGatewaySettingsCertificateArgs
{
Id = "string",
},
ExtendedEmailMatching = new Cloudflare.Inputs.ZeroTrustGatewaySettingsExtendedEmailMatchingArgs
{
Enabled = false,
},
Fips = new Cloudflare.Inputs.ZeroTrustGatewaySettingsFipsArgs
{
Tls = false,
},
Logging = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingArgs
{
RedactPii = false,
SettingsByRuleType = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs
{
Dns = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs
{
LogAll = false,
LogBlocks = false,
},
Http = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs
{
LogAll = false,
LogBlocks = false,
},
L4 = new Cloudflare.Inputs.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args
{
LogAll = false,
LogBlocks = false,
},
},
},
NonIdentityBrowserIsolationEnabled = false,
PayloadLog = new Cloudflare.Inputs.ZeroTrustGatewaySettingsPayloadLogArgs
{
PublicKey = "string",
},
ProtocolDetectionEnabled = false,
Proxy = new Cloudflare.Inputs.ZeroTrustGatewaySettingsProxyArgs
{
DisableForTime = 0,
RootCa = false,
Tcp = false,
Udp = false,
VirtualIp = false,
},
SshSessionLog = new Cloudflare.Inputs.ZeroTrustGatewaySettingsSshSessionLogArgs
{
PublicKey = "string",
},
TlsDecryptEnabled = false,
UrlBrowserIsolationEnabled = false,
});
example, err := cloudflare.NewZeroTrustGatewaySettings(ctx, "zeroTrustGatewaySettingsResource", &cloudflare.ZeroTrustGatewaySettingsArgs{
AccountId: pulumi.String("string"),
ActivityLogEnabled: pulumi.Bool(false),
Antivirus: &cloudflare.ZeroTrustGatewaySettingsAntivirusArgs{
EnabledDownloadPhase: pulumi.Bool(false),
EnabledUploadPhase: pulumi.Bool(false),
FailClosed: pulumi.Bool(false),
NotificationSettings: &cloudflare.ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs{
Enabled: pulumi.Bool(false),
Message: pulumi.String("string"),
SupportUrl: pulumi.String("string"),
},
},
BlockPage: &cloudflare.ZeroTrustGatewaySettingsBlockPageArgs{
BackgroundColor: pulumi.String("string"),
Enabled: pulumi.Bool(false),
FooterText: pulumi.String("string"),
HeaderText: pulumi.String("string"),
LogoPath: pulumi.String("string"),
MailtoAddress: pulumi.String("string"),
MailtoSubject: pulumi.String("string"),
Name: pulumi.String("string"),
},
BodyScanning: &cloudflare.ZeroTrustGatewaySettingsBodyScanningArgs{
InspectionMode: pulumi.String("string"),
},
Certificate: &cloudflare.ZeroTrustGatewaySettingsCertificateArgs{
Id: pulumi.String("string"),
},
ExtendedEmailMatching: &cloudflare.ZeroTrustGatewaySettingsExtendedEmailMatchingArgs{
Enabled: pulumi.Bool(false),
},
Fips: &cloudflare.ZeroTrustGatewaySettingsFipsArgs{
Tls: pulumi.Bool(false),
},
Logging: &cloudflare.ZeroTrustGatewaySettingsLoggingArgs{
RedactPii: pulumi.Bool(false),
SettingsByRuleType: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs{
Dns: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs{
LogAll: pulumi.Bool(false),
LogBlocks: pulumi.Bool(false),
},
Http: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs{
LogAll: pulumi.Bool(false),
LogBlocks: pulumi.Bool(false),
},
L4: &cloudflare.ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args{
LogAll: pulumi.Bool(false),
LogBlocks: pulumi.Bool(false),
},
},
},
NonIdentityBrowserIsolationEnabled: pulumi.Bool(false),
PayloadLog: &cloudflare.ZeroTrustGatewaySettingsPayloadLogArgs{
PublicKey: pulumi.String("string"),
},
ProtocolDetectionEnabled: pulumi.Bool(false),
Proxy: &cloudflare.ZeroTrustGatewaySettingsProxyArgs{
DisableForTime: pulumi.Int(0),
RootCa: pulumi.Bool(false),
Tcp: pulumi.Bool(false),
Udp: pulumi.Bool(false),
VirtualIp: pulumi.Bool(false),
},
SshSessionLog: &cloudflare.ZeroTrustGatewaySettingsSshSessionLogArgs{
PublicKey: pulumi.String("string"),
},
TlsDecryptEnabled: pulumi.Bool(false),
UrlBrowserIsolationEnabled: pulumi.Bool(false),
})
var zeroTrustGatewaySettingsResource = new ZeroTrustGatewaySettings("zeroTrustGatewaySettingsResource", ZeroTrustGatewaySettingsArgs.builder()
.accountId("string")
.activityLogEnabled(false)
.antivirus(ZeroTrustGatewaySettingsAntivirusArgs.builder()
.enabledDownloadPhase(false)
.enabledUploadPhase(false)
.failClosed(false)
.notificationSettings(ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs.builder()
.enabled(false)
.message("string")
.supportUrl("string")
.build())
.build())
.blockPage(ZeroTrustGatewaySettingsBlockPageArgs.builder()
.backgroundColor("string")
.enabled(false)
.footerText("string")
