import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Palo Alto Next Generation Firewall Deployed in a Virtual Network and configured via a Local Rulestack. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resource-group", * location: "westeurope", * }); * const examplePublicIp = new azure.network.PublicIp("example", { * name: "example-public-ip", * location: example.location, * resourceGroupName: example.name, * allocationMethod: "Static", * sku: "Standard", * }); * const exampleNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("example", { * name: "example-nsg", * location: test.location, * resourceGroupName: test.name, * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "example-vnet", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * tags: { * environment: "Production", * }, * }); * const trust = new azure.network.Subnet("trust", { * name: "example-trust-subnet", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * delegations: [{ * name: "trusted", * serviceDelegation: { * name: "PaloAltoNetworks.Cloudngfw/firewalls", * actions: ["Microsoft.Network/virtualNetworks/subnets/join/action"], * }, * }], * }); * const trustSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("trust", { * subnetId: trust.id, * networkSecurityGroupId: exampleNetworkSecurityGroup.id, * }); * const untrust = new azure.network.Subnet("untrust", { * name: "example-untrust-subnet", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.2.0/24"], * delegations: [{ * name: "untrusted", * serviceDelegation: { * name: "PaloAltoNetworks.Cloudngfw/firewalls", * actions: ["Microsoft.Network/virtualNetworks/subnets/join/action"], * }, * }], * }); * const untrustSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("untrust", { * subnetId: untrust.id, * networkSecurityGroupId: exampleNetworkSecurityGroup.id, * }); * const exampleLocalRulestack = new azure.paloalto.LocalRulestack("example", { * name: "example-rulestack", * resourceGroupName: example.name, * location: example.locatio, * }); * const exampleLocalRulestackRule = new azure.paloalto.LocalRulestackRule("example", { * name: "example-rulestack-rule", * rulestackId: exampleLocalRulestack.id, * priority: 1001, * action: "Allow", * applications: ["any"], * destination: { * cidrs: ["any"], * }, * source: { * cidrs: ["any"], * }, * }); * const exampleNextGenerationFirewallVirtualNetworkLocalRulestack = new azure.paloalto.NextGenerationFirewallVirtualNetworkLocalRulestack("example", { * name: "example-ngfwvn", * resourceGroupName: example.name, * rulestackId: exampleLocalRulestack.id, * networkProfile: { * publicIpAddressIds: [examplePublicIp.id], * vnetConfiguration: { * virtualNetworkId: exampleVirtualNetwork.id, * trustedSubnetId: trust.id, * untrustedSubnetId: untrust.id, * }, * }, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `PaloAltoNetworks.Cloudngfw` - 2025-10-08 * * ## Import * * Palo Alto Next Generation Firewall Virtual Network Local Rulestacks can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:paloalto/nextGenerationFirewallVirtualNetworkLocalRulestack:NextGenerationFirewallVirtualNetworkLocalRulestack example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/PaloAltoNetworks.Cloudngfw/firewalls/myVNetRulestackFW * ``` */ export declare class NextGenerationFirewallVirtualNetworkLocalRulestack extends pulumi.CustomResource { /** * Get an existing NextGenerationFirewallVirtualNetworkLocalRulestack resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: NextGenerationFirewallVirtualNetworkLocalRulestackState, opts?: pulumi.CustomResourceOptions): NextGenerationFirewallVirtualNetworkLocalRulestack; /** * Returns true if the given object is an instance of NextGenerationFirewallVirtualNetworkLocalRulestack. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NextGenerationFirewallVirtualNetworkLocalRulestack; /** * One or more `destinationNat` blocks as defined below. */ readonly destinationNats: pulumi.Output; /** * A `dnsSettings` block as defined below. */ readonly dnsSettings: pulumi.Output; /** * The marketplace offer ID. Defaults to `panSwfwCloudNgfw`. Changing this forces a new resource to be created. */ readonly marketplaceOfferId: pulumi.Output; /** * The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ readonly name: pulumi.Output; /** * A `networkProfile` block as defined below. */ readonly networkProfile: pulumi.Output; /** * The billing plan ID as published by Liftr.PAN. Defaults to `panw-cloud-ngfw-payg`. * * > **Note:** The former `planId` `panw-cloud-ngfw-payg` is defined as stop sell, but has been set as the default to not break any existing resources that were originally provisioned with it. Users need to explicitly set `planId` to `panw-cngfw-payg` when creating new resources. */ readonly planId: pulumi.Output; /** * The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ readonly resourceGroupName: pulumi.Output; /** * The ID of the Local Rulestack which will be used to configure this Firewall Resource. */ readonly rulestackId: pulumi.Output; /** * A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a NextGenerationFirewallVirtualNetworkLocalRulestack resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: NextGenerationFirewallVirtualNetworkLocalRulestackArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering NextGenerationFirewallVirtualNetworkLocalRulestack resources. */ export interface NextGenerationFirewallVirtualNetworkLocalRulestackState { /** * One or more `destinationNat` blocks as defined below. */ destinationNats?: pulumi.Input[]>; /** * A `dnsSettings` block as defined below. */ dnsSettings?: pulumi.Input; /** * The marketplace offer ID. Defaults to `panSwfwCloudNgfw`. Changing this forces a new resource to be created. */ marketplaceOfferId?: pulumi.Input; /** * The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ name?: pulumi.Input; /** * A `networkProfile` block as defined below. */ networkProfile?: pulumi.Input; /** * The billing plan ID as published by Liftr.PAN. Defaults to `panw-cloud-ngfw-payg`. * * > **Note:** The former `planId` `panw-cloud-ngfw-payg` is defined as stop sell, but has been set as the default to not break any existing resources that were originally provisioned with it. Users need to explicitly set `planId` to `panw-cngfw-payg` when creating new resources. */ planId?: pulumi.Input; /** * The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ resourceGroupName?: pulumi.Input; /** * The ID of the Local Rulestack which will be used to configure this Firewall Resource. */ rulestackId?: pulumi.Input; /** * A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a NextGenerationFirewallVirtualNetworkLocalRulestack resource. */ export interface NextGenerationFirewallVirtualNetworkLocalRulestackArgs { /** * One or more `destinationNat` blocks as defined below. */ destinationNats?: pulumi.Input[]>; /** * A `dnsSettings` block as defined below. */ dnsSettings?: pulumi.Input; /** * The marketplace offer ID. Defaults to `panSwfwCloudNgfw`. Changing this forces a new resource to be created. */ marketplaceOfferId?: pulumi.Input; /** * The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Local Rulestack. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ name?: pulumi.Input; /** * A `networkProfile` block as defined below. */ networkProfile: pulumi.Input; /** * The billing plan ID as published by Liftr.PAN. Defaults to `panw-cloud-ngfw-payg`. * * > **Note:** The former `planId` `panw-cloud-ngfw-payg` is defined as stop sell, but has been set as the default to not break any existing resources that were originally provisioned with it. Users need to explicitly set `planId` to `panw-cngfw-payg` when creating new resources. */ planId?: pulumi.Input; /** * The name of the Resource Group where the Palo Alto Next Generation Firewall Virtual Network Local Rulestack should exist. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Local Rulestack to be created. */ resourceGroupName: pulumi.Input; /** * The ID of the Local Rulestack which will be used to configure this Firewall Resource. */ rulestackId: pulumi.Input; /** * A mapping of tags which should be assigned to the Palo Alto Next Generation Firewall Virtual Network Local Rulestack. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }