@pulumi/juniper-mist

import * as outputs from "../types/output"; export interface GetConstAlarmsConstAlarm { /** * Description of the alarm type */ display: string; /** * Group to which the alarm belongs */ group: string; /** * Key name of the alarm type */ key: string; /** * Severity of the alarm */ severity: string; } export interface GetConstAppCategoriesConstAppCategory { /** * Description of the app category */ display: string; filters: outputs.GetConstAppCategoriesConstAppCategoryFilters; /** * List of other App Categories contained by this one */ includes: string[]; /** * Key name of the app category */ key: string; } export interface GetConstAppCategoriesConstAppCategoryFilters { srxes: string[]; ssrs: string[]; } export interface GetConstAppSubCategoriesConstAppSubCategory { /** * Description of the app subcategory */ display: string; /** * Key name of the app subcategory */ key: string; /** * Type of traffic (QoS) of the app subcategory */ trafficType: string; } export interface GetConstApplicationsConstApplication { appId: boolean; appImageUrl: string; appProbe: boolean; category: string; group: string; key: string; name: string; signatureBased: boolean; ssrAppId: boolean; } export interface GetConstCountriesConstCountry { /** * Country code, in two-character */ alpha2: string; certified: boolean; name: string; /** * Country code, ISO 3166-1 numeric */ numeric: number; } export interface GetConstTrafficTypesConstTrafficType { display: string; dscp: number; failoverPolicy: string; maxJitter: number; maxLatency: number; maxLoss: number; name: string; trafficClass: string; } export interface GetConstWebhooksConstWebhook { /** * supports single event per message results */ allowsSingleEventPerMessage: boolean; /** * Can be used in org webhooks, optional */ forOrg: boolean; /** * Supports webhook delivery results /api/v1/:scope/:scope*id/webhooks/:webhook*id/events/search */ hasDeliveryResults: boolean; /** * Internal topic (not selectable in site/org webhooks) */ internal: boolean; /** * Webhook topic name */ key: string; } export interface GetSitesSite { /** * full address of the site */ address: string; /** * Alarm Template ID, this takes precedence over the Org-level alarmtemplate_id */ alarmtemplateId: string; /** * AP Template ID, used by APs */ aptemplateId: string; /** * country code for the site (for AP config generation), in two-character */ countryCode: string; createdTime: number; /** * Gateway Template ID, used by gateways */ gatewaytemplateId: string; id: string; latlng: outputs.GetSitesSiteLatlng; modifiedTime: number; name: string; /** * Network Template ID, this takes precedence over Site Settings */ networktemplateId: string; /** * optional, any notes about the site */ notes: string; orgId: string; /** * RF Template ID, this takes precedence over Site Settings */ rftemplateId: string; /** * SecPolicy ID */ secpolicyId: string; /** * sitegroups this site belongs to */ sitegroupIds: string[]; /** * Site Template ID */ sitetemplateId: string; /** * Timezone the site is at */ timezone: string; } export interface GetSitesSiteLatlng { lat: number; lng: number; } export interface UpgradeDeviceAutoUpgradeStat { lastcheck: number; } export interface UpgradeDeviceFwupdate { progress: number; /** * enum: `inprogress`, `failed`, `upgraded`, `success`, `scheduled`, `error` */ status: string; statusId: number; /** * Epoch (seconds) */ timestamp: number; willRetry: boolean; } export declare namespace device { interface ApAeroscout { /** * Whether to enable aeroscout config */ enabled: boolean; /** * Required if enabled, aeroscout server host */ host: string; /** * Whether to enable the feature to allow wireless clients data received and sent to AES server for location calculation */ locateConnected: boolean; port: number; } interface ApAirista { /** * Whether to enable Airista config */ enabled?: boolean; /** * Required if enabled, Airista server host */ host?: string; port?: number; } interface ApBleConfig { /** * Whether Mist beacons is enabled */ beaconEnabled: boolean; /** * Required if `beaconRateMode`==`custom`, 1-10, in number-beacons-per-second */ beaconRate?: number; /** * enum: `custom`, `default` */ beaconRateMode?: string; /** * List of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam) */ beamDisableds?: