@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
1,236 lines (1,235 loc) • 45.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure IPv6 policies. Applies to FortiOS Version `<= 6.4.0`.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.firewall.Policy6("trname", {
* action: "deny",
* diffservForward: "disable",
* diffservReverse: "disable",
* diffservcodeForward: "000000",
* diffservcodeRev: "000000",
* dsri: "disable",
* dstaddrs: [{
* name: "all",
* }],
* dstaddrNegate: "disable",
* dstintfs: [{
* name: "port3",
* }],
* firewallSessionDirty: "check-all",
* fixedport: "disable",
* inbound: "disable",
* ippool: "disable",
* logtraffic: "disable",
* logtrafficStart: "disable",
* nat: "disable",
* natinbound: "disable",
* natoutbound: "disable",
* outbound: "disable",
* policyid: 1,
* profileProtocolOptions: "default",
* profileType: "single",
* rsso: "disable",
* schedule: "always",
* sendDenyPacket: "disable",
* services: [{
* name: "ALL",
* }],
* serviceNegate: "disable",
* srcaddrs: [{
* name: "all",
* }],
* srcaddrNegate: "disable",
* srcintfs: [{
* name: "port4",
* }],
* sslMirror: "disable",
* status: "enable",
* tcpMssReceiver: 0,
* tcpMssSender: 0,
* tcpSessionWithoutSyn: "disable",
* timeoutSendRst: "disable",
* tos: "0x00",
* tosMask: "0x00",
* tosNegate: "disable",
* utmStatus: "disable",
* });
* ```
*
* ## Import
*
* Firewall Policy6 can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Policy6 extends pulumi.CustomResource {
/**
* Get an existing Policy6 resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: Policy6State, opts?: pulumi.CustomResourceOptions): Policy6;
/**
* Returns true if the given object is an instance of Policy6. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Policy6;
/**
* Policy action (allow/deny/ipsec). Valid values: `accept`, `deny`, `ipsec`.
*/
readonly action: pulumi.Output<string>;
/**
* Enable/disable anti-replay check. Valid values: `enable`, `disable`.
*/
readonly antiReplay: pulumi.Output<string>;
/**
* Application category ID list. The structure of `appCategory` block is documented below.
*/
readonly appCategories: pulumi.Output<outputs.firewall.Policy6AppCategory[] | undefined>;
/**
* Application group names. The structure of `appGroup` block is documented below.
*/
readonly appGroups: pulumi.Output<outputs.firewall.Policy6AppGroup[] | undefined>;
/**
* Name of an existing Application list.
*/
readonly applicationList: pulumi.Output<string>;
/**
* Application ID list. The structure of `application` block is documented below.
*/
readonly applications: pulumi.Output<outputs.firewall.Policy6Application[] | undefined>;
/**
* Enable/disable policy traffic ASIC offloading. Valid values: `enable`, `disable`.
*/
readonly autoAsicOffload: pulumi.Output<string>;
/**
* Name of an existing Antivirus profile.
*/
readonly avProfile: pulumi.Output<string>;
/**
* Name of an existing CIFS profile.
*/
readonly cifsProfile: pulumi.Output<string>;
/**
* Comment.
*/
readonly comments: pulumi.Output<string | undefined>;
/**
* Log field index numbers to append custom log fields to log messages for this policy. The structure of `customLogFields` block is documented below.
*/
readonly customLogFields: pulumi.Output<outputs.firewall.Policy6CustomLogField[] | undefined>;
/**
* Decrypted traffic mirror.
*/
readonly decryptedTrafficMirror: pulumi.Output<string>;
/**
* Names of devices or device groups that can be matched by the policy. The structure of `devices` block is documented below.
*/
readonly devices: pulumi.Output<outputs.firewall.Policy6Device[] | undefined>;
/**
* Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: `enable`, `disable`.
*/
readonly diffservForward: pulumi.Output<string>;
/**
* Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: `enable`, `disable`.
*/
readonly diffservReverse: pulumi.Output<string>;
/**
* Change packet's DiffServ to this value.
