fortios.firewall.Policy6
Explore with Pulumi AI
Configure IPv6 policies. Applies to FortiOS Version <= 6.4.0
.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Policy6("trname", {
action: "deny",
diffservForward: "disable",
diffservReverse: "disable",
diffservcodeForward: "000000",
diffservcodeRev: "000000",
dsri: "disable",
dstaddrs: [{
name: "all",
}],
dstaddrNegate: "disable",
dstintfs: [{
name: "port3",
}],
firewallSessionDirty: "check-all",
fixedport: "disable",
inbound: "disable",
ippool: "disable",
logtraffic: "disable",
logtrafficStart: "disable",
nat: "disable",
natinbound: "disable",
natoutbound: "disable",
outbound: "disable",
policyid: 1,
profileProtocolOptions: "default",
profileType: "single",
rsso: "disable",
schedule: "always",
sendDenyPacket: "disable",
services: [{
name: "ALL",
}],
serviceNegate: "disable",
srcaddrs: [{
name: "all",
}],
srcaddrNegate: "disable",
srcintfs: [{
name: "port4",
}],
sslMirror: "disable",
status: "enable",
tcpMssReceiver: 0,
tcpMssSender: 0,
tcpSessionWithoutSyn: "disable",
timeoutSendRst: "disable",
tos: "0x00",
tosMask: "0x00",
tosNegate: "disable",
utmStatus: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Policy6("trname",
action="deny",
diffserv_forward="disable",
diffserv_reverse="disable",
diffservcode_forward="000000",
diffservcode_rev="000000",
dsri="disable",
dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
name="all",
)],
dstaddr_negate="disable",
dstintfs=[fortios.firewall.Policy6DstintfArgs(
name="port3",
)],
firewall_session_dirty="check-all",
fixedport="disable",
inbound="disable",
ippool="disable",
logtraffic="disable",
logtraffic_start="disable",
nat="disable",
natinbound="disable",
natoutbound="disable",
outbound="disable",
policyid=1,
profile_protocol_options="default",
profile_type="single",
rsso="disable",
schedule="always",
send_deny_packet="disable",
services=[fortios.firewall.Policy6ServiceArgs(
name="ALL",
)],
service_negate="disable",
srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
name="all",
)],
srcaddr_negate="disable",
srcintfs=[fortios.firewall.Policy6SrcintfArgs(
name="port4",
)],
ssl_mirror="disable",
status="enable",
tcp_mss_receiver=0,
tcp_mss_sender=0,
tcp_session_without_syn="disable",
timeout_send_rst="disable",
tos="0x00",
tos_mask="0x00",
tos_negate="disable",
utm_status="disable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewPolicy6(ctx, "trname", &firewall.Policy6Args{
Action: pulumi.String("deny"),
DiffservForward: pulumi.String("disable"),
DiffservReverse: pulumi.String("disable"),
DiffservcodeForward: pulumi.String("000000"),
DiffservcodeRev: pulumi.String("000000"),
Dsri: pulumi.String("disable"),
Dstaddrs: firewall.Policy6DstaddrArray{
&firewall.Policy6DstaddrArgs{
Name: pulumi.String("all"),
},
},
DstaddrNegate: pulumi.String("disable"),
Dstintfs: firewall.Policy6DstintfArray{
&firewall.Policy6DstintfArgs{
Name: pulumi.String("port3"),
},
},
FirewallSessionDirty: pulumi.String("check-all"),
Fixedport: pulumi.String("disable"),
Inbound: pulumi.String("disable"),
Ippool: pulumi.String("disable"),
Logtraffic: pulumi.String("disable"),
LogtrafficStart: pulumi.String("disable"),
Nat: pulumi.String("disable"),
Natinbound: pulumi.String("disable"),
Natoutbound: pulumi.String("disable"),
Outbound: pulumi.String("disable"),
Policyid: pulumi.Int(1),
ProfileProtocolOptions: pulumi.String("default"),
ProfileType: pulumi.String("single"),
Rsso: pulumi.String("disable"),
Schedule: pulumi.String("always"),
SendDenyPacket: pulumi.String("disable"),
Services: firewall.Policy6ServiceArray{
&firewall.Policy6ServiceArgs{
Name: pulumi.String("ALL"),
},
},
ServiceNegate: pulumi.String("disable"),
Srcaddrs: firewall.Policy6SrcaddrArray{
&firewall.Policy6SrcaddrArgs{
Name: pulumi.String("all"),
},
},
SrcaddrNegate: pulumi.String("disable"),
Srcintfs: firewall.Policy6SrcintfArray{
&firewall.Policy6SrcintfArgs{
Name: pulumi.String("port4"),
},
},
SslMirror: pulumi.String("disable"),
Status: pulumi.String("enable"),
TcpMssReceiver: pulumi.Int(0),
TcpMssSender: pulumi.Int(0),
TcpSessionWithoutSyn: pulumi.String("disable"),
TimeoutSendRst: pulumi.String("disable"),