.headerText("string")
.logoPath("string")
.mailtoAddress("string")
.mailtoSubject("string")
.name("string")
.build())
.bodyScanning(ZeroTrustGatewaySettingsBodyScanningArgs.builder()
.inspectionMode("string")
.build())
.certificate(ZeroTrustGatewaySettingsCertificateArgs.builder()
.id("string")
.build())
.extendedEmailMatching(ZeroTrustGatewaySettingsExtendedEmailMatchingArgs.builder()
.enabled(false)
.build())
.fips(ZeroTrustGatewaySettingsFipsArgs.builder()
.tls(false)
.build())
.logging(ZeroTrustGatewaySettingsLoggingArgs.builder()
.redactPii(false)
.settingsByRuleType(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs.builder()
.dns(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs.builder()
.logAll(false)
.logBlocks(false)
.build())
.http(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs.builder()
.logAll(false)
.logBlocks(false)
.build())
.l4(ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args.builder()
.logAll(false)
.logBlocks(false)
.build())
.build())
.build())
.nonIdentityBrowserIsolationEnabled(false)
.payloadLog(ZeroTrustGatewaySettingsPayloadLogArgs.builder()
.publicKey("string")
.build())
.protocolDetectionEnabled(false)
.proxy(ZeroTrustGatewaySettingsProxyArgs.builder()
.disableForTime(0)
.rootCa(false)
.tcp(false)
.udp(false)
.virtualIp(false)
.build())
.sshSessionLog(ZeroTrustGatewaySettingsSshSessionLogArgs.builder()
.publicKey("string")
.build())
.tlsDecryptEnabled(false)
.urlBrowserIsolationEnabled(false)
.build());
zero_trust_gateway_settings_resource = cloudflare.ZeroTrustGatewaySettings("zeroTrustGatewaySettingsResource",
account_id="string",
activity_log_enabled=False,
antivirus={
"enabled_download_phase": False,
"enabled_upload_phase": False,
"fail_closed": False,
"notification_settings": {
"enabled": False,
"message": "string",
"support_url": "string",
},
},
block_page={
"background_color": "string",
"enabled": False,
"footer_text": "string",
"header_text": "string",
"logo_path": "string",
"mailto_address": "string",
"mailto_subject": "string",
"name": "string",
},
body_scanning={
"inspection_mode": "string",
},
certificate={
"id": "string",
},
extended_email_matching={
"enabled": False,
},
fips={
"tls": False,
},
logging={
"redact_pii": False,
"settings_by_rule_type": {
"dns": {
"log_all": False,
"log_blocks": False,
},
"http": {
"log_all": False,
"log_blocks": False,
},
"l4": {
"log_all": False,
"log_blocks": False,
},
},
},
non_identity_browser_isolation_enabled=False,
payload_log={
"public_key": "string",
},
protocol_detection_enabled=False,
proxy={
"disable_for_time": 0,
"root_ca": False,
"tcp": False,
"udp": False,
"virtual_ip": False,
},
ssh_session_log={
"public_key": "string",
},
tls_decrypt_enabled=False,
url_browser_isolation_enabled=False)
const zeroTrustGatewaySettingsResource = new cloudflare.ZeroTrustGatewaySettings("zeroTrustGatewaySettingsResource", {
accountId: "string",
activityLogEnabled: false,
antivirus: {
enabledDownloadPhase: false,
enabledUploadPhase: false,
failClosed: false,
notificationSettings: {
enabled: false,
message: "string",
supportUrl: "string",
},
},
blockPage: {
backgroundColor: "string",
enabled: false,
footerText: "string",
headerText: "string",
logoPath: "string",
mailtoAddress: "string",
mailtoSubject: "string",
name: "string",
},
bodyScanning: {
inspectionMode: "string",
},
certificate: {
id: "string",
},
extendedEmailMatching: {
enabled: false,
},
fips: {
tls: false,
},
logging: {
redactPii: false,
settingsByRuleType: {
dns: {
logAll: false,
logBlocks: false,
},
http: {
logAll: false,
logBlocks: false,
},
l4: {
logAll: false,
logBlocks: false,
},
},
},
nonIdentityBrowserIsolationEnabled: false,
payloadLog: {
publicKey: "string",
},
protocolDetectionEnabled: false,
proxy: {
disableForTime: 0,
rootCa: false,
tcp: false,
udp: false,
virtualIp: false,
},
sshSessionLog: {
publicKey: "string",
},
tlsDecryptEnabled: false,
urlBrowserIsolationEnabled: false,
});
type: cloudflare:ZeroTrustGatewaySettings
properties:
accountId: string
activityLogEnabled: false
antivirus:
enabledDownloadPhase: false
enabledUploadPhase: false
failClosed: false
notificationSettings:
enabled: false
message: string
supportUrl: string
blockPage:
backgroundColor: string
enabled: false
footerText: string
headerText: string
logoPath: string
mailtoAddress: string
mailtoSubject: string
name: string
bodyScanning:
inspectionMode: string
certificate:
id: string
