Palo Alto Networks · JSON Structure
Cloud Ngfw Api Security Rule Structure
A security rule within a Cloud NGFW rule stack.
Type: object
Properties: 2
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
SecurityRule is a JSON Structure definition published by Palo Alto Networks, describing 2 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
Priority
RuleEntry
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cloud-ngfw-api-security-rule-structure.json",
"name": "SecurityRule",
"description": "A security rule within a Cloud NGFW rule stack.",
"type": "object",
"properties": {
"Priority": {
"type": "int32",
"description": "Rule evaluation priority (lower numbers evaluated first)."
},
"RuleEntry": {
"type": "object",
"properties": {
"RuleName": {
"type": "string"
},
"Description": {
"type": "string"
},
"Enabled": {
"type": "boolean",
"default": true
},
"Source": {
"type": "object",
"description": "Traffic source matching criteria for a security rule.",
"properties": {
"Cidrs": {
"type": "array",
"description": "Source CIDR blocks (e.g., 10.0.0.0/8).",
"items": {
"type": "string"
}
},
"Countries": {
"type": "array",
"description": "Source country codes (ISO 3166-1 alpha-2).",
"items": {
"type": "string"
}
},
"Feeds": {
"type": "array",
"description": "Threat intelligence feed names.",
"items": {
"type": "string"
}
},
"PrefixLists": {
"type": "array",
"description": "Names of prefix lists defined in the rule stack.",
"items": {
"type": "string"
}
}
}
},
"NegateSource": {
"type": "boolean",
"default": false
},
"Destination": {
"type": "object",
"description": "Traffic destination matching criteria for a security rule.",
"properties": {
"Cidrs": {
"type": "array",
"description": "Destination CIDR blocks.",
"items": {
"type": "string"
}
},
"Countries": {
"type": "array",
"description": "Destination country codes.",
"items": {
"type": "string"
}
},
"Feeds": {
"type": "array",
"items": {
"type": "string"
}
},
"FqdnLists": {
"type": "array",
"description": "Names of FQDN lists defined in the rule stack.",
"items": {
"type": "string"
}
},
"PrefixLists": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"NegateDestination": {
"type": "boolean",
"default": false
},
"Applications": {
"type": "array",
"description": "Application names to match (use any for all applications).",
"items": {
"type": "string"
}
},
"Category": {
"type": "object",
"properties": {
"URLCategoryNames": {
"type": "array",
"items": {
"type": "string"
}
},
"Feeds": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"Protocol": {
"type": "string",
"enum": [
"APPLICATION-DEFAULT",
"TCP",
"UDP",
"ICMP",
"ANY"
]
},
"Action": {
"type": "string",
"enum": [
"Allow",
"DenyResetBoth",
"DenyResetServer",
"DenySilent"
]
},
"DecryptionRuleType": {
"type": "string",
"enum": [
"SSLOutboundInspection",
"None"
]
},
"AuditComment": {
"type": "string"
}
}
}
}
}