Tos: pulumi.String("0x00"),
TosMask: pulumi.String("0x00"),
TosNegate: pulumi.String("disable"),
UtmStatus: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Firewall.Policy6("trname", new()
{
Action = "deny",
DiffservForward = "disable",
DiffservReverse = "disable",
DiffservcodeForward = "000000",
DiffservcodeRev = "000000",
Dsri = "disable",
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.Policy6DstaddrArgs
{
Name = "all",
},
},
DstaddrNegate = "disable",
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.Policy6DstintfArgs
{
Name = "port3",
},
},
FirewallSessionDirty = "check-all",
Fixedport = "disable",
Inbound = "disable",
Ippool = "disable",
Logtraffic = "disable",
LogtrafficStart = "disable",
Nat = "disable",
Natinbound = "disable",
Natoutbound = "disable",
Outbound = "disable",
Policyid = 1,
ProfileProtocolOptions = "default",
ProfileType = "single",
Rsso = "disable",
Schedule = "always",
SendDenyPacket = "disable",
Services = new[]
{
new Fortios.Firewall.Inputs.Policy6ServiceArgs
{
Name = "ALL",
},
},
ServiceNegate = "disable",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
{
Name = "all",
},
},
SrcaddrNegate = "disable",
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.Policy6SrcintfArgs
{
Name = "port4",
},
},
SslMirror = "disable",
Status = "enable",
TcpMssReceiver = 0,
TcpMssSender = 0,
TcpSessionWithoutSyn = "disable",
TimeoutSendRst = "disable",
Tos = "0x00",
TosMask = "0x00",
TosNegate = "disable",
UtmStatus = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Policy6;
import com.pulumi.fortios.firewall.Policy6Args;
import com.pulumi.fortios.firewall.inputs.Policy6DstaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6DstintfArgs;
import com.pulumi.fortios.firewall.inputs.Policy6ServiceArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Policy6("trname", Policy6Args.builder()
.action("deny")
.diffservForward("disable")
.diffservReverse("disable")
.diffservcodeForward("000000")
.diffservcodeRev("000000")
.dsri("disable")
.dstaddrs(Policy6DstaddrArgs.builder()
.name("all")
.build())
.dstaddrNegate("disable")
.dstintfs(Policy6DstintfArgs.builder()
.name("port3")
.build())
.firewallSessionDirty("check-all")
.fixedport("disable")
.inbound("disable")
.ippool("disable")
.logtraffic("disable")
.logtrafficStart("disable")
.nat("disable")
.natinbound("disable")
.natoutbound("disable")
.outbound("disable")
.policyid(1)
.profileProtocolOptions("default")
.profileType("single")
.rsso("disable")
.schedule("always")
.sendDenyPacket("disable")
.services(Policy6ServiceArgs.builder()
.name("ALL")
.build())
.serviceNegate("disable")
.srcaddrs(Policy6SrcaddrArgs.builder()
.name("all")
.build())
.srcaddrNegate("disable")
.srcintfs(Policy6SrcintfArgs.builder()
.name("port4")
.build())
.sslMirror("disable")
.status("enable")
.tcpMssReceiver(0)
.tcpMssSender(0)
.tcpSessionWithoutSyn("disable")
.timeoutSendRst("disable")
.tos("0x00")
.tosMask("0x00")
.tosNegate("disable")
.utmStatus("disable")
.build());
}
}
resources:
trname:
type: fortios:firewall:Policy6
properties:
action: deny
diffservForward: disable
diffservReverse: disable
diffservcodeForward: '000000'
diffservcodeRev: '000000'
dsri: disable
dstaddrs:
- name: all
dstaddrNegate: disable
dstintfs:
- name: port3
firewallSessionDirty: check-all
fixedport: disable
inbound: disable
ippool: disable
logtraffic: disable
logtrafficStart: disable
nat: disable
natinbound: disable
natoutbound: disable
outbound: disable
policyid: 1
profileProtocolOptions: default
profileType: single
rsso: disable
schedule: always
sendDenyPacket: disable
services:
- name: ALL
serviceNegate: disable
srcaddrs:
- name: all
srcaddrNegate: disable
srcintfs:
- name: port4
sslMirror: disable
status: enable
tcpMssReceiver: 0
tcpMssSender: 0
tcpSessionWithoutSyn: disable
timeoutSendRst: disable
tos: 0x00
tosMask: 0x00
tosNegate: disable
utmStatus: disable
Create Policy6 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy6(name: string, args: Policy6Args, opts?: CustomResourceOptions);
@overload
def Policy6(resource_name: str,
args: Policy6Args,
opts: Optional[ResourceOptions] = None)
@overload