number[]; /** * Can be enabled if `beaconEnabled`==`true`, whether to send custom packet */ customBlePacketEnabled?: boolean; /** * The custom frame to be sent out in this beacon. The frame must be a hexstring */ customBlePacketFrame?: string; /** * Frequency (msec) of data emitted by custom ble beacon */ customBlePacketFreqMsec?: number; /** * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default */ eddystoneUidAdvPower?: number; eddystoneUidBeams?: string; /** * Only if `beaconEnabled`==`false`, Whether Eddystone-UID beacon is enabled */ eddystoneUidEnabled?: boolean; /** * Frequency (msec) of data emit by Eddystone-UID beacon */ eddystoneUidFreqMsec?: number; /** * Eddystone-UID instance for the device */ eddystoneUidInstance?: string; /** * Eddystone-UID namespace */ eddystoneUidNamespace?: string; /** * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default */ eddystoneUrlAdvPower?: number; eddystoneUrlBeams?: string; /** * Only if `beaconEnabled`==`false`, Whether Eddystone-URL beacon is enabled */ eddystoneUrlEnabled?: boolean; /** * Frequency (msec) of data emit by Eddystone-UID beacon */ eddystoneUrlFreqMsec?: number; /** * URL pointed by Eddystone-URL beacon */ eddystoneUrlUrl?: string; /** * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default */ ibeaconAdvPower?: number; ibeaconBeams?: string; /** * Can be enabled if `beaconEnabled`==`true`, whether to send iBeacon */ ibeaconEnabled?: boolean; /** * Frequency (msec) of data emit for iBeacon */ ibeaconFreqMsec?: number; /** * Major number for iBeacon */ ibeaconMajor?: number; /** * Minor number for iBeacon */ ibeaconMinor?: number; /** * Optional, if not specified, the same UUID as the beacon will be used */ ibeaconUuid?: string; /** * Required if `powerMode`==`custom`; else use `powerMode` as default */ power?: number; /** * enum: `custom`, `default` */ powerMode?: string; } interface ApCentrak { enabled: boolean; } interface ApClientBridge { auth?: outputs.device.ApClientBridgeAuth; /** * When acted as client bridge: * * only 5G radio can be used * * will not serve as AP on any radios */ enabled: boolean; ssid?: string; } interface ApClientBridgeAuth { psk?: string; /** * wpa2-AES/CCMPp is assumed when `type`==`psk`. enum: `open`, `psk` */ type: string; } interface ApEslConfig { /** * Only if `type`==`imagotag` or `type`==`native` */ cacert?: string; /** * Only if `type`==`imagotag` or `type`==`native` */ channel?: number; /** * usb_config is ignored if eslConfig enabled */ enabled: boolean; /** * Only if `type`==`imagotag` or `type`==`native` */ host: string; /** * Only if `type`==`imagotag` or `type`==`native` */ port?: number; /** * note: bleConfig will be ignored if eslConfig is enabled and with native mode. enum: `hanshow`, `imagotag`, `native`, `solum` */ type: string; /** * Only if `type`==`imagotag` or `type`==`native` */ verifyCert?: boolean; /** * Only if `type`==`solum` or `type`==`hanshow` */ vlanId: number; } interface ApIpConfig { /** * If `type`==`static` */ dns?: string[]; /** * Required if `type`==`static` */ dnsSuffixes?: string[]; /** * Required if `type`==`static` */ gateway?: string; gateway6?: string; /** * Required if `type`==`static` */ ip?: string; ip6?: string; mtu: number; /** * Required if `type`==`static` */ netmask?: string; netmask6?: string; /** * enum: `dhcp`, `static` */ type: string; /** * enum: `autoconf`, `dhcp`, `disabled`, `static` */ type6?: string; /** * Management VLAN id, default is 1 (untagged) */ vlanId?: number; } interface ApLacpConfig { enabled: boolean; } interface ApLed { brightness: number; enabled: boolean; } interface ApMesh { /** * List of bands that the mesh should apply to. For relay, the first viable one will be picked. For relay, the first viable one will be picked. enum: `24`, `5`, `6` */ bands?: string[]; /** * Whether mesh is enabled on this AP */ enabled: boolean; /** * Mesh group, base AP(s) will only allow remote AP(s) in the same mesh group to join, 1-9, optional */ group?: number; /** * enum: `base`, `remote` */ role?: string; } interface ApPortConfig { disabled: boolean; /** * Optional dynamic vlan */ dynamicVlan?: outputs.device.ApPortConfigDynamicVlan; enableMacAuth: boolean; /** * enum: * * `all`: local breakout, All VLANs * * `limited`: local breakout, only the VLANs configured