Palo Alto Networks · Schema
SecurityRule
A security rule within a Cloud NGFW rule stack.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| Priority | integer | Rule evaluation priority (lower numbers evaluated first). |
| RuleEntry | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "SecurityRule",
"description": "A security rule within a Cloud NGFW rule stack.",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cloud-ngfw-api-security-rule-schema.json",
"type": "object",
"properties": {
"Priority": {
"type": "integer",
"description": "Rule evaluation priority (lower numbers evaluated first)."
},
"RuleEntry": {
"type": "object",
"properties": {
"RuleName": {
"type": "string"
},
"Description": {
"type": "string"
},
"Enabled": {
"type": "boolean",
"default": true
},
"Source": {
"type": "object",
"description": "Traffic source matching criteria for a security rule.",
"properties": {
"Cidrs": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source CIDR blocks (e.g., 10.0.0.0/8)."
},
"Countries": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source country codes (ISO 3166-1 alpha-2)."
},
"Feeds": {
"type": "array",
"items": {
"type": "string"
},
"description": "Threat intelligence feed names."
},
"PrefixLists": {
"type": "array",
"items": {
"type": "string"
},
"description": "Names of prefix lists defined in the rule stack."
}
}
},
"NegateSource": {
"type": "boolean",
"default": false
},
"Destination": {
"type": "object",
"description": "Traffic destination matching criteria for a security rule.",
"properties": {
"Cidrs": {
"type": "array",
"items": {
"type": "string"
},
"description": "Destination CIDR blocks."
},
"Countries": {
"type": "array",
"items": {
"type": "string"
},
"description": "Destination country codes."
},
"Feeds": {
"type": "array",
"items": {
"type": "string"
}
},
"FqdnLists": {
"type": "array",
"items": {
"type": "string"
},
"description": "Names of FQDN lists defined in the rule stack."
},
"PrefixLists": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"NegateDestination": {
"type": "boolean",
"default": false
},
"Applications": {
"type": "array",
"items": {
"type": "string"
},
"description": "Application names to match (use any for all applications)."
},
"Category": {
"type": "object",
"properties": {
"URLCategoryNames": {
"type": "array",
"items": {
"type": "string"
}
},
"Feeds": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Protocol": {
"type": "string",
"enum": [
"APPLICATION-DEFAULT",
"TCP",
"UDP",
"ICMP",
"ANY"
]
},
"Action": {
"type": "string",
"enum": [
"Allow",
"DenyResetBoth",
"DenyResetServer",
"DenySilent"
]
},
"DecryptionRuleType": {
"type": "string",
"enum": [
"SSLOutboundInspection",
"None"
]
},
"AuditComment": {
"type": "string"
}
}
}
}
}