extendedEmailMatching:
enabled: false
fips:
tls: false
logging:
redactPii: false
settingsByRuleType:
dns:
logAll: false
logBlocks: false
http:
logAll: false
logBlocks: false
l4:
logAll: false
logBlocks: false
nonIdentityBrowserIsolationEnabled: false
payloadLog:
publicKey: string
protocolDetectionEnabled: false
proxy:
disableForTime: 0
rootCa: false
tcp: false
udp: false
virtualIp: false
sshSessionLog:
publicKey: string
tlsDecryptEnabled: false
urlBrowserIsolationEnabled: false
ZeroTrustGatewaySettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ZeroTrustGatewaySettings resource accepts the following input properties:
- Account
Id string - The account identifier to target for the resource.
- Activity
Log boolEnabled - Whether to enable the activity log.
- Antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- Block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- Body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- Certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- Custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - Extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- Fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- Logging
Zero
Trust Gateway Settings Logging - Non
Identity boolBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - Payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- Protocol
Detection boolEnabled - Indicator that protocol detection is enabled.
- Proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- Ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- Tls
Decrypt boolEnabled - Indicator that decryption of TLS traffic is enabled.
- Url
Browser boolIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- Account
Id string - The account identifier to target for the resource.
- Activity
Log boolEnabled - Whether to enable the activity log.
- Antivirus
Zero
Trust Gateway Settings Antivirus Args - Configuration block for antivirus traffic scanning.
- Block
Page ZeroTrust Gateway Settings Block Page Args - Configuration for a custom block page.
- Body
Scanning ZeroTrust Gateway Settings Body Scanning Args - Configuration for body scanning.
- Certificate
Zero
Trust Gateway Settings Certificate Args - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- Custom
Certificate ZeroTrust Gateway Settings Custom Certificate Args - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - Extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching Args - Configuration for extended e-mail matching.
- Fips
Zero
Trust Gateway Settings Fips Args - Configure compliance with Federal Information Processing Standards.
- Logging
Zero
Trust Gateway Settings Logging Args - Non
Identity boolBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - Payload
Log ZeroTrust Gateway Settings Payload Log Args - Configuration for DLP Payload Logging.
- Protocol
Detection boolEnabled - Indicator that protocol detection is enabled.
- Proxy
Zero
Trust Gateway Settings Proxy Args - Configuration block for specifying which protocols are proxied.
- Ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log Args - Configuration for SSH Session Logging.
- Tls
Decrypt boolEnabled - Indicator that decryption of TLS traffic is enabled.
- Url
Browser boolIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id String - The account identifier to target for the resource.
- activity
Log BooleanEnabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging - non
Identity BooleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- protocol
Detection BooleanEnabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- tls
Decrypt BooleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser BooleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id string - The account identifier to target for the resource.
- activity
Log booleanEnabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging - non
Identity booleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- protocol
Detection booleanEnabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- tls
Decrypt booleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser booleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account_
id str - The account identifier to target for the resource.
- activity_
log_ boolenabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus Args - Configuration block for antivirus traffic scanning.