in `portVlanId` and `vlanIds` * * `mxtunnel`: central breakout to an Org Mist Edge (requires `mxtunnelId`) * * `siteMxedge`: central breakout to a Site Mist Edge (requires `mxtunnelName`) * * `wxtunnel`': central breakout to an Org WxTunnel (requires `wxtunnelId`) */ forwarding: string; /** * When `true`, we'll do dot1x then mac_auth. enable this to prefer mac_auth */ macAuthPreferred: boolean; /** * if `enableMacAuth`==`true`, allows user to select an authentication protocol. enum: `eap-md5`, `eap-peap`, `pap` */ macAuthProtocol: string; mistNac?: outputs.device.ApPortConfigMistNac; /** * If `forwarding`==`mxtunnel`, vlanIds comes from mxtunnel */ mxTunnelId: string; /** * If `forwarding`==`siteMxedge`, vlanIds comes from siteMxedge (`mxtunnels` under site setting) */ mxtunnelName: string; /** * When doing port auth. enum: `dot1x`, `none` */ portAuth: string; /** * If `forwarding`==`limited` */ portVlanId?: number; /** * Junos Radius config */ radiusConfig?: outputs.device.ApPortConfigRadiusConfig; /** * RadSec settings */ radsec?: outputs.device.ApPortConfigRadsec; /** * Optional to specify the vlan id for a tunnel if forwarding is for `wxtunnel`, `mxtunnel` or `siteMxedge`. * * if vlanId is not specified then it will use first one in vlan_ids[] of the mxtunnel. * * if forwarding == site_mxedge, vlanIds comes from siteMxedge (`mxtunnels` under site setting) */ vlanId?: number; /** * If `forwarding`==`limited`, comma separated list of additional vlan ids allowed on this port */ vlanIds?: string; /** * If `forwarding`==`wxtunnel`, the port is bridged to the vlan of the session */ wxtunnelId: string; /** * If `forwarding`==`wxtunnel`, the port is bridged to the vlan of the session */ wxtunnelRemoteId: string; } interface ApPortConfigDynamicVlan { defaultVlanId?: number; enabled?: boolean; type?: string; vlans?: { [key: string]: string; }; } interface ApPortConfigMistNac { /** * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled. */ acctInterimInterval?: number; /** * Radius auth session retries. Following fast timers are set if `fastDot1xTimers` knob is enabled. "retries" are set to value of `authServersTimeout`. "max-requests" is also set when setting `authServersRetries` is set to default value to 3. */ authServersRetries?: number; /** * Radius auth session timeout. Following fast timers are set if `fastDot1xTimers` knob is enabled. "quite-period" and "transmit-period" are set to half the value of `authServersTimeout`. "supplicant-timeout" is also set when setting `authServersTimeout` is set to default value of 10. */ authServersTimeout?: number; /** * Allows a RADIUS server to dynamically modify the authorization status of a user session. */ coaEnabled?: boolean; /** * the communication port used for “Change of Authorization” (CoA) messages */ coaPort?: number; /** * When enabled: * * `authServers` is ignored * * `acctServers` is ignored * * `auth_servers_*` are ignored * * `coaServers` is ignored * * `radsec` is ignored * * `coaEnabled` is assumed */ enabled: boolean; /** * If set to true, sets default fast-timers with values calculated from `authServersTimeout` and `authServerRetries`. */ fastDot1xTimers?: boolean; /** * Which network the mist nac server resides in */ network?: string; /** * In case there is a static IP for this network, we can specify it using source ip */ sourceIp?: string; } interface ApPortConfigRadiusConfig { /** * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled */ acctInterimInterval: number; acctServers?: outputs.device.ApPortConfigRadiusConfigAcctServer[]; authServers?: outputs.device.ApPortConfigRadiusConfigAuthServer[]; /** * radius auth session retries */ authServersRetries: number; /** * radius auth session timeout */ authServersTimeout: number; coaEnabled: boolean; coaPort: number; /** * use `network`or `sourceIp`, which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip */ network?: string; /** * use `network`or `sourceIp` */ sourceIp?: string; } interface ApPortConfigRadiusConfigAcctServer { /** * IP/ hostname of RADIUS server */ host: string; keywrapEnabled?: boolean; /** * enum: `ascii`, `hex` */ keywrapFormat?: string; keywrapKek?: string; keywrapMack?: string; port?: string; /** * Secret of RADIUS server */ secret: string; } interface ApPortConfigRadiusConfigAuthServer { /** * IP/ hostname of RADIUS server */ host: string; keywrapEnabled?: boolean; /** * enum: `ascii`, `hex` */ keywrapFormat?: string; keywrapKek?: string; keywrapMack?: string; port?: string; /** * Whether to require Message-Authenticator in requests */ requireMessageAuthenticator: boolean; /** * Secret of RADIUS server */ secret: string; } interface ApPortConfigRadsec { coaEnabled: boolean; enabled?: boolean; idleTimeout?: string; /** * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids */ mxclusterIds?: string[]; /** * Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge` */ proxyHosts?: string[]; /** * Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge. */ serverName?: string; /** * List of RadSec Servers. Only if not Mist Edge. */ servers?: outputs.device.ApPortConfigRadsecServer[]; /** * use mxedge(s) as RadSec Proxy */ useMxedge?: boolean; /** * To use Site mxedges when this WLAN does not use mxtunnel */ useSiteMxedge: boolean; } interface ApPortConfigRadsecServer { host?: string; port?: number; } interface ApPwrConfig { /** * Additional power to request during negotiating with PSE over PoE, in mW */ base: number; /** * Whether to enable power out to peripheral, meanwhile will reduce power to Wi-Fi (only for AP45 at power mode) */ preferUsbOverWifi: boolean; } interface ApRadioConfig { allowRrmDisable?: boolean; /** * Antenna gain for 2.4G - for models with external antenna only */ antGain24?: number; /** * Antenna gain for 5G - for models with external antenna only */ antGain5?: number; /** * Antenna gain for 6G - for models with external antenna only */ antGain6?: number; /** * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default` */ antennaMode?: string; /** * Antenna Mode for AP which supports selectable antennas. enum: `""` (default), `external`, `internal` */ antennaSelect?: string; /** * Radio Band AP settings */ band24?: outputs.device.ApRadioConfigBand24; /** * enum: `24`, `5`, `6`, `auto` */ band24Usage?: string; /** * Radio Band AP settings */ band5?: outputs.device.ApRadioConfigBand5; /** * Radio Band AP settings */ band5On24Radio?: outputs.device.ApRadioConfigBand5On24Radio; /** * Radio Band AP settings */ band6?: outputs.device.ApRadioConfigBand6; /** * Let RRM control everything, only the `channels` and `antGain` will be honored (i.e. disabled/bandwidth/power/band_24_usage are all controlled by RRM) */ fullAutomaticRrm: boolean; /** * To make an outdoor operate indoor. For an outdoor-ap, some channels are disallowed by default, this allows the user to use it as an indoor-ap */ indoorUse?: boolean; /** * Enable RRM to manage all radio settings (ignores all bandXxx configs) */ rrmManaged?: boolean; /** * Whether scanning radio is enabled */ scanningEnabled?: boolean; } interface ApRadioConfigBand24 { allowRrmDisable: boolean; antGain: number; /** * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default` */ antennaMode: string; /** * channel width for the 2.4GHz band. enum: `0`(disabled, response only), `20`, `40` */ bandwidth: number; /** * For Device. (primary) channel for the band, 0 means using the Site Setting */ channel: number; /** * For RFTemplates. List of channels, null or empty array means auto */ channels?: number[]; /** * Whether to disable the radio */ disabled: boolean; /** * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / … */ power: number; /** * When power=0, max tx power to use, HW-specific values will be used if not set */ powerMax: number; /** * When power=0, min tx power to use, HW-specific values will be used if not set */ powerMin: number; /** * enum: `auto`, `long`, `short` */ preamble: string; } interface ApRadioConfigBand5 { allowRrmDisable: boolean; antGain: number; /** * enum: `narrow`, `medium`, `wide` */ antennaBeamPattern?: string; /** * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default` */ antennaMode: string; /** * channel width for the 5GHz band. enum: `0`(disabled, response only), `20`, `40`, `80` */ bandwidth: number; /** * For Device. (primary) channel for the band, 0 means using the Site Setting */ channel: number; /** * For RFTemplates. List of channels, null or empty array means auto */ channels?: number[]; /** * Whether to disable the radio */ disabled: boolean; /** * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / … */ power: number; /** * When power=0, max tx power to use, HW-specific values will be used if not set */ powerMax: number; /** * When power=0, min tx power to use, HW-specific values will be used if not set */ powerMin: number; /** * enum: `auto`, `long`, `short` */ preamble: string; } interface ApRadioConfigBand5On24Radio { allowRrmDisable: boolean; antGain: number; /** * enum: `narrow`, `medium`, `wide` */ antennaBeamPattern?: string; /** * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default` */ antennaMode: string; /** * channel width for the 5GHz band. enum: `0`(disabled, response only), `20`, `40`, `80` */ bandwidth: number; /** * For Device. (primary) channel for the band, 0 means using the Site Setting */ channel: number; /** * For RFTemplates. List of channels, null or empty array means auto */ channels?: number[]; /** * Whether to disable the radio */ disabled: boolean; /** * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / … */ power: number; /** * When power=0, max tx power to use, HW-specific values will be used if not set */ powerMax: number; /** * When power=0, min tx power to use, HW-specific values will be used if not set */ powerMin: number; /** * enum: `auto`, `long`, `short` */ preamble: string; } interface ApRadioConfigBand6 { allowRrmDisable: boolean; antGain: number; /** * enum: `narrow`, `medium`, `wide` */ antennaBeamPattern?: string; /** * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default` */ antennaMode: string; /** * channel width for the 6GHz band. enum: `0`(disabled, response only), `20`, `40`, `80`, `160` */ bandwidth: number; /** * For Device. (primary) channel for the band, 0 means using the Site Setting */ channel: number; /** * For RFTemplates. List of channels, null or empty array means auto */ channels?: number[]; /** * Whether to disable the radio */ disabled: boolean; /** * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / … */ power: number; /** * When power=0, max tx power to use, HW-specific values will be used if not set */ powerMax: number; /** * When power=0, min tx power to use, HW-specific values will be used if not set */ powerMin: number; /** * enum: `auto`, `long`, `short` */ preamble: string; /** * For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed */ standardPower: boolean; } interface ApUplinkPortConfig { /** * Whether to do 802.1x against uplink switch. When enabled, AP cert will be used to do EAP-TLS and the Org's CA Cert has to be provisioned at the switch */ dot1x: boolean; /** * By default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons. */ keepWlansUpIfDown?: boolean; } interface ApUsbConfig { /** * Only if `type`==`imagotag` */ cacert: string; /** * Only if `type`==`imagotag`, channel selection, not needed by default, required for manual channel override only */ channel?: number; /** * Whether to enable any usb config */ enabled?: boolean; /** * Only if `type`==`imagotag` */ host: string; /** * Only if `type`==`imagotag` */ port?: number; /** * usb config type. enum: `hanshow`, `imagotag`, `solum` */ type?: string; /** * Only if `type`==`imagotag`, whether to turn on SSL verification */ verifyCert?: boolean; /** * Only if `type`==`solum` or `type`==`hanshow` */ vlanId?: number; } interface BaseLatlng { lat: number; lng: number; } interface GatewayBgpConfig { /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan` */ authKey?: string; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`, when bfdMultiplier is configured alone. Default: * * 1000 if `type`==`external` * * 350 `type`==`internal` */ bfdMinimumInterval?: number; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`, when bfdMinimumIntervalIsConfigured alone */ bfdMultiplier?: number; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. BFD provides faster path failure detection and is enabled by default */ disableBfd?: boolean; export?: string; /** * Default export policies if no per-neighbor policies defined */ exportPolicy?: string; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. By default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this */ extendedV4Nexthop?: boolean; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. `0` means disable */ gracefulRestartTime?: number; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. Default is 90. */ holdTime?: number; import?: string; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. Default import policies if no per-neighbor policies defined */ importPolicy?: string; /** * Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. BGPLocal AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`) */ localAs?: string; /** * Neighbor AS. If `type`==`internal`, must be equal to `localAs`. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`) */ neighborAs?: string; /** * Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. If per-neighbor as is desired. Property key is the neighbor address */ neighbors?: { [key: string]: outputs.device.GatewayBgpConfigNeighbors; }; /** * Optional if `via`==`lan`. List of networks where we expect BGP neighbor to connect to/from */ networks?: string[]; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. If true, we will not advertise private ASNs (AS 64512-65534) to this neighbor */ noPrivateAs?: boolean; /** * Optional if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. By default, we'll re-advertise all learned BGP routers toward overlay */ noReadvertiseToOverlay?: boolean; /** * Optional if `via`==`tunnel` */ tunnelName?: string; /** * Required if `via`==`lan`, `via`==`tunnel` or `via`==`wan`. enum: `external`, `internal` */ type?: string; /** * enum: `lan`, `tunnel`, `vpn`, `wan` */ via: string; /** * Optional if `via`==`vpn` */ vpnName?: string; /** * Optional if `via`==`wan` */ wanName?: string; } interface GatewayBgpConfigNeighbors { /** * If true, the BGP session to this neighbor will be administratively disabled/shutdown */ disabled: boolean; exportPolicy?: string; holdTime?: number; importPolicy?: string; /** * Assuming BGP neighbor is directly connected */ multihopTtl?: number; /** * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`) */ neighborAs: string; } interface GatewayClusterNode { /** * Gateway MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b") */ mac: string; } interface GatewayDhcpdConfig { /** * Property key is the network name */ config?: { [key: string]: outputs.device.GatewayDhcpdConfigConfig; }; /** * If set to `false`, disable the DHCP server */ enabled?: boolean; } interface GatewayDhcpdConfigConfig { /** * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used */ dnsServers?: string[]; /** * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used * * @deprecated Configuring `dnsSuffix` is deprecated and will not be supported in the future, please configure Code 15 or Code 119 in Server `options` instead */ dnsSuffixes?: string[]; /** * If `type`==`local` or `type6`==`local`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b") */ fixedBindings?: { [key: string]: outputs.device.GatewayDhcpdConfigConfigFixedBindings; }; /** * If `type`==`local` - optional, `ip` will be used if not provided */ gateway?: string; /** * If `type6`==`local` */ ip6End?: string; /** * If `type6`==`local` */ ip6Start?: string; /** * If `type`==`local` */ ipEnd?: string; /** * If `type`==`local` */ ipStart?: string; /** * In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day] */ leaseTime?: number; /** * If `type`==`local` or `type6`==`local`. Property key is the DHCP option number */ options?: { [key: string]: outputs.device.GatewayDhcpdConfigConfigOptions; }; /** * `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients, * should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address. */ serverIdOverride?: boolean; /** * If `type`==`relay` */ servers?: string[]; /** * If `type6`==`relay` */ serversv6s?: string[]; /** * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay) */ type?: string; /** * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay) */ type6?: string; /** * If `type`==`local` or `type6`==`local`. Property key is <enterprise number>:<sub option code>, with * * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers) * * sub option code: 1-255, sub-option code */ vendorEncapsulated?: { [key: string]: outputs.device.GatewayDhcpdConfigConfigVendorEncapsulated; }; } interface GatewayDhcpdConfigConfigFixedBindings { ip?: string; ip6?: string; name?: string; } interface GatewayDhcpdConfigConfigOptions { /** * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32` */ type?: string; value?: string; } interface GatewayDhcpdConfigConfigVendorEncapsulated { /** * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32` */ type?: string; value?: string; } interface GatewayExtraRoutes { via: string; } interface GatewayExtraRoutes6 { via: string; } interface GatewayGatewayMgmt { /** * Rollback timer for commit confirmed */ configRevertTimer?: number; } interface GatewayIdpProfiles { /** * enum: `critical`, `standard`, `strict` */ baseProfile?: string; /** * Unique ID of the object instance in the Mist Organization */ id?: string; name?: string; orgId?: string; overwrites?: outputs.device.GatewayIdpProfilesOverwrite[]; } interface GatewayIdpProfilesOverwrite { /** * enum: * * alert (default) * * drop: silently dropping packets * * close: notify client/server to close connection */ action?: string; matching?: outputs.device.GatewayIdpProfilesOverwriteMatching; name?: string; } interface GatewayIdpProfilesOverwriteMatching { attackNames?: string[]; dstSubnets?: string[]; severities?: string[]; } interface GatewayIpConfigs { ip?: string; ip6?: string; netmask?: string; netmask6?: string; /** * Optional list of secondary IPs in CIDR format */ secondaryIps: string[]; /** * enum: `dhcp`, `static` */ type: string; /** * enum: `autoconf`, `dhcp`, `disabled`, `static` */ type6?: string; } interface GatewayNetwork { /** * Whether to disallow Mist Devices in the network */ disallowMistServices: boolean; gateway?: string; gateway6?: string; internalAccess?: outputs.device.GatewayNetworkInternalAccess; /** * Whether this network has direct internet access */ internetAccess?: outputs.device.GatewayNetworkInternetAccess; /** * Whether to allow clients in the network to talk to each other */ isolation?: boolean; /** * Whether to enable multicast support (only PIM-sparse mode is supported) */ multicast?: outputs.device.GatewayNetworkMulticast; name: string; /** * For a Network (usually LAN), it can be routable to other networks (e.g. OSPF) */ routedForNetworks?: string[]; subnet: string; subnet6?: string; /** * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") */ tenants?: { [key: string]: outputs.device.GatewayNetworkTenants; }; vlanId?: string; /** * Property key is the VPN name. Whether this network can be accessed from vpn */ vpnAccess?: { [key: string]: outputs.device.GatewayNetworkVpnAccess; }; } interface GatewayNetworkInternalAccess { enabled?: boolean; } interface GatewayNetworkInternetAccess { createSimpleServicePolicy: boolean; /** * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined */ destinationNat?: { [key: string]: outputs.device.GatewayNetworkInternetAccessDestinationNat; }; enabled?: boolean; /** * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies */ restricted: boolean; /** * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") */ staticNat?: { [key: string]: outputs.device.GatewayNetworkInternetAccessStaticNat; }; } interface GatewayNetworkInternetAccessDestinationNat { /** * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") */ internalIp?: string; name?: string; /** * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}") */ port?: string; /** * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity */ wanName?: string; } interface GatewayNetworkInternetAccessStaticNat { /** * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") */ internalIp: string; name: string; /** * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}") */ wanName?: string; } interface GatewayNetworkMulticast { /** * If the network will only be the source of the multicast traffic, IGMP can be disabled */ disableIgmp: boolean; enabled: boolean; /** * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32") */ groups?: { [key: string]: outputs.device.GatewayNetworkMulticastGroups; }; } interface GatewayNetworkMulticastGroups { /** * RP (rendezvous point) IP Address */ rpIp?: string; } interface GatewayNetworkTenants { addresses?: string[]; } interface GatewayNetworkVpnAccess { /** * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side */ advertisedSubnet?: string; /** * Whether to allow ping from vpn into this routed network */ allowPing?: boolean; /** * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined */ destinationNat?: { [key: string]: outputs.device.GatewayNetworkVpnAccessDestinationNat; }; /** * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub */ natPool?: string; /** * toward LAN-side BGP peers */ noReadvertiseToLanBgp: boolean; /** * toward LAN-side OSPF peers */ noReadvertiseToLanOspf: boolean; /** * toward overlay, how HUB should deal with routes it received from Spokes */ noReadvertiseToOverlay?: boolean; /** * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs */ otherVrfs: string[]; /** * Whether this network is routable */ routed?: boolean; /** * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub */ sourceNat: outputs.device.GatewayNetworkVpnAccessSourceNat; /** * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") */ staticNat: { [key: string]: outputs.device.GatewayNetworkVpnAccessStaticNat; }; /** * toward overlay, how HUB should deal with routes it received from Spokes */ summarizedSubnet?: string; /** * toward LAN-side BGP peers */ summarizedSubnetToLanBgp?: string; /** * toward LAN-side OSPF peers */ summarizedSubnetToLanOspf?: string; } interface GatewayNetworkVpnAccessDestinationNat { /** * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") */ internalIp?: string; name?: string; port?: string; } interface GatewayNetworkVpnAccessSourceNat { externalIp?: string; } interface GatewayNetworkVpnAccessStaticNat { /** * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") */ internalIp: string; name: string; } interface GatewayOobIpConfig { /** * If `type`==`static` */ gateway?: string; /** * If `type`==`static` */ ip?: string; /** * If `type`==`static` */ netmask?: string; /** * For HA Cluster, node1 can have different IP Config */ node1: outputs.device.GatewayOobIpConfigNode1; /** * enum: `dhcp`, `static` */ type: string; /** * If supported on the platform. If enabled, DNS will be using this routing-instance, too */ useMgmtVrf?: boolean; /** * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired */ useMgmtVrfForHostOut?: boolean; vlanId?: string; } interface GatewayOobIpConfigNode1 { /** * If `type`==`static` */ gateway?: string; ip?: string; /** * Used only if `subnet` is not specified in `networks` */ netmask?: string; /** * enum: `dhcp`, `static` */ type: string; /** * If supported on the platform. If enabled, DNS will be using this routing-instance, too */ useMgmtVrf?: boolean; /** * Whether to use `mgmtJunos` for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired */ useMgmtVrfForHostOut?: boolean; vlanId?: string; } interface GatewayPathPreferences { paths?: outputs.device.GatewayPathPreferencesPath[]; /** * enum: `ecmp`, `ordered`, `weighted` */ strategy: string; } interface GatewayPathPreferencesPath { cost?: number; /** * For SSR Only. `true`, if this specific path is undesired */ disabled?: boolean; /** * Only if `type`==`local`, if a different gateway is desired */ gatewayIp?: string; /** * Only if `type`==`vpn`, if this vpn path can be used for internet */ internetAccess?: boolean; /** * Required when * * `type`==`vpn`: the name of the VPN Path to use * * `type`==`wan`: the name of the WAN interface to use */ name?: string; /** * Required when `type`==`local` */ networks?: string[]; /** * If `type`==`local`, if destination IP is to be replaced */ targetIps?: string[]; /** * enum: `local`, `tunnel`, `vpn`, `wan` */ type: string; /** * Optional if `type`==`vpn` */ wanName?: string; } interface GatewayPortConfig { /** * If `aggregated`==`true`. To disable LCP support for the AE interface */ aeDisableLacp?: boolean; /** * If `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127) */ aeIdx?: string; /** * For SRX only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only */ aeLacpForceUp?: boolean; aggregated?: boolean; /** * To generate port up/down alarm, set it to true */ critical?: boolean; /** * Interface Description. Can be a variable (i.e. "{{myvar}}") */ description?: string; disableAutoneg?: boolean; /** * Port admin up (true) / down (false) */ disabled: boolean; /** * if `wanType`==`dsl`. enum: `adsl`, `vdsl` */ dslType?: string; /** * If `wanType`==`dsl`, 16 bit int */ dslVci?: number; /** * If `wanType`==`dsl`, 8 bit int */ dslVpi?: number; /** * enum: `auto`, `full`, `half` */ duplex?: string; /** * Junos IP Config */ ipConfig?: outputs.device.GatewayPortConfigIpConfig; /** * If `wanType`==`lte` */ lteApn?: string; /** * if `wanType`==`lte`. enum: `chap`, `none`, `pap` */ lteAuth?: string; lteBackup?: boolean; /** * If `wanType`==`