@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
1,138 lines (1,137 loc) • 44.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure proxy policies.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.firewall.Proxypolicy("trname", {
* action: "deny",
* disclaimer: "disable",
* dstaddrs: [{
* name: "all",
* }],
* dstaddrNegate: "disable",
* dstintfs: [{
* name: "port4",
* }],
* httpTunnelAuth: "disable",
* internetService: "disable",
* internetServiceNegate: "disable",
* logtraffic: "disable",
* logtrafficStart: "disable",
* policyid: 1,
* profileProtocolOptions: "default",
* profileType: "single",
* proxy: "transparent-web",
* scanBotnetConnections: "disable",
* schedule: "always",
* services: [{
* name: "webproxy",
* }],
* serviceNegate: "disable",
* srcaddrs: [{
* name: "all",
* }],
* srcaddrNegate: "disable",
* srcintfs: [{
* name: "port3",
* }],
* status: "enable",
* transparent: "disable",
* utmStatus: "disable",
* webcache: "disable",
* webcacheHttps: "disable",
* });
* ```
*
* ## Import
*
* Firewall ProxyPolicy can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:firewall/proxypolicy:Proxypolicy labelname {{policyid}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:firewall/proxypolicy:Proxypolicy labelname {{policyid}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Proxypolicy extends pulumi.CustomResource {
/**
* Get an existing Proxypolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProxypolicyState, opts?: pulumi.CustomResourceOptions): Proxypolicy;
/**
* Returns true if the given object is an instance of Proxypolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Proxypolicy;
/**
* IPv4 access proxy. The structure of `accessProxy` block is documented below.
*/
readonly accessProxies: pulumi.Output<outputs.firewall.ProxypolicyAccessProxy[] | undefined>;
/**
* IPv6 access proxy. The structure of `accessProxy6` block is documented below.
*/
readonly accessProxy6s: pulumi.Output<outputs.firewall.ProxypolicyAccessProxy6[] | undefined>;
/**
* Accept or deny traffic matching the policy parameters. Valid values: `accept`, `deny`, `redirect`.
*/
readonly action: pulumi.Output<string>;
/**
* Name of an existing Application list.
*/
readonly applicationList: pulumi.Output<string>;
/**
* Name of an existing Antivirus profile.
*/
readonly avProfile: pulumi.Output<string>;
/**
* Enable/disable block notification. Valid values: `enable`, `disable`.
*/
readonly blockNotification: pulumi.Output<string>;
/**
* Name of an existing CASB profile.
*/
readonly casbProfile: pulumi.Output<string>;
/**
* Name of an existing CIFS profile.
*/
readonly cifsProfile: pulumi.Output<string>;
/**
* Optional comments.
*/
readonly comments: pulumi.Output<string | undefined>;
/**
* Decrypted traffic mirror.
*/
readonly decryptedTrafficMirror: pulumi.Output<string>;
/**
* Enable/disable detection of HTTPS in HTTP request. Valid values: `enable`, `disable`.
*/
readonly detectHttpsInHttpRequest: pulumi.Output<string>;
/**
* When enabled, the ownership enforcement will be done at policy level. Valid values: `enable`, `disable`.
*/
readonly deviceOwnership: pulumi.Output<string>;
/**
* Name of an existing Diameter filter profile.
*/
readonly diameterFilterProfile: pulumi.Output<string>;
/**
* Web proxy disclaimer setting: by domain, policy, or user. Valid values: `disable`, `domain`, `policy`, `user`.
*/
readonly disclaimer: pulumi.Output<string>;
/**
* Name of an existing DLP profile.
*/
readonly dlpProfile: pulumi.Output<string>;
/**
* Name of an existing DLP sensor.
*/
readonly dlpSensor: pulumi.Output<string>;
/**
* IPv6 destination address objects. The structure of `dstaddr6` block is documented below.
*/
readonly dstaddr6s: pulumi.Output<outputs.firewall.ProxypolicyDstaddr6[] | undefined>;
/**
* When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values: `enable`, `disable`.