def Policy6(resource_name: str,
opts: Optional[ResourceOptions] = None,
dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
schedule: Optional[str] = None,
srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
natoutbound: Optional[str] = None,
fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
decrypted_traffic_mirror: Optional[str] = None,
devices: Optional[Sequence[Policy6DeviceArgs]] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
outbound: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fixedport: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
get_all_tables: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[Policy6GroupArgs]] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
natinbound: Optional[str] = None,
action: Optional[str] = None,
dsri: Optional[str] = None,
anti_replay: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
rsso: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[Policy6ServiceArgs]] = None,
session_ttl: Optional[int] = None,
spamfilter_profile: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_mirror: Optional[str] = None,
ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
tcp_mss_receiver: Optional[int] = None,
tcp_mss_sender: Optional[int] = None,
tcp_session_without_syn: Optional[str] = None,
timeout_send_rst: Optional[str] = None,
tos: Optional[str] = None,
tos_mask: Optional[str] = None,
tos_negate: Optional[str] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
users: Optional[Sequence[Policy6UserArgs]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
vlan_cos_fwd: Optional[int] = None,
vlan_cos_rev: Optional[int] = None,
vlan_filter: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
policyid: Optional[int] = None,
webproxy_profile: Optional[str] = None)
func NewPolicy6(ctx *Context, name string, args Policy6Args, opts ...ResourceOption) (*Policy6, error)
public Policy6(string name, Policy6Args args, CustomResourceOptions? opts = null)
public Policy6(String name, Policy6Args args)
public Policy6(String name, Policy6Args args, CustomResourceOptions options)
type: fortios:firewall:Policy6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policy6Resource = new Fortios.Firewall.Policy6("policy6Resource", new()
{
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.Policy6DstaddrArgs
{
Name = "string",
},
},
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.Policy6DstintfArgs
{
Name = "string",
},
},
Schedule = "string",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
{
Name = "string",
},
},
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.Policy6SrcintfArgs
{
Name = "string",
},
},
Natoutbound = "string",
FssoGroups = new[]
{
new Fortios.Firewall.Inputs.Policy6FssoGroupArgs
{
Name = "string",
},
},
AppCategories = new[]
{
new Fortios.Firewall.Inputs.Policy6AppCategoryArgs
{
Id = 0,
},
},
AppGroups = new[]
{
new Fortios.Firewall.Inputs.Policy6AppGroupArgs
{
Name = "string",
},
},
ApplicationList = "string",
Applications = new[]
{
new Fortios.Firewall.Inputs.Policy6ApplicationArgs
{
Id = 0,
},
},
AutoAsicOffload = "string",
AvProfile = "string",
CifsProfile = "string",
Comments = "string",
CustomLogFields = new[]
{
new Fortios.Firewall.Inputs.Policy6CustomLogFieldArgs
{
FieldId = "string",
},
},
DecryptedTrafficMirror = "string",
Devices = new[]
{
new Fortios.Firewall.Inputs.Policy6DeviceArgs
{
Name = "string",
},
},
DiffservForward = "string",
DiffservReverse = "string",
DiffservcodeForward = "string",
DiffservcodeRev = "string",
DlpSensor = "string",
DnsfilterProfile = "string",
Outbound = "string",
DstaddrNegate = "string",
DynamicSortSubtable = "string",
EmailfilterProfile = "string",
FirewallSessionDirty = "string",
Fixedport = "string",
PerIpShaper = "string",
GetAllTables = "string",
GlobalLabel = "string",
Groups = new[]
{
new Fortios.Firewall.Inputs.Policy6GroupArgs
{
Name = "string",
},
},
HttpPolicyRedirect = "string",
IcapProfile = "string",
Inbound = "string",
InspectionMode = "string",
Ippool = "string",
IpsSensor = "string",
Label = "string",
Logtraffic = "string",
LogtrafficStart = "string",
Name = "string",
Nat = "string",
Natinbound = "string",