*/
readonly diffservcodeForward: pulumi.Output<string>;
/**
* Change packet's reverse (reply) DiffServ to this value.
*/
readonly diffservcodeRev: pulumi.Output<string>;
/**
* Name of an existing DLP sensor.
*/
readonly dlpSensor: pulumi.Output<string>;
/**
* Name of an existing DNS filter profile.
*/
readonly dnsfilterProfile: pulumi.Output<string>;
/**
* Enable DSRI to ignore HTTP server responses. Valid values: `enable`, `disable`.
*/
readonly dsri: pulumi.Output<string>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
readonly dstaddrNegate: pulumi.Output<string>;
/**
* Destination address and address group names. The structure of `dstaddr` block is documented below.
*/
readonly dstaddrs: pulumi.Output<outputs.firewall.Policy6Dstaddr[]>;
/**
* Outgoing (egress) interface. The structure of `dstintf` block is documented below.
*/
readonly dstintfs: pulumi.Output<outputs.firewall.Policy6Dstintf[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Name of an existing email filter profile.
*/
readonly emailfilterProfile: pulumi.Output<string>;
/**
* How to handle sessions if the configuration of this firewall policy changes. Valid values: `check-all`, `check-new`.
*/
readonly firewallSessionDirty: pulumi.Output<string>;
/**
* Enable to prevent source NAT from changing a session's source port. Valid values: `enable`, `disable`.
*/
readonly fixedport: pulumi.Output<string>;
/**
* Names of FSSO groups. The structure of `fssoGroups` block is documented below.
*/
readonly fssoGroups: pulumi.Output<outputs.firewall.Policy6FssoGroup[] | undefined>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Label for the policy that appears when the GUI is in Global View mode.
*/
readonly globalLabel: pulumi.Output<string>;
/**
* Names of user groups that can authenticate with this policy. The structure of `groups` block is documented below.
*/
readonly groups: pulumi.Output<outputs.firewall.Policy6Group[] | undefined>;
/**
* Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: `enable`, `disable`.
*/
readonly httpPolicyRedirect: pulumi.Output<string>;
/**
* Name of an existing ICAP profile.
*/
readonly icapProfile: pulumi.Output<string>;
/**
* Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: `enable`, `disable`.
*/
readonly inbound: pulumi.Output<string>;
/**
* Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: `proxy`, `flow`.
*/
readonly inspectionMode: pulumi.Output<string>;
/**
* Enable to use IP Pools for source NAT. Valid values: `enable`, `disable`.
*/
readonly ippool: pulumi.Output<string>;
/**
* Name of an existing IPS sensor.
*/
readonly ipsSensor: pulumi.Output<string>;
/**
* Label for the policy that appears when the GUI is in Section View mode.
*/
readonly label: pulumi.Output<string>;
/**
* Enable or disable logging. Log all sessions or security profile sessions. Valid values: `all`, `utm`, `disable`.
*/
readonly logtraffic: pulumi.Output<string>;
/**
* Record logs when a session starts. Valid values: `enable`, `disable`.
*/
readonly logtrafficStart: pulumi.Output<string>;
/**
* Policy name.
*/
readonly name: pulumi.Output<string>;
/**
* Enable/disable source NAT. Valid values: `enable`, `disable`.
*/
readonly nat: pulumi.Output<string>;
/**
* Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: `enable`, `disable`.
*/
readonly natinbound: pulumi.Output<string>;
/**
* Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: `enable`, `disable`.
*/
readonly natoutbound: pulumi.Output<string>;
/**
* Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: `enable`, `disable`.
*/
readonly outbound: pulumi.Output<string>;
/**
* Per-IP traffic shaper.
*/
readonly perIpShaper: pulumi.Output<string>;
/**
* Policy ID.
*/
readonly policyid: pulumi.Output<number>;
/**
* IP Pool names. The structure of `poolname` block is documented below.
*/
readonly poolnames: pulumi.Output<outputs.firewall.Policy6Poolname[] | undefined>;
/**
* Name of profile group.