- block_
page ZeroTrust Gateway Settings Block Page Args - Configuration for a custom block page.
- body_
scanning ZeroTrust Gateway Settings Body Scanning Args - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate Args - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom_
certificate ZeroTrust Gateway Settings Custom Certificate Args - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended_
email_ Zeromatching Trust Gateway Settings Extended Email Matching Args - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips Args - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging Args - non_
identity_ boolbrowser_ isolation_ enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload_
log ZeroTrust Gateway Settings Payload Log Args - Configuration for DLP Payload Logging.
- protocol_
detection_ boolenabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy Args - Configuration block for specifying which protocols are proxied.
- ssh_
session_ Zerolog Trust Gateway Settings Ssh Session Log Args - Configuration for SSH Session Logging.
- tls_
decrypt_ boolenabled - Indicator that decryption of TLS traffic is enabled.
- url_
browser_ boolisolation_ enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id String - The account identifier to target for the resource.
- activity
Log BooleanEnabled - Whether to enable the activity log.
- antivirus Property Map
- Configuration block for antivirus traffic scanning.
- block
Page Property Map - Configuration for a custom block page.
- body
Scanning Property Map - Configuration for body scanning.
- certificate Property Map
- Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate Property Map - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email Property MapMatching - Configuration for extended e-mail matching.
- fips Property Map
- Configure compliance with Federal Information Processing Standards.
- logging Property Map
- non
Identity BooleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log Property Map - Configuration for DLP Payload Logging.
- protocol
Detection BooleanEnabled - Indicator that protocol detection is enabled.
- proxy Property Map
- Configuration block for specifying which protocols are proxied.
- ssh
Session Property MapLog - Configuration for SSH Session Logging.
- tls
Decrypt BooleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser BooleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
Outputs
All input properties are implicitly available as output properties. Additionally, the ZeroTrustGatewaySettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ZeroTrustGatewaySettings Resource
Get an existing ZeroTrustGatewaySettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ZeroTrustGatewaySettingsState, opts?: CustomResourceOptions): ZeroTrustGatewaySettings
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
activity_log_enabled: Optional[bool] = None,
antivirus: Optional[ZeroTrustGatewaySettingsAntivirusArgs] = None,
block_page: Optional[ZeroTrustGatewaySettingsBlockPageArgs] = None,
body_scanning: Optional[ZeroTrustGatewaySettingsBodyScanningArgs] = None,
certificate: Optional[ZeroTrustGatewaySettingsCertificateArgs] = None,
custom_certificate: Optional[ZeroTrustGatewaySettingsCustomCertificateArgs] = None,
extended_email_matching: Optional[ZeroTrustGatewaySettingsExtendedEmailMatchingArgs] = None,
fips: Optional[ZeroTrustGatewaySettingsFipsArgs] = None,
logging: Optional[ZeroTrustGatewaySettingsLoggingArgs] = None,
non_identity_browser_isolation_enabled: Optional[bool] = None,
payload_log: Optional[ZeroTrustGatewaySettingsPayloadLogArgs] = None,
protocol_detection_enabled: Optional[bool] = None,
proxy: Optional[ZeroTrustGatewaySettingsProxyArgs] = None,
ssh_session_log: Optional[ZeroTrustGatewaySettingsSshSessionLogArgs] = None,
tls_decrypt_enabled: Optional[bool] = None,
url_browser_isolation_enabled: Optional[bool] = None) -> ZeroTrustGatewaySettings
func GetZeroTrustGatewaySettings(ctx *Context, name string, id IDInput, state *ZeroTrustGatewaySettingsState, opts ...ResourceOption) (*ZeroTrustGatewaySettings, error)
public static ZeroTrustGatewaySettings Get(string name, Input<string> id, ZeroTrustGatewaySettingsState? state, CustomResourceOptions? opts = null)
public static ZeroTrustGatewaySettings get(String name, Output<String> id, ZeroTrustGatewaySettingsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource.
- Activity
Log boolEnabled - Whether to enable the activity log.
- Antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- Block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- Body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- Certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- Custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - Extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- Fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- Logging
Zero
Trust Gateway Settings Logging - Non
Identity boolBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - Payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- Protocol
Detection boolEnabled - Indicator that protocol detection is enabled.
- Proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- Ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- Tls
Decrypt boolEnabled - Indicator that decryption of TLS traffic is enabled.
- Url
Browser boolIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- Account
Id string - The account identifier to target for the resource.
- Activity
Log boolEnabled - Whether to enable the activity log.