*/
readonly dstaddrNegate: pulumi.Output<string>;
/**
* Destination address objects. The structure of `dstaddr` block is documented below.
*/
readonly dstaddrs: pulumi.Output<outputs.firewall.ProxypolicyDstaddr[] | undefined>;
/**
* Destination interface names. The structure of `dstintf` block is documented below.
*/
readonly dstintfs: pulumi.Output<outputs.firewall.ProxypolicyDstintf[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Name of an existing email filter profile.
*/
readonly emailfilterProfile: pulumi.Output<string>;
/**
* Name of an existing file-filter profile.
*/
readonly fileFilterProfile: pulumi.Output<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Global web-based manager visible label.
*/
readonly globalLabel: pulumi.Output<string>;
/**
* Names of group objects. The structure of `groups` block is documented below.
*/
readonly groups: pulumi.Output<outputs.firewall.ProxypolicyGroup[] | undefined>;
/**
* Enable/disable HTTP tunnel authentication. Valid values: `enable`, `disable`.
*/
readonly httpTunnelAuth: pulumi.Output<string>;
/**
* Name of an existing ICAP profile.
*/
readonly icapProfile: pulumi.Output<string>;
/**
* Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: `enable`, `disable`.
*/
readonly internetService: pulumi.Output<string>;
/**
* Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values: `enable`, `disable`.
*/
readonly internetService6: pulumi.Output<string>;
/**
* Custom Internet Service IPv6 group name. The structure of `internetService6CustomGroup` block is documented below.
*/
readonly internetService6CustomGroups: pulumi.Output<outputs.firewall.ProxypolicyInternetService6CustomGroup[] | undefined>;
/**
* Custom Internet Service IPv6 name. The structure of `internetService6Custom` block is documented below.
*/
readonly internetService6Customs: pulumi.Output<outputs.firewall.ProxypolicyInternetService6Custom[] | undefined>;
/**
* Internet Service IPv6 group name. The structure of `internetService6Group` block is documented below.
*/
readonly internetService6Groups: pulumi.Output<outputs.firewall.ProxypolicyInternetService6Group[] | undefined>;
/**
* Internet Service IPv6 name. The structure of `internetService6Name` block is documented below.
*/
readonly internetService6Names: pulumi.Output<outputs.firewall.ProxypolicyInternetService6Name[] | undefined>;
/**
* When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values: `enable`, `disable`.
*/
readonly internetService6Negate: pulumi.Output<string>;
/**
* Custom Internet Service group name. The structure of `internetServiceCustomGroup` block is documented below.
*/
readonly internetServiceCustomGroups: pulumi.Output<outputs.firewall.ProxypolicyInternetServiceCustomGroup[] | undefined>;
/**
* Custom Internet Service name. The structure of `internetServiceCustom` block is documented below.
*/
readonly internetServiceCustoms: pulumi.Output<outputs.firewall.ProxypolicyInternetServiceCustom[] | undefined>;
/**
* Internet Service group name. The structure of `internetServiceGroup` block is documented below.
*/
readonly internetServiceGroups: pulumi.Output<outputs.firewall.ProxypolicyInternetServiceGroup[] | undefined>;
/**
* Internet Service ID. The structure of `internetServiceId` block is documented below.
*/
readonly internetServiceIds: pulumi.Output<outputs.firewall.ProxypolicyInternetServiceId[] | undefined>;
/**
* Internet Service name. The structure of `internetServiceName` block is documented below.
*/
readonly internetServiceNames: pulumi.Output<outputs.firewall.ProxypolicyInternetServiceName[] | undefined>;
/**
* When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values: `enable`, `disable`.
*/
readonly internetServiceNegate: pulumi.Output<string>;
/**
* Name of an existing IPS sensor.
*/
readonly ipsSensor: pulumi.Output<string>;
/**
* Name of an existing VoIP (ips) profile.
*/
readonly ipsVoipFilter: pulumi.Output<string>;
/**
* VDOM-specific GUI visible label.
*/
readonly label: pulumi.Output<string>;
/**
* Enable/disable logging traffic through the policy. Valid values: `all`, `utm`, `disable`.