Action = "string",
Dsri = "string",
AntiReplay = "string",
WebproxyForwardServer = "string",
Poolnames = new[]
{
new Fortios.Firewall.Inputs.Policy6PoolnameArgs
{
Name = "string",
},
},
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
ReplacemsgOverrideGroup = "string",
Rsso = "string",
SendDenyPacket = "string",
ServiceNegate = "string",
Services = new[]
{
new Fortios.Firewall.Inputs.Policy6ServiceArgs
{
Name = "string",
},
},
SessionTtl = 0,
SpamfilterProfile = "string",
SrcaddrNegate = "string",
SshFilterProfile = "string",
SshPolicyRedirect = "string",
SslMirror = "string",
SslMirrorIntfs = new[]
{
new Fortios.Firewall.Inputs.Policy6SslMirrorIntfArgs
{
Name = "string",
},
},
SslSshProfile = "string",
Status = "string",
TcpMssReceiver = 0,
TcpMssSender = 0,
TcpSessionWithoutSyn = "string",
TimeoutSendRst = "string",
Tos = "string",
TosMask = "string",
TosNegate = "string",
TrafficShaper = "string",
TrafficShaperReverse = "string",
UrlCategories = new[]
{
new Fortios.Firewall.Inputs.Policy6UrlCategoryArgs
{
Id = 0,
},
},
Users = new[]
{
new Fortios.Firewall.Inputs.Policy6UserArgs
{
Name = "string",
},
},
UtmStatus = "string",
Uuid = "string",
Vdomparam = "string",
VlanCosFwd = 0,
VlanCosRev = 0,
VlanFilter = "string",
VoipProfile = "string",
Vpntunnel = "string",
WafProfile = "string",
Webcache = "string",
WebcacheHttps = "string",
WebfilterProfile = "string",
Policyid = 0,
WebproxyProfile = "string",
});
example, err := firewall.NewPolicy6(ctx, "policy6Resource", &firewall.Policy6Args{
Dstaddrs: firewall.Policy6DstaddrArray{
&firewall.Policy6DstaddrArgs{
Name: pulumi.String("string"),
},
},
Dstintfs: firewall.Policy6DstintfArray{
&firewall.Policy6DstintfArgs{
Name: pulumi.String("string"),
},
},
Schedule: pulumi.String("string"),
Srcaddrs: firewall.Policy6SrcaddrArray{
&firewall.Policy6SrcaddrArgs{
Name: pulumi.String("string"),
},
},
Srcintfs: firewall.Policy6SrcintfArray{
&firewall.Policy6SrcintfArgs{
Name: pulumi.String("string"),
},
},
Natoutbound: pulumi.String("string"),
FssoGroups: firewall.Policy6FssoGroupArray{
&firewall.Policy6FssoGroupArgs{
Name: pulumi.String("string"),
},
},
AppCategories: firewall.Policy6AppCategoryArray{
&firewall.Policy6AppCategoryArgs{
Id: pulumi.Int(0),
},
},
AppGroups: firewall.Policy6AppGroupArray{
&firewall.Policy6AppGroupArgs{
Name: pulumi.String("string"),
},
},
ApplicationList: pulumi.String("string"),
Applications: firewall.Policy6ApplicationArray{
&firewall.Policy6ApplicationArgs{
Id: pulumi.Int(0),
},
},
AutoAsicOffload: pulumi.String("string"),
AvProfile: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
CustomLogFields: firewall.Policy6CustomLogFieldArray{
&firewall.Policy6CustomLogFieldArgs{
FieldId: pulumi.String("string"),
},
},
DecryptedTrafficMirror: pulumi.String("string"),
Devices: firewall.Policy6DeviceArray{
&firewall.Policy6DeviceArgs{
Name: pulumi.String("string"),
},
},
DiffservForward: pulumi.String("string"),
DiffservReverse: pulumi.String("string"),
DiffservcodeForward: pulumi.String("string"),
DiffservcodeRev: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
DnsfilterProfile: pulumi.String("string"),
Outbound: pulumi.String("string"),
DstaddrNegate: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EmailfilterProfile: pulumi.String("string"),
FirewallSessionDirty: pulumi.String("string"),
Fixedport: pulumi.String("string"),
PerIpShaper: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
GlobalLabel: pulumi.String("string"),
Groups: firewall.Policy6GroupArray{
&firewall.Policy6GroupArgs{
Name: pulumi.String("string"),
},
},
HttpPolicyRedirect: pulumi.String("string"),
IcapProfile: pulumi.String("string"),
Inbound: pulumi.String("string"),
InspectionMode: pulumi.String("string"),
Ippool: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Label: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
Name: pulumi.String("string"),
Nat: pulumi.String("string"),
Natinbound: pulumi.String("string"),
Action: pulumi.String("string"),
Dsri: pulumi.String("string"),
AntiReplay: pulumi.String("string"),
WebproxyForwardServer: pulumi.String("string"),
Poolnames: firewall.Policy6PoolnameArray{