- Antivirus
Zero
Trust Gateway Settings Antivirus Args - Configuration block for antivirus traffic scanning.
- Block
Page ZeroTrust Gateway Settings Block Page Args - Configuration for a custom block page.
- Body
Scanning ZeroTrust Gateway Settings Body Scanning Args - Configuration for body scanning.
- Certificate
Zero
Trust Gateway Settings Certificate Args - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- Custom
Certificate ZeroTrust Gateway Settings Custom Certificate Args - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - Extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching Args - Configuration for extended e-mail matching.
- Fips
Zero
Trust Gateway Settings Fips Args - Configure compliance with Federal Information Processing Standards.
- Logging
Zero
Trust Gateway Settings Logging Args - Non
Identity boolBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - Payload
Log ZeroTrust Gateway Settings Payload Log Args - Configuration for DLP Payload Logging.
- Protocol
Detection boolEnabled - Indicator that protocol detection is enabled.
- Proxy
Zero
Trust Gateway Settings Proxy Args - Configuration block for specifying which protocols are proxied.
- Ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log Args - Configuration for SSH Session Logging.
- Tls
Decrypt boolEnabled - Indicator that decryption of TLS traffic is enabled.
- Url
Browser boolIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id String - The account identifier to target for the resource.
- activity
Log BooleanEnabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging - non
Identity BooleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- protocol
Detection BooleanEnabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- tls
Decrypt BooleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser BooleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id string - The account identifier to target for the resource.
- activity
Log booleanEnabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus - Configuration block for antivirus traffic scanning.
- block
Page ZeroTrust Gateway Settings Block Page - Configuration for a custom block page.
- body
Scanning ZeroTrust Gateway Settings Body Scanning - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate ZeroTrust Gateway Settings Custom Certificate - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email ZeroMatching Trust Gateway Settings Extended Email Matching - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging - non
Identity booleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log ZeroTrust Gateway Settings Payload Log - Configuration for DLP Payload Logging.
- protocol
Detection booleanEnabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy - Configuration block for specifying which protocols are proxied.
- ssh
Session ZeroLog Trust Gateway Settings Ssh Session Log - Configuration for SSH Session Logging.
- tls
Decrypt booleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser booleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account_
id str - The account identifier to target for the resource.
- activity_
log_ boolenabled - Whether to enable the activity log.
- antivirus
Zero
Trust Gateway Settings Antivirus Args - Configuration block for antivirus traffic scanning.
- block_
page ZeroTrust Gateway Settings Block Page Args - Configuration for a custom block page.
- body_
scanning ZeroTrust Gateway Settings Body Scanning Args - Configuration for body scanning.
- certificate
Zero
Trust Gateway Settings Certificate Args - Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom_
certificate ZeroTrust Gateway Settings Custom Certificate Args - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended_
email_ Zeromatching Trust Gateway Settings Extended Email Matching Args - Configuration for extended e-mail matching.
- fips
Zero
Trust Gateway Settings Fips Args - Configure compliance with Federal Information Processing Standards.
- logging
Zero
Trust Gateway Settings Logging Args - non_
identity_ boolbrowser_ isolation_ enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload_
log ZeroTrust Gateway Settings Payload Log Args - Configuration for DLP Payload Logging.
- protocol_
detection_ boolenabled - Indicator that protocol detection is enabled.
- proxy
Zero
Trust Gateway Settings Proxy Args - Configuration block for specifying which protocols are proxied.
- ssh_
session_ Zerolog Trust Gateway Settings Ssh Session Log Args - Configuration for SSH Session Logging.
- tls_
decrypt_ boolenabled - Indicator that decryption of TLS traffic is enabled.
- url_
browser_ boolisolation_ enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
- account
Id String - The account identifier to target for the resource.
- activity
Log BooleanEnabled - Whether to enable the activity log.
- antivirus Property Map
- Configuration block for antivirus traffic scanning.
- block
Page Property Map - Configuration for a custom block page.
- body
Scanning Property Map - Configuration for body scanning.
- certificate Property Map
- Configuration for TLS interception certificate. This will be required starting Feb 2025.
- custom
Certificate Property Map - Configuration for custom certificates / BYO-PKI. Conflicts with
certificate
. - extended
Email Property MapMatching - Configuration for extended e-mail matching.
- fips Property Map
- Configure compliance with Federal Information Processing Standards.
- logging Property Map
- non
Identity BooleanBrowser Isolation Enabled - Enable non-identity onramp for Browser Isolation. Defaults to
false
. - payload
Log Property Map - Configuration for DLP Payload Logging.
