Palo Alto Networks · Schema
SecurityRule
A security policy rule controlling traffic flow between zones based on source, destination, application, service, and user criteria.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| @name | string | Unique name of the security rule. |
| from | object | |
| to | object | |
| source | object | |
| destination | object | |
| source-user | object | |
| application | object | |
| service | object | |
| category | object | |
| action | string | Action to take on matching traffic. |
| log-start | string | Log at session start. |
| log-end | string | Log at session end. |
| log-setting | string | Log forwarding profile name. |
| profile-setting | object | Security profile group or individual profiles. |
| disabled | string | Whether the rule is disabled. |
| description | string | |
| tag | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "SecurityRule",
"description": "A security policy rule controlling traffic flow between zones based on source, destination, application, service, and user criteria.",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/pan-os-rest-api-security-rule-schema.json",
"type": "object",
"properties": {
"@name": {
"type": "string",
"description": "Unique name of the security rule."
},
"from": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source zones (e.g., trust, untrust)."
}
}
},
"to": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Destination zones."
}
}
},
"source": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source addresses or address groups (use \"any\" for all)."
}
}
},
"destination": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Destination addresses or address groups."
}
}
},
"source-user": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source users or user groups (use \"any\" for all)."
}
}
},
"application": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Application names (e.g., ssl, web-browsing, any)."
}
}
},
"service": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "Service objects or application-default to use application native ports."
}
}
},
"category": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
},
"description": "URL categories."
}
}
},
"action": {
"type": "string",
"enum": [
"allow",
"deny",
"drop",
"reset-client",
"reset-server",
"reset-both"
],
"description": "Action to take on matching traffic."
},
"log-start": {
"type": "string",
"enum": [
"yes",
"no"
],
"description": "Log at session start."
},
"log-end": {
"type": "string",
"enum": [
"yes",
"no"
],
"description": "Log at session end."
},
"log-setting": {
"type": "string",
"description": "Log forwarding profile name."
},
"profile-setting": {
"type": "object",
"description": "Security profile group or individual profiles.",
"properties": {
"group": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
},
"disabled": {
"type": "string",
"enum": [
"yes",
"no"
],
"description": "Whether the rule is disabled."
},
"description": {
"type": "string"
},
"tag": {
"type": "object",
"properties": {
"member": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}