*/
readonly logtraffic: pulumi.Output<string>;
/**
* Enable/disable policy log traffic start. Valid values: `enable`, `disable`.
*/
readonly logtrafficStart: pulumi.Output<string>;
/**
* Policy name.
*/
readonly name: pulumi.Output<string>;
/**
* Policy ID.
*/
readonly policyid: pulumi.Output<number>;
/**
* Name of IP pool object. The structure of `poolname` block is documented below.
*/
readonly poolnames: pulumi.Output<outputs.firewall.ProxypolicyPoolname[] | undefined>;
/**
* Name of profile group.
*/
readonly profileGroup: pulumi.Output<string>;
/**
* Name of an existing Protocol options profile.
*/
readonly profileProtocolOptions: pulumi.Output<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
readonly profileType: pulumi.Output<string>;
/**
* Type of explicit proxy.
*/
readonly proxy: pulumi.Output<string>;
/**
* Redirect URL for further explicit web proxy processing.
*/
readonly redirectUrl: pulumi.Output<string | undefined>;
/**
* Authentication replacement message override group.
*/
readonly replacemsgOverrideGroup: pulumi.Output<string>;
/**
* Enable/disable scanning of connections to Botnet servers. Valid values: `disable`, `block`, `monitor`.
*/
readonly scanBotnetConnections: pulumi.Output<string>;
/**
* Name of schedule object.
*/
readonly schedule: pulumi.Output<string>;
/**
* Name of an existing SCTP filter profile.
*/
readonly sctpFilterProfile: pulumi.Output<string>;
/**
* When enabled, services match against any service EXCEPT the specified destination services. Valid values: `enable`, `disable`.
*/
readonly serviceNegate: pulumi.Output<string>;
/**
* Name of service objects. The structure of `service` block is documented below.
*/
readonly services: pulumi.Output<outputs.firewall.ProxypolicyService[] | undefined>;
/**
* TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
*/
readonly sessionTtl: pulumi.Output<number>;
/**
* Name of an existing Spam filter profile.
*/
readonly spamfilterProfile: pulumi.Output<string>;
/**
* IPv6 source address objects. The structure of `srcaddr6` block is documented below.
*/
readonly srcaddr6s: pulumi.Output<outputs.firewall.ProxypolicySrcaddr6[] | undefined>;
/**
* When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values: `enable`, `disable`.
*/
readonly srcaddrNegate: pulumi.Output<string>;
/**
* Source address objects. The structure of `srcaddr` block is documented below.
*/
readonly srcaddrs: pulumi.Output<outputs.firewall.ProxypolicySrcaddr[] | undefined>;
/**
* Source interface names. The structure of `srcintf` block is documented below.
*/
readonly srcintfs: pulumi.Output<outputs.firewall.ProxypolicySrcintf[] | undefined>;
/**
* Name of an existing SSH filter profile.
*/
readonly sshFilterProfile: pulumi.Output<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
readonly sshPolicyRedirect: pulumi.Output<string>;
/**
* Name of an existing SSL SSH profile.
*/
readonly sslSshProfile: pulumi.Output<string>;
/**
* Enable/disable the active status of the policy. Valid values: `enable`, `disable`.
*/
readonly status: pulumi.Output<string>;
/**
* Enable to use the IP address of the client to connect to the server. Valid values: `enable`, `disable`.
*/
readonly transparent: pulumi.Output<string>;
/**
* Names of user objects. The structure of `users` block is documented below.
*/
readonly users: pulumi.Output<outputs.firewall.ProxypolicyUser[] | undefined>;
/**
* Enable the use of UTM profiles/sensors/lists. Valid values: `enable`, `disable`.
*/
readonly utmStatus: pulumi.Output<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
readonly uuid: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Name of an existing VideoFilter profile.
*/
readonly videofilterProfile: pulumi.Output<string>;
/**
* Name of an existing virtual-patch profile.
*/
readonly virtualPatchProfile: pulumi.Output<string>;
/**
* Name of an existing VoIP profile.