- protocol
Detection BooleanEnabled - Indicator that protocol detection is enabled.
- proxy Property Map
- Configuration block for specifying which protocols are proxied.
- ssh
Session Property MapLog - Configuration for SSH Session Logging.
- tls
Decrypt BooleanEnabled - Indicator that decryption of TLS traffic is enabled.
- url
Browser BooleanIsolation Enabled - Safely browse websites in Browser Isolation through a URL. Defaults to
false
.
Supporting Types
ZeroTrustGatewaySettingsAntivirus, ZeroTrustGatewaySettingsAntivirusArgs
- Enabled
Download boolPhase - Scan on file download.
- Enabled
Upload boolPhase - Scan on file upload.
- Fail
Closed bool - Block requests for files that cannot be scanned.
- Notification
Settings ZeroTrust Gateway Settings Antivirus Notification Settings - Set notifications for antivirus.
- Enabled
Download boolPhase - Scan on file download.
- Enabled
Upload boolPhase - Scan on file upload.
- Fail
Closed bool - Block requests for files that cannot be scanned.
- Notification
Settings ZeroTrust Gateway Settings Antivirus Notification Settings - Set notifications for antivirus.
- enabled
Download BooleanPhase - Scan on file download.
- enabled
Upload BooleanPhase - Scan on file upload.
- fail
Closed Boolean - Block requests for files that cannot be scanned.
- notification
Settings ZeroTrust Gateway Settings Antivirus Notification Settings - Set notifications for antivirus.
- enabled
Download booleanPhase - Scan on file download.
- enabled
Upload booleanPhase - Scan on file upload.
- fail
Closed boolean - Block requests for files that cannot be scanned.
- notification
Settings ZeroTrust Gateway Settings Antivirus Notification Settings - Set notifications for antivirus.
- enabled_
download_ boolphase - Scan on file download.
- enabled_
upload_ boolphase - Scan on file upload.
- fail_
closed bool - Block requests for files that cannot be scanned.
- notification_
settings ZeroTrust Gateway Settings Antivirus Notification Settings - Set notifications for antivirus.
- enabled
Download BooleanPhase - Scan on file download.
- enabled
Upload BooleanPhase - Scan on file upload.
- fail
Closed Boolean - Block requests for files that cannot be scanned.
- notification
Settings Property Map - Set notifications for antivirus.
ZeroTrustGatewaySettingsAntivirusNotificationSettings, ZeroTrustGatewaySettingsAntivirusNotificationSettingsArgs
- Enabled bool
- Enable notification settings.
- Message string
- Notification content.
- Support
Url string - Support URL to show in the notification.
- Enabled bool
- Enable notification settings.
- Message string
- Notification content.
- Support
Url string - Support URL to show in the notification.
- enabled Boolean
- Enable notification settings.
- message String
- Notification content.
- support
Url String - Support URL to show in the notification.
- enabled boolean
- Enable notification settings.
- message string
- Notification content.
- support
Url string - Support URL to show in the notification.
- enabled bool
- Enable notification settings.
- message str
- Notification content.
- support_
url str - Support URL to show in the notification.
- enabled Boolean
- Enable notification settings.
- message String
- Notification content.
- support
Url String - Support URL to show in the notification.
ZeroTrustGatewaySettingsBlockPage, ZeroTrustGatewaySettingsBlockPageArgs
- Background
Color string - Hex code of block page background color.
- Enabled bool
- Indicator of enablement.
- string
- Block page footer text.
- Header
Text string - Block page header text.
- Logo
Path string - URL of block page logo.
- Mailto
Address string - Admin email for users to contact.
- Mailto
Subject string - Subject line for emails created from block page.
- Name string
- Name of block page configuration.
- Background
Color string - Hex code of block page background color.
- Enabled bool
- Indicator of enablement.
- string
- Block page footer text.
- Header
Text string - Block page header text.
- Logo
Path string - URL of block page logo.
- Mailto
Address string - Admin email for users to contact.
- Mailto
Subject string - Subject line for emails created from block page.
- Name string
- Name of block page configuration.
- background
Color String - Hex code of block page background color.
- enabled Boolean
- Indicator of enablement.
- String
- Block page footer text.
- header
Text String - Block page header text.
- logo
Path String - URL of block page logo.
- mailto
Address String - Admin email for users to contact.
- mailto
Subject String - Subject line for emails created from block page.
- name String
- Name of block page configuration.