*/
readonly profileGroup: pulumi.Output<string>;
/**
* Name of an existing Protocol options profile.
*/
readonly profileProtocolOptions: pulumi.Output<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
readonly profileType: pulumi.Output<string>;
/**
* Override the default replacement message group for this policy.
*/
readonly replacemsgOverrideGroup: pulumi.Output<string>;
/**
* Enable/disable RADIUS single sign-on (RSSO). Valid values: `enable`, `disable`.
*/
readonly rsso: pulumi.Output<string>;
/**
* Schedule name.
*/
readonly schedule: pulumi.Output<string>;
/**
* Enable/disable return of deny-packet. Valid values: `enable`, `disable`.
*/
readonly sendDenyPacket: pulumi.Output<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
readonly serviceNegate: pulumi.Output<string>;
/**
* Service and service group names. The structure of `service` block is documented below.
*/
readonly services: pulumi.Output<outputs.firewall.Policy6Service[] | undefined>;
/**
* Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
*/
readonly sessionTtl: pulumi.Output<number>;
/**
* Name of an existing Spam filter profile.
*/
readonly spamfilterProfile: pulumi.Output<string>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
readonly srcaddrNegate: pulumi.Output<string>;
/**
* Source address and address group names. The structure of `srcaddr` block is documented below.
*/
readonly srcaddrs: pulumi.Output<outputs.firewall.Policy6Srcaddr[]>;
/**
* Incoming (ingress) interface. The structure of `srcintf` block is documented below.
*/
readonly srcintfs: pulumi.Output<outputs.firewall.Policy6Srcintf[]>;
/**
* Name of an existing SSH filter profile.
*/
readonly sshFilterProfile: pulumi.Output<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
readonly sshPolicyRedirect: pulumi.Output<string>;
/**
* Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: `enable`, `disable`.
*/
readonly sslMirror: pulumi.Output<string>;
/**
* SSL mirror interface name. The structure of `sslMirrorIntf` block is documented below.
*/
readonly sslMirrorIntfs: pulumi.Output<outputs.firewall.Policy6SslMirrorIntf[] | undefined>;
/**
* Name of an existing SSL SSH profile.
*/
readonly sslSshProfile: pulumi.Output<string>;
/**
* Enable or disable this policy. Valid values: `enable`, `disable`.
*/
readonly status: pulumi.Output<string>;
/**
* Receiver TCP maximum segment size (MSS).
*/
readonly tcpMssReceiver: pulumi.Output<number>;
/**
* Sender TCP maximum segment size (MSS).
*/
readonly tcpMssSender: pulumi.Output<number>;
/**
* Enable/disable creation of TCP session without SYN flag. Valid values: `all`, `data-only`, `disable`.
*/
readonly tcpSessionWithoutSyn: pulumi.Output<string>;
/**
* Enable/disable sending RST packets when TCP sessions expire. Valid values: `enable`, `disable`.
*/
readonly timeoutSendRst: pulumi.Output<string>;
/**
* ToS (Type of Service) value used for comparison.
*/
readonly tos: pulumi.Output<string>;
/**
* Non-zero bit positions are used for comparison while zero bit positions are ignored.
*/
readonly tosMask: pulumi.Output<string>;
/**
* Enable negated TOS match. Valid values: `enable`, `disable`.
*/
readonly tosNegate: pulumi.Output<string>;
/**
* Reverse traffic shaper.
*/
readonly trafficShaper: pulumi.Output<string>;
/**
* Reverse traffic shaper.
*/
readonly trafficShaperReverse: pulumi.Output<string>;
/**
* URL category ID list. The structure of `urlCategory` block is documented below.
*/
readonly urlCategories: pulumi.Output<outputs.firewall.Policy6UrlCategory[] | undefined>;
/**
* Names of individual users that can authenticate with this policy. The structure of `users` block is documented below.
*/
readonly users: pulumi.Output<outputs.firewall.Policy6User[] | undefined>;
/**
* Enable AV/web/ips protection profile. Valid values: `enable`, `disable`.