*/
readonly voipProfile: pulumi.Output<string>;
/**
* Name of an existing Web application firewall profile.
*/
readonly wafProfile: pulumi.Output<string>;
/**
* Enable/disable web caching. Valid values: `enable`, `disable`.
*/
readonly webcache: pulumi.Output<string>;
/**
* Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values: `disable`, `enable`.
*/
readonly webcacheHttps: pulumi.Output<string>;
/**
* Name of an existing Web filter profile.
*/
readonly webfilterProfile: pulumi.Output<string>;
/**
* Web proxy forward server name.
*/
readonly webproxyForwardServer: pulumi.Output<string>;
/**
* Name of web proxy profile.
*/
readonly webproxyProfile: pulumi.Output<string>;
/**
* ZTNA EMS Tag names. The structure of `ztnaEmsTag` block is documented below.
*/
readonly ztnaEmsTags: pulumi.Output<outputs.firewall.ProxypolicyZtnaEmsTag[] | undefined>;
/**
* ZTNA tag matching logic. Valid values: `or`, `and`.
*/
readonly ztnaTagsMatchLogic: pulumi.Output<string>;
/**
* Create a Proxypolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ProxypolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Proxypolicy resources.
*/
export interface ProxypolicyState {
/**
* IPv4 access proxy. The structure of `accessProxy` block is documented below.
*/
accessProxies?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyAccessProxy>[]>;
/**
* IPv6 access proxy. The structure of `accessProxy6` block is documented below.
*/
accessProxy6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyAccessProxy6>[]>;
/**
* Accept or deny traffic matching the policy parameters. Valid values: `accept`, `deny`, `redirect`.
*/
action?: pulumi.Input<string>;
/**
* Name of an existing Application list.
*/
applicationList?: pulumi.Input<string>;
/**
* Name of an existing Antivirus profile.
*/
avProfile?: pulumi.Input<string>;
/**
* Enable/disable block notification. Valid values: `enable`, `disable`.
*/
blockNotification?: pulumi.Input<string>;
/**
* Name of an existing CASB profile.
*/
casbProfile?: pulumi.Input<string>;
/**
* Name of an existing CIFS profile.
*/
cifsProfile?: pulumi.Input<string>;
/**
* Optional comments.
*/
comments?: pulumi.Input<string>;
/**
* Decrypted traffic mirror.
*/
decryptedTrafficMirror?: pulumi.Input<string>;
/**
* Enable/disable detection of HTTPS in HTTP request. Valid values: `enable`, `disable`.
*/
detectHttpsInHttpRequest?: pulumi.Input<string>;
/**
* When enabled, the ownership enforcement will be done at policy level. Valid values: `enable`, `disable`.
*/
deviceOwnership?: pulumi.Input<string>;
/**
* Name of an existing Diameter filter profile.
*/
diameterFilterProfile?: pulumi.Input<string>;
/**
* Web proxy disclaimer setting: by domain, policy, or user. Valid values: `disable`, `domain`, `policy`, `user`.
*/
disclaimer?: pulumi.Input<string>;
/**
* Name of an existing DLP profile.
*/
dlpProfile?: pulumi.Input<string>;
/**
* Name of an existing DLP sensor.
*/
dlpSensor?: pulumi.Input<string>;
/**
* IPv6 destination address objects. The structure of `dstaddr6` block is documented below.
*/
dstaddr6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstaddr6>[]>;
/**
* When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address objects. The structure of `dstaddr` block is documented below.
*/
dstaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstaddr>[]>;
/**
* Destination interface names. The structure of `dstintf` block is documented below.
*/
dstintfs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstintf>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Name of an existing email filter profile.
*/
emailfilterProfile?: pulumi.Input<string>;
/**
* Name of an existing file-filter profile.
*/
fileFilterProfile?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Global web-based manager visible label.
*/
globalLabel?: pulumi.Input<string>;
/**
* Names of group objects. The structure of `groups` block is documented below.
*/
groups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyGroup>[]>;
/**
* Enable/disable HTTP tunnel authentication. Valid values: `enable`, `disable`.