&firewall.Policy6PoolnameArgs{
Name: pulumi.String("string"),
},
},
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
ReplacemsgOverrideGroup: pulumi.String("string"),
Rsso: pulumi.String("string"),
SendDenyPacket: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
Services: firewall.Policy6ServiceArray{
&firewall.Policy6ServiceArgs{
Name: pulumi.String("string"),
},
},
SessionTtl: pulumi.Int(0),
SpamfilterProfile: pulumi.String("string"),
SrcaddrNegate: pulumi.String("string"),
SshFilterProfile: pulumi.String("string"),
SshPolicyRedirect: pulumi.String("string"),
SslMirror: pulumi.String("string"),
SslMirrorIntfs: firewall.Policy6SslMirrorIntfArray{
&firewall.Policy6SslMirrorIntfArgs{
Name: pulumi.String("string"),
},
},
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
TcpMssReceiver: pulumi.Int(0),
TcpMssSender: pulumi.Int(0),
TcpSessionWithoutSyn: pulumi.String("string"),
TimeoutSendRst: pulumi.String("string"),
Tos: pulumi.String("string"),
TosMask: pulumi.String("string"),
TosNegate: pulumi.String("string"),
TrafficShaper: pulumi.String("string"),
TrafficShaperReverse: pulumi.String("string"),
UrlCategories: firewall.Policy6UrlCategoryArray{
&firewall.Policy6UrlCategoryArgs{
Id: pulumi.Int(0),
},
},
Users: firewall.Policy6UserArray{
&firewall.Policy6UserArgs{
Name: pulumi.String("string"),
},
},
UtmStatus: pulumi.String("string"),
Uuid: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
VlanCosFwd: pulumi.Int(0),
VlanCosRev: pulumi.Int(0),
VlanFilter: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
Vpntunnel: pulumi.String("string"),
WafProfile: pulumi.String("string"),
Webcache: pulumi.String("string"),
WebcacheHttps: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
Policyid: pulumi.Int(0),
WebproxyProfile: pulumi.String("string"),
})
var policy6Resource = new Policy6("policy6Resource", Policy6Args.builder()
.dstaddrs(Policy6DstaddrArgs.builder()
.name("string")
.build())
.dstintfs(Policy6DstintfArgs.builder()
.name("string")
.build())
.schedule("string")
.srcaddrs(Policy6SrcaddrArgs.builder()
.name("string")
.build())
.srcintfs(Policy6SrcintfArgs.builder()
.name("string")
.build())
.natoutbound("string")
.fssoGroups(Policy6FssoGroupArgs.builder()
.name("string")
.build())
.appCategories(Policy6AppCategoryArgs.builder()
.id(0)
.build())
.appGroups(Policy6AppGroupArgs.builder()
.name("string")
.build())
.applicationList("string")
.applications(Policy6ApplicationArgs.builder()
.id(0)
.build())
.autoAsicOffload("string")
.avProfile("string")
.cifsProfile("string")
.comments("string")
.customLogFields(Policy6CustomLogFieldArgs.builder()
.fieldId("string")
.build())
.decryptedTrafficMirror("string")
.devices(Policy6DeviceArgs.builder()
.name("string")
.build())
.diffservForward("string")
.diffservReverse("string")
.diffservcodeForward("string")
.diffservcodeRev("string")
.dlpSensor("string")
.dnsfilterProfile("string")
.outbound("string")
.dstaddrNegate("string")
.dynamicSortSubtable("string")
.emailfilterProfile("string")
.firewallSessionDirty("string")
.fixedport("string")
.perIpShaper("string")
.getAllTables("string")
.globalLabel("string")
.groups(Policy6GroupArgs.builder()
.name("string")
.build())
.httpPolicyRedirect("string")
.icapProfile("string")
.inbound("string")
.inspectionMode("string")
.ippool("string")
.ipsSensor("string")
.label("string")
.logtraffic("string")
.logtrafficStart("string")
.name("string")
.nat("string")
.natinbound("string")
.action("string")
.dsri("string")
.antiReplay("string")
.webproxyForwardServer("string")
.poolnames(Policy6PoolnameArgs.builder()
.name("string")
.build())
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.replacemsgOverrideGroup("string")
.rsso("string")
.sendDenyPacket("string")
.serviceNegate("string")
.services(Policy6ServiceArgs.builder()
.name("string")
.build())
.sessionTtl(0)
.spamfilterProfile("string")
.srcaddrNegate("string")
.sshFilterProfile("string")
.sshPolicyRedirect("string")
.sslMirror("string")
.sslMirrorIntfs(Policy6SslMirrorIntfArgs.builder()
.name("string")
.build())
.sslSshProfile("string")
.status("string")
.tcpMssReceiver(0)
.tcpMssSender(0)