*/
readonly utmStatus: pulumi.Output<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
readonly uuid: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
readonly vlanCosFwd: pulumi.Output<number>;
/**
* VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
readonly vlanCosRev: pulumi.Output<number>;
/**
* Set VLAN filters.
*/
readonly vlanFilter: pulumi.Output<string>;
/**
* Name of an existing VoIP profile.
*/
readonly voipProfile: pulumi.Output<string>;
/**
* Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
*/
readonly vpntunnel: pulumi.Output<string>;
/**
* Name of an existing Web application firewall profile.
*/
readonly wafProfile: pulumi.Output<string>;
/**
* Enable/disable web cache. Valid values: `enable`, `disable`.
*/
readonly webcache: pulumi.Output<string>;
/**
* Enable/disable web cache for HTTPS. Valid values: `disable`, `enable`.
*/
readonly webcacheHttps: pulumi.Output<string>;
/**
* Name of an existing Web filter profile.
*/
readonly webfilterProfile: pulumi.Output<string>;
/**
* Web proxy forward server name.
*/
readonly webproxyForwardServer: pulumi.Output<string>;
/**
* Webproxy profile name.
*/
readonly webproxyProfile: pulumi.Output<string>;
/**
* Create a Policy6 resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: Policy6Args, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Policy6 resources.
*/
export interface Policy6State {
/**
* Policy action (allow/deny/ipsec). Valid values: `accept`, `deny`, `ipsec`.
*/
action?: pulumi.Input<string>;
/**
* Enable/disable anti-replay check. Valid values: `enable`, `disable`.
*/
antiReplay?: pulumi.Input<string>;
/**
* Application category ID list. The structure of `appCategory` block is documented below.
*/
appCategories?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6AppCategory>[]>;
/**
* Application group names. The structure of `appGroup` block is documented below.
*/
appGroups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6AppGroup>[]>;
/**
* Name of an existing Application list.
*/
applicationList?: pulumi.Input<string>;
/**
* Application ID list. The structure of `application` block is documented below.
*/
applications?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Application>[]>;
/**
* Enable/disable policy traffic ASIC offloading. Valid values: `enable`, `disable`.
*/
autoAsicOffload?: pulumi.Input<string>;
/**
* Name of an existing Antivirus profile.
*/
avProfile?: pulumi.Input<string>;
/**
* Name of an existing CIFS profile.
*/
cifsProfile?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* Log field index numbers to append custom log fields to log messages for this policy. The structure of `customLogFields` block is documented below.
*/
customLogFields?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6CustomLogField>[]>;
/**
* Decrypted traffic mirror.
*/
decryptedTrafficMirror?: pulumi.Input<string>;
/**
* Names of devices or device groups that can be matched by the policy. The structure of `devices` block is documented below.
*/
devices?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Device>[]>;
/**
* Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: `enable`, `disable`.
*/
diffservForward?: pulumi.Input<string>;
/**
* Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: `enable`, `disable`.
*/
diffservReverse?: pulumi.Input<string>;
/**
* Change packet's DiffServ to this value.
*/
diffservcodeForward?: pulumi.Input<string>;
/**
* Change packet's reverse (reply) DiffServ to this value.
*/
diffservcodeRev?: pulumi.Input<string>;
/**
* Name of an existing DLP sensor.
*/
dlpSensor?: pulumi.Input<string>;
/**
* Name of an existing DNS filter profile.
*/
dnsfilterProfile?: pulumi.Input<string>;
/**
* Enable DSRI to ignore HTTP server responses. Valid values: `enable`, `disable`.
*/
dsri?: pulumi.Input<string>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address and address group names. The structure of `dstaddr` block is documented below.
*/
dstaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Dstaddr>[]>;
/**
* Outgoing (egress) interface. The structure of `dstintf` block is documented below.
*/
dstintfs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Dstintf>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Name of an existing email filter profile.
*/
emailfilterProfile?: pulumi.Input<string>;
/**
* How to handle sessions if the configuration of this firewall policy changes. Valid values: `check-all`, `check-new`.