*/
httpTunnelAuth?: pulumi.Input<string>;
/**
* Name of an existing ICAP profile.
*/
icapProfile?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: `enable`, `disable`.
*/
internetService?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values: `enable`, `disable`.
*/
internetService6?: pulumi.Input<string>;
/**
* Custom Internet Service IPv6 group name. The structure of `internetService6CustomGroup` block is documented below.
*/
internetService6CustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6CustomGroup>[]>;
/**
* Custom Internet Service IPv6 name. The structure of `internetService6Custom` block is documented below.
*/
internetService6Customs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Custom>[]>;
/**
* Internet Service IPv6 group name. The structure of `internetService6Group` block is documented below.
*/
internetService6Groups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Group>[]>;
/**
* Internet Service IPv6 name. The structure of `internetService6Name` block is documented below.
*/
internetService6Names?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Name>[]>;
/**
* When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values: `enable`, `disable`.
*/
internetService6Negate?: pulumi.Input<string>;
/**
* Custom Internet Service group name. The structure of `internetServiceCustomGroup` block is documented below.
*/
internetServiceCustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceCustomGroup>[]>;
/**
* Custom Internet Service name. The structure of `internetServiceCustom` block is documented below.
*/
internetServiceCustoms?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceCustom>[]>;
/**
* Internet Service group name. The structure of `internetServiceGroup` block is documented below.
*/
internetServiceGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceGroup>[]>;
/**
* Internet Service ID. The structure of `internetServiceId` block is documented below.
*/
internetServiceIds?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceId>[]>;
/**
* Internet Service name. The structure of `internetServiceName` block is documented below.
*/
internetServiceNames?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceName>[]>;
/**
* When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values: `enable`, `disable`.
*/
internetServiceNegate?: pulumi.Input<string>;
/**
* Name of an existing IPS sensor.
*/
ipsSensor?: pulumi.Input<string>;
/**
* Name of an existing VoIP (ips) profile.
*/
ipsVoipFilter?: pulumi.Input<string>;
/**
* VDOM-specific GUI visible label.
*/
label?: pulumi.Input<string>;
/**
* Enable/disable logging traffic through the policy. Valid values: `all`, `utm`, `disable`.
*/
logtraffic?: pulumi.Input<string>;
/**
* Enable/disable policy log traffic start. Valid values: `enable`, `disable`.
*/
logtrafficStart?: pulumi.Input<string>;
/**
* Policy name.
*/
name?: pulumi.Input<string>;
/**
* Policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* Name of IP pool object. The structure of `poolname` block is documented below.
*/
poolnames?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyPoolname>[]>;
/**
* Name of profile group.
*/
profileGroup?: pulumi.Input<string>;
/**
* Name of an existing Protocol options profile.
*/
profileProtocolOptions?: pulumi.Input<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
profileType?: pulumi.Input<string>;
/**
* Type of explicit proxy.
*/
proxy?: pulumi.Input<string>;
/**
* Redirect URL for further explicit web proxy processing.
*/
redirectUrl?: pulumi.Input<string>;
/**
* Authentication replacement message override group.
*/
replacemsgOverrideGroup?: pulumi.Input<string>;
/**
* Enable/disable scanning of connections to Botnet servers. Valid values: `disable`, `block`, `monitor`.
*/
scanBotnetConnections?: pulumi.Input<string>;
/**
* Name of schedule object.
*/
schedule?: pulumi.Input<string>;
/**
* Name of an existing SCTP filter profile.
*/
sctpFilterProfile?: pulumi.Input<string>;
/**
* When enabled, services match against any service EXCEPT the specified destination services. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Name of service objects. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyService>[]>;
/**
* TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
*/
sessionTtl?: pulumi.Input<number>;
/**
* Name of an existing Spam filter profile.
*/
spamfilterProfile?: pulumi.Input<string>;
/**
* IPv6 source address objects. The structure of `srcaddr6` block is documented below.
*/
srcaddr6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcaddr6>[]>;
/**
* When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address objects. The structure of `srcaddr` block is documented below.