- background
Color string - Hex code of block page background color.
- enabled boolean
- Indicator of enablement.
- string
- Block page footer text.
- header
Text string - Block page header text.
- logo
Path string - URL of block page logo.
- mailto
Address string - Admin email for users to contact.
- mailto
Subject string - Subject line for emails created from block page.
- name string
- Name of block page configuration.
- background_
color str - Hex code of block page background color.
- enabled bool
- Indicator of enablement.
- str
- Block page footer text.
- header_
text str - Block page header text.
- logo_
path str - URL of block page logo.
- mailto_
address str - Admin email for users to contact.
- mailto_
subject str - Subject line for emails created from block page.
- name str
- Name of block page configuration.
- background
Color String - Hex code of block page background color.
- enabled Boolean
- Indicator of enablement.
- String
- Block page footer text.
- header
Text String - Block page header text.
- logo
Path String - URL of block page logo.
- mailto
Address String - Admin email for users to contact.
- mailto
Subject String - Subject line for emails created from block page.
- name String
- Name of block page configuration.
ZeroTrustGatewaySettingsBodyScanning, ZeroTrustGatewaySettingsBodyScanningArgs
- Inspection
Mode string - Body scanning inspection mode. Available values:
deep
,shallow
.
- Inspection
Mode string - Body scanning inspection mode. Available values:
deep
,shallow
.
- inspection
Mode String - Body scanning inspection mode. Available values:
deep
,shallow
.
- inspection
Mode string - Body scanning inspection mode. Available values:
deep
,shallow
.
- inspection_
mode str - Body scanning inspection mode. Available values:
deep
,shallow
.
- inspection
Mode String - Body scanning inspection mode. Available values:
deep
,shallow
.
ZeroTrustGatewaySettingsCertificate, ZeroTrustGatewaySettingsCertificateArgs
- Id string
- ID of certificate for TLS interception.
- Id string
- ID of certificate for TLS interception.
- id String
- ID of certificate for TLS interception.
- id string
- ID of certificate for TLS interception.
- id str
- ID of certificate for TLS interception.
- id String
- ID of certificate for TLS interception.
ZeroTrustGatewaySettingsCustomCertificate, ZeroTrustGatewaySettingsCustomCertificateArgs
- enabled bool
- Whether TLS encryption should use a custom certificate.
- id str
- ID of custom certificate.
- updated_
at str
ZeroTrustGatewaySettingsExtendedEmailMatching, ZeroTrustGatewaySettingsExtendedEmailMatchingArgs
- Enabled bool
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
- Enabled bool
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
- enabled Boolean
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
- enabled boolean
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
- enabled bool
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
- enabled Boolean
- Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.
ZeroTrustGatewaySettingsFips, ZeroTrustGatewaySettingsFipsArgs
- Tls bool
- Only allow FIPS-compliant TLS configuration.
- Tls bool
- Only allow FIPS-compliant TLS configuration.
- tls Boolean
- Only allow FIPS-compliant TLS configuration.
- tls boolean
- Only allow FIPS-compliant TLS configuration.
- tls bool
- Only allow FIPS-compliant TLS configuration.
- tls Boolean
- Only allow FIPS-compliant TLS configuration.
ZeroTrustGatewaySettingsLogging, ZeroTrustGatewaySettingsLoggingArgs
- Redact
Pii bool - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- Settings
By ZeroRule Type Trust Gateway Settings Logging Settings By Rule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
- Redact
Pii bool - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- Settings
By ZeroRule Type Trust Gateway Settings Logging Settings By Rule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
- redact
Pii Boolean - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- settings
By ZeroRule Type Trust Gateway Settings Logging Settings By Rule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
- redact
Pii boolean - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- settings
By ZeroRule Type Trust Gateway Settings Logging Settings By Rule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
- redact_
pii bool - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- settings_
by_ Zerorule_ type Trust Gateway Settings Logging Settings By Rule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
- redact
Pii Boolean - Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- settings
By Property MapRule Type - Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters.
ZeroTrustGatewaySettingsLoggingSettingsByRuleType, ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeArgs
- Dns
Zero
Trust Gateway Settings Logging Settings By Rule Type Dns - Logging configuration for DNS requests.
- Http
Zero
Trust Gateway Settings Logging Settings By Rule Type Http - Logging configuration for HTTP requests.
- L4
Zero
Trust Gateway Settings Logging Settings By Rule Type L4 - Logging configuration for layer 4 requests.