.tcpSessionWithoutSyn("string")
.timeoutSendRst("string")
.tos("string")
.tosMask("string")
.tosNegate("string")
.trafficShaper("string")
.trafficShaperReverse("string")
.urlCategories(Policy6UrlCategoryArgs.builder()
.id(0)
.build())
.users(Policy6UserArgs.builder()
.name("string")
.build())
.utmStatus("string")
.uuid("string")
.vdomparam("string")
.vlanCosFwd(0)
.vlanCosRev(0)
.vlanFilter("string")
.voipProfile("string")
.vpntunnel("string")
.wafProfile("string")
.webcache("string")
.webcacheHttps("string")
.webfilterProfile("string")
.policyid(0)
.webproxyProfile("string")
.build());
policy6_resource = fortios.firewall.Policy6("policy6Resource",
dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
name="string",
)],
dstintfs=[fortios.firewall.Policy6DstintfArgs(
name="string",
)],
schedule="string",
srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
name="string",
)],
srcintfs=[fortios.firewall.Policy6SrcintfArgs(
name="string",
)],
natoutbound="string",
fsso_groups=[fortios.firewall.Policy6FssoGroupArgs(
name="string",
)],
app_categories=[fortios.firewall.Policy6AppCategoryArgs(
id=0,
)],
app_groups=[fortios.firewall.Policy6AppGroupArgs(
name="string",
)],
application_list="string",
applications=[fortios.firewall.Policy6ApplicationArgs(
id=0,
)],
auto_asic_offload="string",
av_profile="string",
cifs_profile="string",
comments="string",
custom_log_fields=[fortios.firewall.Policy6CustomLogFieldArgs(
field_id="string",
)],
decrypted_traffic_mirror="string",
devices=[fortios.firewall.Policy6DeviceArgs(
name="string",
)],
diffserv_forward="string",
diffserv_reverse="string",
diffservcode_forward="string",
diffservcode_rev="string",
dlp_sensor="string",
dnsfilter_profile="string",
outbound="string",
dstaddr_negate="string",
dynamic_sort_subtable="string",
emailfilter_profile="string",
firewall_session_dirty="string",
fixedport="string",
per_ip_shaper="string",
get_all_tables="string",
global_label="string",
groups=[fortios.firewall.Policy6GroupArgs(
name="string",
)],
http_policy_redirect="string",
icap_profile="string",
inbound="string",
inspection_mode="string",
ippool="string",
ips_sensor="string",
label="string",
logtraffic="string",
logtraffic_start="string",
name="string",
nat="string",
natinbound="string",
action="string",
dsri="string",
anti_replay="string",
webproxy_forward_server="string",
poolnames=[fortios.firewall.Policy6PoolnameArgs(
name="string",
)],
profile_group="string",
profile_protocol_options="string",
profile_type="string",
replacemsg_override_group="string",
rsso="string",
send_deny_packet="string",
service_negate="string",
services=[fortios.firewall.Policy6ServiceArgs(
name="string",
)],
session_ttl=0,
spamfilter_profile="string",
srcaddr_negate="string",
ssh_filter_profile="string",
ssh_policy_redirect="string",
ssl_mirror="string",
ssl_mirror_intfs=[fortios.firewall.Policy6SslMirrorIntfArgs(
name="string",
)],
ssl_ssh_profile="string",
status="string",
tcp_mss_receiver=0,
tcp_mss_sender=0,
tcp_session_without_syn="string",
timeout_send_rst="string",
tos="string",
tos_mask="string",
tos_negate="string",
traffic_shaper="string",
traffic_shaper_reverse="string",
url_categories=[fortios.firewall.Policy6UrlCategoryArgs(
id=0,
)],
users=[fortios.firewall.Policy6UserArgs(
name="string",
)],
utm_status="string",
uuid="string",
vdomparam="string",
vlan_cos_fwd=0,
vlan_cos_rev=0,
vlan_filter="string",
voip_profile="string",
vpntunnel="string",
waf_profile="string",
webcache="string",
webcache_https="string",
webfilter_profile="string",
policyid=0,
webproxy_profile="string")
const policy6Resource = new fortios.firewall.Policy6("policy6Resource", {
dstaddrs: [{
name: "string",
}],
dstintfs: [{
name: "string",
}],
schedule: "string",
srcaddrs: [{
name: "string",
}],
srcintfs: [{
name: "string",
}],
natoutbound: "string",
fssoGroups: [{
name: "string",
}],
appCategories: [{
id: 0,
}],
appGroups: [{
name: "string",
}],
applicationList: "string",
applications: [{
id: 0,
}],
autoAsicOffload: "string",
avProfile: "string",
cifsProfile: "string",
comments: "string",
customLogFields: [{
fieldId: "string",
}],
decryptedTrafficMirror: "string",