*/
srcaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcaddr>[]>;
/**
* Source interface names. The structure of `srcintf` block is documented below.
*/
srcintfs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcintf>[]>;
/**
* Name of an existing SSH filter profile.
*/
sshFilterProfile?: pulumi.Input<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
sshPolicyRedirect?: pulumi.Input<string>;
/**
* Name of an existing SSL SSH profile.
*/
sslSshProfile?: pulumi.Input<string>;
/**
* Enable/disable the active status of the policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Enable to use the IP address of the client to connect to the server. Valid values: `enable`, `disable`.
*/
transparent?: pulumi.Input<string>;
/**
* Names of user objects. The structure of `users` block is documented below.
*/
users?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyUser>[]>;
/**
* Enable the use of UTM profiles/sensors/lists. Valid values: `enable`, `disable`.
*/
utmStatus?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Name of an existing VideoFilter profile.
*/
videofilterProfile?: pulumi.Input<string>;
/**
* Name of an existing virtual-patch profile.
*/
virtualPatchProfile?: pulumi.Input<string>;
/**
* Name of an existing VoIP profile.
*/
voipProfile?: pulumi.Input<string>;
/**
* Name of an existing Web application firewall profile.
*/
wafProfile?: pulumi.Input<string>;
/**
* Enable/disable web caching. Valid values: `enable`, `disable`.
*/
webcache?: pulumi.Input<string>;
/**
* Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values: `disable`, `enable`.
*/
webcacheHttps?: pulumi.Input<string>;
/**
* Name of an existing Web filter profile.
*/
webfilterProfile?: pulumi.Input<string>;
/**
* Web proxy forward server name.
*/
webproxyForwardServer?: pulumi.Input<string>;
/**
* Name of web proxy profile.
*/
webproxyProfile?: pulumi.Input<string>;
/**
* ZTNA EMS Tag names. The structure of `ztnaEmsTag` block is documented below.
*/
ztnaEmsTags?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyZtnaEmsTag>[]>;
/**
* ZTNA tag matching logic. Valid values: `or`, `and`.
*/
ztnaTagsMatchLogic?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Proxypolicy resource.
*/
export interface ProxypolicyArgs {
/**
* IPv4 access proxy. The structure of `accessProxy` block is documented below.
*/
accessProxies?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyAccessProxy>[]>;
/**
* IPv6 access proxy. The structure of `accessProxy6` block is documented below.
*/
accessProxy6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyAccessProxy6>[]>;
/**
* Accept or deny traffic matching the policy parameters. Valid values: `accept`, `deny`, `redirect`.
*/
action?: pulumi.Input<string>;
/**
* Name of an existing Application list.
*/
applicationList?: pulumi.Input<string>;
/**
* Name of an existing Antivirus profile.
*/
avProfile?: pulumi.Input<string>;
/**
* Enable/disable block notification. Valid values: `enable`, `disable`.
*/
blockNotification?: pulumi.Input<string>;
/**
* Name of an existing CASB profile.
*/
casbProfile?: pulumi.Input<string>;
/**
* Name of an existing CIFS profile.
*/
cifsProfile?: pulumi.Input<string>;
/**
* Optional comments.
*/
comments?: pulumi.Input<string>;
/**
* Decrypted traffic mirror.
*/
decryptedTrafficMirror?: pulumi.Input<string>;
/**
* Enable/disable detection of HTTPS in HTTP request. Valid values: `enable`, `disable`.
*/
detectHttpsInHttpRequest?: pulumi.Input<string>;
/**
* When enabled, the ownership enforcement will be done at policy level. Valid values: `enable`, `disable`.
*/
deviceOwnership?: pulumi.Input<string>;
/**
* Name of an existing Diameter filter profile.
*/
diameterFilterProfile?: pulumi.Input<string>;
/**
* Web proxy disclaimer setting: by domain, policy, or user. Valid values: `disable`, `domain`, `policy`, `user`.
*/
disclaimer?: pulumi.Input<string>;
/**
* Name of an existing DLP profile.