- Dns
Zero
Trust Gateway Settings Logging Settings By Rule Type Dns - Logging configuration for DNS requests.
- Http
Zero
Trust Gateway Settings Logging Settings By Rule Type Http - Logging configuration for HTTP requests.
- L4
Zero
Trust Gateway Settings Logging Settings By Rule Type L4 - Logging configuration for layer 4 requests.
- dns
Zero
Trust Gateway Settings Logging Settings By Rule Type Dns - Logging configuration for DNS requests.
- http
Zero
Trust Gateway Settings Logging Settings By Rule Type Http - Logging configuration for HTTP requests.
- l4
Zero
Trust Gateway Settings Logging Settings By Rule Type L4 - Logging configuration for layer 4 requests.
- dns
Zero
Trust Gateway Settings Logging Settings By Rule Type Dns - Logging configuration for DNS requests.
- http
Zero
Trust Gateway Settings Logging Settings By Rule Type Http - Logging configuration for HTTP requests.
- l4
Zero
Trust Gateway Settings Logging Settings By Rule Type L4 - Logging configuration for layer 4 requests.
- dns
Zero
Trust Gateway Settings Logging Settings By Rule Type Dns - Logging configuration for DNS requests.
- http
Zero
Trust Gateway Settings Logging Settings By Rule Type Http - Logging configuration for HTTP requests.
- l4
Zero
Trust Gateway Settings Logging Settings By Rule Type L4 - Logging configuration for layer 4 requests.
- dns Property Map
- Logging configuration for DNS requests.
- http Property Map
- Logging configuration for HTTP requests.
- l4 Property Map
- Logging configuration for layer 4 requests.
ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDns, ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeDnsArgs
- log_
all bool - Whether to log all activity.
- log_
blocks bool
ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttp, ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeHttpArgs
- log_
all bool - Whether to log all activity.
- log_
blocks bool
ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4, ZeroTrustGatewaySettingsLoggingSettingsByRuleTypeL4Args
- log_
all bool - Whether to log all activity.
- log_
blocks bool
ZeroTrustGatewaySettingsPayloadLog, ZeroTrustGatewaySettingsPayloadLogArgs
- Public
Key string - Public key used to encrypt matched payloads.
- Public
Key string - Public key used to encrypt matched payloads.
- public
Key String - Public key used to encrypt matched payloads.
- public
Key string - Public key used to encrypt matched payloads.
- public_
key str - Public key used to encrypt matched payloads.
- public
Key String - Public key used to encrypt matched payloads.
ZeroTrustGatewaySettingsProxy, ZeroTrustGatewaySettingsProxyArgs
- Disable
For intTime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- Root
Ca bool - Whether root ca is enabled account wide for ZT clients.
- Tcp bool
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- Udp bool
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- Virtual
Ip bool - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
- Disable
For intTime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- Root
Ca bool - Whether root ca is enabled account wide for ZT clients.
- Tcp bool
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- Udp bool
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- Virtual
Ip bool - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
- disable
For IntegerTime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- root
Ca Boolean - Whether root ca is enabled account wide for ZT clients.
- tcp Boolean
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- udp Boolean
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- virtual
Ip Boolean - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
- disable
For numberTime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- root
Ca boolean - Whether root ca is enabled account wide for ZT clients.
- tcp boolean
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- udp boolean
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- virtual
Ip boolean - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
- disable_
for_ inttime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- root_
ca bool - Whether root ca is enabled account wide for ZT clients.
- tcp bool
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- udp bool
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- virtual_
ip bool - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
- disable
For NumberTime - Sets the time limit in seconds that a user can use an override code to bypass WARP.
- root
Ca Boolean - Whether root ca is enabled account wide for ZT clients.
- tcp Boolean
- Whether gateway proxy is enabled on gateway devices for TCP traffic.
- udp Boolean
- Whether gateway proxy is enabled on gateway devices for UDP traffic.
- virtual
Ip Boolean - Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.
ZeroTrustGatewaySettingsSshSessionLog, ZeroTrustGatewaySettingsSshSessionLogArgs
- Public
Key string - Public key used to encrypt ssh session.
- Public
Key string - Public key used to encrypt ssh session.
- public
Key String - Public key used to encrypt ssh session.
- public
Key string - Public key used to encrypt ssh session.
- public_
key str - Public key used to encrypt ssh session.
- public
Key String - Public key used to encrypt ssh session.
Import
$ pulumi import cloudflare:index/zeroTrustGatewaySettings:ZeroTrustGatewaySettings example <account_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.