*/
firewallSessionDirty?: pulumi.Input<string>;
/**
* Enable to prevent source NAT from changing a session's source port. Valid values: `enable`, `disable`.
*/
fixedport?: pulumi.Input<string>;
/**
* Names of FSSO groups. The structure of `fssoGroups` block is documented below.
*/
fssoGroups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6FssoGroup>[]>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Label for the policy that appears when the GUI is in Global View mode.
*/
globalLabel?: pulumi.Input<string>;
/**
* Names of user groups that can authenticate with this policy. The structure of `groups` block is documented below.
*/
groups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Group>[]>;
/**
* Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: `enable`, `disable`.
*/
httpPolicyRedirect?: pulumi.Input<string>;
/**
* Name of an existing ICAP profile.
*/
icapProfile?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: `enable`, `disable`.
*/
inbound?: pulumi.Input<string>;
/**
* Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: `proxy`, `flow`.
*/
inspectionMode?: pulumi.Input<string>;
/**
* Enable to use IP Pools for source NAT. Valid values: `enable`, `disable`.
*/
ippool?: pulumi.Input<string>;
/**
* Name of an existing IPS sensor.
*/
ipsSensor?: pulumi.Input<string>;
/**
* Label for the policy that appears when the GUI is in Section View mode.
*/
label?: pulumi.Input<string>;
/**
* Enable or disable logging. Log all sessions or security profile sessions. Valid values: `all`, `utm`, `disable`.
*/
logtraffic?: pulumi.Input<string>;
/**
* Record logs when a session starts. Valid values: `enable`, `disable`.
*/
logtrafficStart?: pulumi.Input<string>;
/**
* Policy name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable source NAT. Valid values: `enable`, `disable`.
*/
nat?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: `enable`, `disable`.
*/
natinbound?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: `enable`, `disable`.
*/
natoutbound?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: `enable`, `disable`.
*/
outbound?: pulumi.Input<string>;
/**
* Per-IP traffic shaper.
*/
perIpShaper?: pulumi.Input<string>;
/**
* Policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* IP Pool names. The structure of `poolname` block is documented below.
*/
poolnames?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Poolname>[]>;
/**
* Name of profile group.
*/
profileGroup?: pulumi.Input<string>;
/**
* Name of an existing Protocol options profile.
*/
profileProtocolOptions?: pulumi.Input<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
profileType?: pulumi.Input<string>;
/**
* Override the default replacement message group for this policy.
*/
replacemsgOverrideGroup?: pulumi.Input<string>;
/**
* Enable/disable RADIUS single sign-on (RSSO). Valid values: `enable`, `disable`.
*/
rsso?: pulumi.Input<string>;
/**
* Schedule name.
*/
schedule?: pulumi.Input<string>;
/**
* Enable/disable return of deny-packet. Valid values: `enable`, `disable`.
*/
sendDenyPacket?: pulumi.Input<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Service and service group names. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Service>[]>;
/**
* Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
*/
sessionTtl?: pulumi.Input<number>;
/**
* Name of an existing Spam filter profile.
*/
spamfilterProfile?: pulumi.Input<string>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address and address group names. The structure of `srcaddr` block is documented below.
*/
srcaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Srcaddr>[]>;
/**
* Incoming (ingress) interface. The structure of `srcintf` block is documented below.
*/
srcintfs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Srcintf>[]>;
/**
* Name of an existing SSH filter profile.
*/
sshFilterProfile?: pulumi.Input<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
sshPolicyRedirect?: pulumi.Input<string>;
/**
* Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: `enable`, `disable`.
*/
sslMirror?: pulumi.Input<string>;
/**
* SSL mirror interface name. The structure of `sslMirrorIntf` block is documented below.
*/
sslMirrorIntfs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6SslMirrorIntf>[]>;
/**
* Name of an existing SSL SSH profile.
*/
sslSshProfile?: pulumi.Input<string>;
/**
* Enable or disable this policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Receiver TCP maximum segment size (MSS).
*/
tcpMssReceiver?: pulumi.Input<number>;
/**
* Sender TCP maximum segment size (MSS).