*/
dlpProfile?: pulumi.Input<string>;
/**
* Name of an existing DLP sensor.
*/
dlpSensor?: pulumi.Input<string>;
/**
* IPv6 destination address objects. The structure of `dstaddr6` block is documented below.
*/
dstaddr6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstaddr6>[]>;
/**
* When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values: `enable`, `disable`.
*/
dstaddrNegate?: pulumi.Input<string>;
/**
* Destination address objects. The structure of `dstaddr` block is documented below.
*/
dstaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstaddr>[]>;
/**
* Destination interface names. The structure of `dstintf` block is documented below.
*/
dstintfs: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyDstintf>[]>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Name of an existing email filter profile.
*/
emailfilterProfile?: pulumi.Input<string>;
/**
* Name of an existing file-filter profile.
*/
fileFilterProfile?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Global web-based manager visible label.
*/
globalLabel?: pulumi.Input<string>;
/**
* Names of group objects. The structure of `groups` block is documented below.
*/
groups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyGroup>[]>;
/**
* Enable/disable HTTP tunnel authentication. Valid values: `enable`, `disable`.
*/
httpTunnelAuth?: pulumi.Input<string>;
/**
* Name of an existing ICAP profile.
*/
icapProfile?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: `enable`, `disable`.
*/
internetService?: pulumi.Input<string>;
/**
* Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values: `enable`, `disable`.
*/
internetService6?: pulumi.Input<string>;
/**
* Custom Internet Service IPv6 group name. The structure of `internetService6CustomGroup` block is documented below.
*/
internetService6CustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6CustomGroup>[]>;
/**
* Custom Internet Service IPv6 name. The structure of `internetService6Custom` block is documented below.
*/
internetService6Customs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Custom>[]>;
/**
* Internet Service IPv6 group name. The structure of `internetService6Group` block is documented below.
*/
internetService6Groups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Group>[]>;
/**
* Internet Service IPv6 name. The structure of `internetService6Name` block is documented below.
*/
internetService6Names?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetService6Name>[]>;
/**
* When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values: `enable`, `disable`.
*/
internetService6Negate?: pulumi.Input<string>;
/**
* Custom Internet Service group name. The structure of `internetServiceCustomGroup` block is documented below.
*/
internetServiceCustomGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceCustomGroup>[]>;
/**
* Custom Internet Service name. The structure of `internetServiceCustom` block is documented below.
*/
internetServiceCustoms?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceCustom>[]>;
/**
* Internet Service group name. The structure of `internetServiceGroup` block is documented below.
*/
internetServiceGroups?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceGroup>[]>;
/**
* Internet Service ID. The structure of `internetServiceId` block is documented below.
*/
internetServiceIds?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceId>[]>;
/**
* Internet Service name. The structure of `internetServiceName` block is documented below.
*/
internetServiceNames?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyInternetServiceName>[]>;
/**
* When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values: `enable`, `disable`.
*/
internetServiceNegate?: pulumi.Input<string>;
/**
* Name of an existing IPS sensor.
*/
ipsSensor?: pulumi.Input<string>;
/**
* Name of an existing VoIP (ips) profile.
*/
ipsVoipFilter?: pulumi.Input<string>;
/**
* VDOM-specific GUI visible label.
*/
label?: pulumi.Input<string>;
/**
* Enable/disable logging traffic through the policy. Valid values: `all`, `utm`, `disable`.
*/
logtraffic?: pulumi.Input<string>;
/**
* Enable/disable policy log traffic start. Valid values: `enable`, `disable`.
*/
logtrafficStart?: pulumi.Input<string>;
/**
* Policy name.
*/
name?: pulumi.Input<string>;
/**
* Policy ID.
*/
policyid?: pulumi.Input<number>;
/**
* Name of IP pool object. The structure of `poolname` block is documented below.
*/
poolnames?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyPoolname>[]>;
/**
* Name of profile group.
*/
profileGroup?: pulumi.Input<string>;
/**
* Name of an existing Protocol options profile.
*/
profileProtocolOptions?: pulumi.Input<string>;
/**
* Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: `single`, `group`.
*/
profileType?: pulumi.Input<string>;
/**
* Type of explicit proxy.
*/
proxy: pulumi.Input<string>;
/**
* Redirect URL for further explicit web proxy processing.
*/
redirectUrl?: pulumi.Input<string>;
/**
* Authentication replacement message override group.
*/
replacemsgOverrideGroup?: pulumi.Input<string>;
/**
* Enable/disable scanning of connections to Botnet servers. Valid values: `disable`, `block`, `monitor`.
*/
scanBotnetConnections?: pulumi.Input<string>;
/**
* Name of schedule object.
*/
schedule: pulumi.Input<string>;
/**
* Name of an existing SCTP filter profile.
*/
sctpFilterProfile?: pulumi.Input<string>;
/**
* When enabled, services match against any service EXCEPT the specified destination services. Valid values: `enable`, `disable`.
*/
serviceNegate?: pulumi.Input<string>;
/**
* Name of service objects. The structure of `service` block is documented below.
*/
services?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyService>[]>;
/**
* TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
*/
sessionTtl?: pulumi.Input<number>;
/**
* Name of an existing Spam filter profile.
*/
spamfilterProfile?: pulumi.Input<string>;
/**
* IPv6 source address objects. The structure of `srcaddr6` block is documented below.
*/
srcaddr6s?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcaddr6>[]>;
/**
* When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values: `enable`, `disable`.
*/
srcaddrNegate?: pulumi.Input<string>;
/**
* Source address objects. The structure of `srcaddr` block is documented below.
*/
srcaddrs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcaddr>[]>;
/**
* Source interface names. The structure of `srcintf` block is documented below.
*/
srcintfs?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicySrcintf>[]>;
/**
* Name of an existing SSH filter profile.
*/
sshFilterProfile?: pulumi.Input<string>;
/**
* Redirect SSH traffic to matching transparent proxy policy. Valid values: `enable`, `disable`.
*/
sshPolicyRedirect?: pulumi.Input<string>;
/**
* Name of an existing SSL SSH profile.
*/
sslSshProfile?: pulumi.Input<string>;
/**
* Enable/disable the active status of the policy. Valid values: `enable`, `disable`.
*/
status?: pulumi.Input<string>;
/**
* Enable to use the IP address of the client to connect to the server. Valid values: `enable`, `disable`.
*/
transparent?: pulumi.Input<string>;
/**
* Names of user objects. The structure of `users` block is documented below.
*/
users?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyUser>[]>;
/**
* Enable the use of UTM profiles/sensors/lists. Valid values: `enable`, `disable`.
*/
utmStatus?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Name of an existing VideoFilter profile.
*/
videofilterProfile?: pulumi.Input<string>;
/**
* Name of an existing virtual-patch profile.
*/
virtualPatchProfile?: pulumi.Input<string>;
/**
* Name of an existing VoIP profile.
*/
voipProfile?: pulumi.Input<string>;
/**
* Name of an existing Web application firewall profile.
*/
wafProfile?: pulumi.Input<string>;
/**
* Enable/disable web caching. Valid values: `enable`, `disable`.
*/
webcache?: pulumi.Input<string>;
/**
* Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values: `disable`, `enable`.
*/
webcacheHttps?: pulumi.Input<string>;
/**
* Name of an existing Web filter profile.
*/
webfilterProfile?: pulumi.Input<string>;
/**
* Web proxy forward server name.
*/
webproxyForwardServer?: pulumi.Input<string>;
/**
* Name of web proxy profile.
*/
webproxyProfile?: pulumi.Input<string>;
/**
* ZTNA EMS Tag names. The structure of `ztnaEmsTag` block is documented below.
*/
ztnaEmsTags?: pulumi.Input<pulumi.Input<inputs.firewall.ProxypolicyZtnaEmsTag>[]>;
/**
* ZTNA tag matching logic. Valid values: `or`, `and`.
*/
ztnaTagsMatchLogic?: pulumi.Input<string>;
}