*/
tcpMssSender?: pulumi.Input<number>;
/**
* Enable/disable creation of TCP session without SYN flag. Valid values: `all`, `data-only`, `disable`.
*/
tcpSessionWithoutSyn?: pulumi.Input<string>;
/**
* Enable/disable sending RST packets when TCP sessions expire. Valid values: `enable`, `disable`.
*/
timeoutSendRst?: pulumi.Input<string>;
/**
* ToS (Type of Service) value used for comparison.
*/
tos?: pulumi.Input<string>;
/**
* Non-zero bit positions are used for comparison while zero bit positions are ignored.
*/
tosMask?: pulumi.Input<string>;
/**
* Enable negated TOS match. Valid values: `enable`, `disable`.
*/
tosNegate?: pulumi.Input<string>;
/**
* Reverse traffic shaper.
*/
trafficShaper?: pulumi.Input<string>;
/**
* Reverse traffic shaper.
*/
trafficShaperReverse?: pulumi.Input<string>;
/**
* URL category ID list. The structure of `urlCategory` block is documented below.
*/
urlCategories?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6UrlCategory>[]>;
/**
* Names of individual users that can authenticate with this policy. The structure of `users` block is documented below.
*/
users?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6User>[]>;
/**
* Enable AV/web/ips protection profile. Valid values: `enable`, `disable`.
*/
utmStatus?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
vlanCosFwd?: pulumi.Input<number>;
/**
* VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
vlanCosRev?: pulumi.Input<number>;
/**
* Set VLAN filters.
*/
vlanFilter?: pulumi.Input<string>;
/**
* Name of an existing VoIP profile.
*/
voipProfile?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
*/
vpntunnel?: pulumi.Input<string>;
/**
* Name of an existing Web application firewall profile.
*/
wafProfile?: pulumi.Input<string>;
/**
* Enable/disable web cache. Valid values: `enable`, `disable`.
*/
webcache?: pulumi.Input<string>;
/**
* Enable/disable web cache for HTTPS. Valid values: `disable`, `enable`.
*/
webcacheHttps?: pulumi.Input<string>;
/**
* Name of an existing Web filter profile.
*/
webfilterProfile?: pulumi.Input<string>;
/**
* Web proxy forward server name.
*/
webproxyForwardServer?: pulumi.Input<string>;
/**
* Webproxy profile name.
*/
webproxyProfile?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Policy6 resource.
*/
export interface Policy6Args {
/**
* Policy action (allow/deny/ipsec). Valid values: `accept`, `deny`, `ipsec`.
*/
action?: pulumi.Input<string>;
/**
* Enable/disable anti-replay check. Valid values: `enable`, `disable`.
*/
antiReplay?: pulumi.Input<string>;
/**
* Application category ID list. The structure of `appCategory` block is documented below.
*/
appCategories?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6AppCategory>[]>;
/**
* Application group names. The structure of `appGroup` block is documented below.
*/
appGroups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6AppGroup>[]>;
/**
* Name of an existing Application list.
*/
applicationList?: pulumi.Input<string>;
/**
* Application ID list. The structure of `application` block is documented below.
*/
applications?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Application>[]>;
/**
* Enable/disable policy traffic ASIC offloading. Valid values: `enable`, `disable`.
*/
autoAsicOffload?: pulumi.Input<string>;
/**
* Name of an existing Antivirus profile.
*/
avProfile?: pulumi.Input<string>;
/**
* Name of an existing CIFS profile.
*/
cifsProfile?: pulumi.Input<string>;
/**
* Comment.
*/
comments?: pulumi.Input<string>;
/**
* Log field index numbers to append custom log fields to log messages for this policy. The structure of `customLogFields` block is documented below.
*/
customLogFields?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6CustomLogField>[]>;
/**
* Decrypted traffic mirror.
*/
decryptedTrafficMirror?: pulumi.Input<string>;
/**
* Names of devices or device groups that can be matched by the policy. The structure of `devices` block is documented below.
*/
devices?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Device>[]>;
/**
* Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: `enable`, `disable`.
*/
diffservForward?: pulumi.Input<string>;
/**
* Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: `enable`, `disable`.
*/
diffservReverse?: pulumi.Input<string>;
/**
* Change packet's DiffServ to this value.
*/
diffservcodeForward?: pulumi.Input<string>;
/**
* Change packet's reverse (reply) DiffServ to this value.
*/
diffservcodeRev?: pulumi.Input<string>;
/**
* Name of an existing DLP sensor.
*/
dlpSensor?: pulumi.Input<string>;
/**
* Name of an existing DNS filter profile.
*/
dnsfilterProfile?: pulumi.Input<string>;
/**
* Enable DSRI to ignore HTTP server responses. Valid values: `enable`, `disable`.
*/
dsri?: pulumi.Input<string>;
/**
* When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address and address group names. The structure of `dstaddr` block is documented below.
*/
dstaddrs: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Dstaddr>[]>;
/**
* Outgoing (egress) interface. The structure of `dstintf` block is documented below.
*/
dstintfs: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Dstintf>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Name of an existing email filter profile.
*/
emailfilterProfile?: pulumi.Input<string>;
/**
* How to handle sessions if the configuration of this firewall policy changes. Valid values: `check-all`, `check-new`.
*/
firewallSessionDirty?: pulumi.Input<string>;
/**
* Enable to prevent source NAT from changing a session's source port. Valid values: `enable`, `disable`.
*/
fixedport?: pulumi.Input<string>;
/**
* Names of FSSO groups. The structure of `fssoGroups` block is documented below.
*/
fssoGroups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6FssoGroup>[]>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Label for the policy that appears when the GUI is in Global View mode.
*/
globalLabel?: pulumi.Input<string>;
/**
* Names of user groups that can authenticate with this policy. The structure of `groups` block is documented below.
*/
groups?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Group>[]>;
/**
* Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: `enable`, `disable`.
*/
httpPolicyRedirect?: pulumi.Input<string>;
/**
* Name of an existing ICAP profile.
*/
icapProfile?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: `enable`, `disable`.
*/
inbound?: pulumi.Input<string>;
/**
* Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: `proxy`, `flow`.
*/
inspectionMode?: pulumi.Input<string>;
/**
* Enable to use IP Pools for source NAT. Valid values: `enable`, `disable`.
*/
ippool?: pulumi.Input<string>;
/**
* Name of an existing IPS sensor.
*/
ipsSensor?: pulumi.Input<string>;
/**
* Label for the policy that appears when the GUI is in Section View mode.
*/
label?: pulumi.Input<string>;
/**
* Enable or disable logging. Log all sessions or security profile sessions. Valid values: `all`, `utm`, `disable`.
*/
logtraffic?: pulumi.Input<string>;
/**
* Record logs when a session starts. Valid values: `enable`, `disable`.
*/
logtrafficStart?: pulumi.Input<string>;
/**
* Policy name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable source NAT. Valid values: `enable`, `disable`.
*/
nat?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: `enable`, `disable`.
*/
natinbound?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: `enable`, `disable`.
*/
natoutbound?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: `enable`, `disable`.
*/
outbound?: pulumi.Input<string>;
/**
* Per-IP traffic shaper.
*/
perIpShaper?: pulumi.Input<string>;
/**
* Policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* IP Pool names. The structure of `poolname` block is documented below.
*/
poolnames?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Poolname>[]>;
/**
* Name of profile group.
*/
profileGroup?: pulumi.Input<string>;
/**
* Name of an existing Protocol options profile.
*/
profileProtocolOptions?: pulumi.Input<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
profileType?: pulumi.Input<string>;
/**
* Override the default replacement message group for this policy.
*/
replacemsgOverrideGroup?: pulumi.Input<string>;
/**
* Enable/disable RADIUS single sign-on (RSSO). Valid values: `enable`, `disable`.
*/
rsso?: pulumi.Input<string>;
/**
* Schedule name.
*/
schedule: pulumi.Input<string>;
/**
* Enable/disable return of deny-packet. Valid values: `enable`, `disable`.
*/
sendDenyPacket?: pulumi.Input<string>;
/**
* When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Service and service group names. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Service>[]>;
/**
* Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
*/
sessionTtl?: pulumi.Input<number>;
/**
* Name of an existing Spam filter profile.
*/
spamfilterProfile?: pulumi.Input<string>;
/**
* When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address and address group names. The structure of `srcaddr` block is documented below.
*/
srcaddrs: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Srcaddr>[]>;
/**
* Incoming (ingress) interface. The structure of `srcintf` block is documented below.
*/
srcintfs: pulumi.Input<pulumi.Input<inputs.firewall.Policy6Srcintf>[]>;
/**
* Name of an existing SSH filter profile.
*/
sshFilterProfile?: pulumi.Input<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
sshPolicyRedirect?: pulumi.Input<string>;
/**
* Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: `enable`, `disable`.
*/
sslMirror?: pulumi.Input<string>;
/**
* SSL mirror interface name. The structure of `sslMirrorIntf` block is documented below.
*/
sslMirrorIntfs?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6SslMirrorIntf>[]>;
/**
* Name of an existing SSL SSH profile.
*/
sslSshProfile?: pulumi.Input<string>;
/**
* Enable or disable this policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Receiver TCP maximum segment size (MSS).
*/
tcpMssReceiver?: pulumi.Input<number>;
/**
* Sender TCP maximum segment size (MSS).
*/
tcpMssSender?: pulumi.Input<number>;
/**
* Enable/disable creation of TCP session without SYN flag. Valid values: `all`, `data-only`, `disable`.
*/
tcpSessionWithoutSyn?: pulumi.Input<string>;
/**
* Enable/disable sending RST packets when TCP sessions expire. Valid values: `enable`, `disable`.
*/
timeoutSendRst?: pulumi.Input<string>;
/**
* ToS (Type of Service) value used for comparison.
*/
tos?: pulumi.Input<string>;
/**
* Non-zero bit positions are used for comparison while zero bit positions are ignored.
*/
tosMask?: pulumi.Input<string>;
/**
* Enable negated TOS match. Valid values: `enable`, `disable`.
*/
tosNegate?: pulumi.Input<string>;
/**
* Reverse traffic shaper.
*/
trafficShaper?: pulumi.Input<string>;
/**
* Reverse traffic shaper.
*/
trafficShaperReverse?: pulumi.Input<string>;
/**
* URL category ID list. The structure of `urlCategory` block is documented below.
*/
urlCategories?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6UrlCategory>[]>;
/**
* Names of individual users that can authenticate with this policy. The structure of `users` block is documented below.
*/
users?: pulumi.Input<pulumi.Input<inputs.firewall.Policy6User>[]>;
/**
* Enable AV/web/ips protection profile. Valid values: `enable`, `disable`.
*/
utmStatus?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
vlanCosFwd?: pulumi.Input<number>;
/**
* VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
*/
vlanCosRev?: pulumi.Input<number>;
/**
* Set VLAN filters.
*/
vlanFilter?: pulumi.Input<string>;
/**
* Name of an existing VoIP profile.
*/
voipProfile?: pulumi.Input<string>;
/**
* Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
*/
vpntunnel?: pulumi.Input<string>;
/**
* Name of an existing Web application firewall profile.
*/
wafProfile?: pulumi.Input<string>;
/**
* Enable/disable web cache. Valid values: `enable`, `disable`.
*/
webcache?: pulumi.Input<string>;
/**
* Enable/disable web cache for HTTPS. Valid values: `disable`, `enable`.
*/
webcacheHttps?: pulumi.Input<string>;
/**
* Name of an existing Web filter profile.
*/
webfilterProfile?: pulumi.Input<string>;
/**
* Web proxy forward server name.
*/
webproxyForwardServer?: pulumi.Input<string>;
/**
* Webproxy profile name.
*/
webproxyProfile?: pulumi.Input<string>;
}