devices: [{
name: "string",
}],
diffservForward: "string",
diffservReverse: "string",
diffservcodeForward: "string",
diffservcodeRev: "string",
dlpSensor: "string",
dnsfilterProfile: "string",
outbound: "string",
dstaddrNegate: "string",
dynamicSortSubtable: "string",
emailfilterProfile: "string",
firewallSessionDirty: "string",
fixedport: "string",
perIpShaper: "string",
getAllTables: "string",
globalLabel: "string",
groups: [{
name: "string",
}],
httpPolicyRedirect: "string",
icapProfile: "string",
inbound: "string",
inspectionMode: "string",
ippool: "string",
ipsSensor: "string",
label: "string",
logtraffic: "string",
logtrafficStart: "string",
name: "string",
nat: "string",
natinbound: "string",
action: "string",
dsri: "string",
antiReplay: "string",
webproxyForwardServer: "string",
poolnames: [{
name: "string",
}],
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
replacemsgOverrideGroup: "string",
rsso: "string",
sendDenyPacket: "string",
serviceNegate: "string",
services: [{
name: "string",
}],
sessionTtl: 0,
spamfilterProfile: "string",
srcaddrNegate: "string",
sshFilterProfile: "string",
sshPolicyRedirect: "string",
sslMirror: "string",
sslMirrorIntfs: [{
name: "string",
}],
sslSshProfile: "string",
status: "string",
tcpMssReceiver: 0,
tcpMssSender: 0,
tcpSessionWithoutSyn: "string",
timeoutSendRst: "string",
tos: "string",
tosMask: "string",
tosNegate: "string",
trafficShaper: "string",
trafficShaperReverse: "string",
urlCategories: [{
id: 0,
}],
users: [{
name: "string",
}],
utmStatus: "string",
uuid: "string",
vdomparam: "string",
vlanCosFwd: 0,
vlanCosRev: 0,
vlanFilter: "string",
voipProfile: "string",
vpntunnel: "string",
wafProfile: "string",
webcache: "string",
webcacheHttps: "string",
webfilterProfile: "string",
policyid: 0,
webproxyProfile: "string",
});
type: fortios:firewall:Policy6
properties:
action: string
antiReplay: string
appCategories:
- id: 0
appGroups:
- name: string
applicationList: string
applications:
- id: 0
autoAsicOffload: string
avProfile: string
cifsProfile: string
comments: string
customLogFields:
- fieldId: string
decryptedTrafficMirror: string
devices:
- name: string
diffservForward: string
diffservReverse: string
diffservcodeForward: string
diffservcodeRev: string
dlpSensor: string
dnsfilterProfile: string
dsri: string
dstaddrNegate: string
dstaddrs:
- name: string
dstintfs:
- name: string
dynamicSortSubtable: string
emailfilterProfile: string
firewallSessionDirty: string
fixedport: string
fssoGroups:
- name: string
getAllTables: string
globalLabel: string
groups:
- name: string
httpPolicyRedirect: string
icapProfile: string
inbound: string
inspectionMode: string
ippool: string
ipsSensor: string
label: string
logtraffic: string
logtrafficStart: string
name: string
nat: string
natinbound: string
natoutbound: string
outbound: string
perIpShaper: string
policyid: 0
poolnames:
- name: string
profileGroup: string
profileProtocolOptions: string
profileType: string
replacemsgOverrideGroup: string
rsso: string
schedule: string
sendDenyPacket: string
serviceNegate: string
services:
- name: string
sessionTtl: 0
spamfilterProfile: string
srcaddrNegate: string
srcaddrs:
- name: string
srcintfs:
- name: string
sshFilterProfile: string
sshPolicyRedirect: string
sslMirror: string
sslMirrorIntfs:
- name: string
sslSshProfile: string
status: string
tcpMssReceiver: 0
tcpMssSender: 0
tcpSessionWithoutSyn: string
timeoutSendRst: string
tos: string
tosMask: string
tosNegate: string
trafficShaper: string
trafficShaperReverse: string
urlCategories:
- id: 0
users:
- name: string
utmStatus: string
uuid: string
vdomparam: string
vlanCosFwd: 0
vlanCosRev: 0
vlanFilter: string
voipProfile: string
vpntunnel: string
wafProfile: string
webcache: string
webcacheHttps: string
webfilterProfile: string
webproxyForwardServer: string
webproxyProfile: string
Policy6 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Policy6 resource accepts the following input properties:
- Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Dstaddr> - Destination address and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Schedule string
- Schedule name.
- Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Srcaddr> - Source address and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - App
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Category> - Application category ID list. The structure of
app_category
block is documented below. - App
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Group> - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Application> - Application ID list. The structure of
application
block is documented below. - Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - Av
Profile string - Name of an existing Antivirus profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log List<Pulumiverse.Fields Fortios. Firewall. Inputs. Policy6Custom Log Field> - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Devices
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Device> - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - Fsso
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Fsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - Per
Ip stringShaper - Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Poolname> - IP Pool names. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Service> - Service and service group names. The structure of
service
block is documented below. - Session
Ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - Ssl
Mirror List<Pulumiverse.Intfs Fortios. Firewall. Inputs. Policy6Ssl Mirror Intf> - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Tcp
Mss intReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss intSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Url Category> - URL category ID list. The structure of
url_category
block is documented below. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Cos intFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos intRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- Dstaddrs
[]Policy6Dstaddr
Args - Destination address and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
[]Policy6Dstintf
Args - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Schedule string
- Schedule name.
- Srcaddrs
[]Policy6Srcaddr
Args - Source address and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
[]Policy6Srcintf
Args - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - App
Categories []Policy6AppCategory Args - Application category ID list. The structure of
app_category
block is documented below. - App
Groups []Policy6AppGroup Args - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
[]Policy6Application
Args - Application ID list. The structure of
application
block is documented below. - Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - Av
Profile string - Name of an existing Antivirus profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log []Policy6CustomFields Log Field Args - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Devices
[]Policy6Device
Args - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - Fsso
Groups []Policy6FssoGroup Args - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups
[]Policy6Group
Args - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - Per
Ip stringShaper - Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
[]Policy6Poolname
Args - IP Pool names. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
[]Policy6Service
Args - Service and service group names. The structure of
service
block is documented below. - Session
Ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - Ssl
Mirror []Policy6SslIntfs Mirror Intf Args - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Tcp
Mss intReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss intSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Categories []Policy6UrlCategory Args - URL category ID list. The structure of
url_category
block is documented below. - Users
[]Policy6User
Args - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Cos intFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos intRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- dstaddrs List<Policy6Dstaddr>
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Policy6Dstintf>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - schedule String
- Schedule name.
- srcaddrs List<Policy6Srcaddr>
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Policy6Srcintf>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - action String
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay String - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories List<Policy6AppCategory> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Policy6AppGroup> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Policy6Application>
- Application ID list. The structure of
application
block is documented below. - auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile String - Name of an existing Antivirus profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log List<Policy6CustomFields Log Field> - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- devices List<Policy6Device>
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups List<Policy6FssoGroup> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups List<Policy6Group>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip StringShaper - Per-IP traffic shaper.
- policyid Integer
- Policy ID.
- poolnames List<Policy6Poolname>
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Policy6Service>
- Service and service group names. The structure of
service
block is documented below. - session
Ttl Integer - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror List<Policy6SslIntfs Mirror Intf> - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss IntegerReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss IntegerSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Categories List<Policy6UrlCategory> - URL category ID list. The structure of
url_category
block is documented below. - users List<Policy6User>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos IntegerFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos IntegerRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- dstaddrs Policy6Dstaddr[]
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs Policy6Dstintf[]
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - schedule string
- Schedule name.
- srcaddrs Policy6Srcaddr[]
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs Policy6Srcintf[]
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories Policy6AppCategory[] - Application category ID list. The structure of
app_category
block is documented below. - app
Groups Policy6AppGroup[] - Application group names. The structure of
app_group
block is documented below. - application
List string - Name of an existing Application list.
- applications Policy6Application[]
- Application ID list. The structure of
application
block is documented below. - auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile string - Name of an existing Antivirus profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- custom
Log Policy6CustomFields Log Field[] - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic stringMirror - Decrypted traffic mirror.
- devices Policy6Device[]
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups Policy6FssoGroup[] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups Policy6Group[]
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile string - Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip stringShaper - Per-IP traffic shaper.
- policyid number
- Policy ID.
- poolnames Policy6Poolname[]
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services Policy6Service[]
- Service and service group names. The structure of
service
block is documented below. - session
Ttl number - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror Policy6SslIntfs Mirror Intf[] - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos string
- ToS (Type of Service) value used for comparison.
- tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper string - Reverse traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Categories Policy6UrlCategory[] - URL category ID list. The structure of
url_category
block is documented below. - users Policy6User[]
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos numberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos numberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter string - Set VLAN filters.
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- dstaddrs
Sequence[Policy6Dstaddr
Args] - Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Sequence[Policy6Dstintf
Args] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - schedule str
- Schedule name.
- srcaddrs
Sequence[Policy6Srcaddr
Args] - Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Policy6Srcintf
Args] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - action str
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti_
replay str - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app_
categories Sequence[Policy6AppCategory Args] - Application category ID list. The structure of
app_category
block is documented below. - app_
groups Sequence[Policy6AppGroup Args] - Application group names. The structure of
app_group
block is documented below. - application_
list str - Name of an existing Application list.
- applications
Sequence[Policy6Application
Args] - Application ID list. The structure of
application
block is documented below. - auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av_
profile str - Name of an existing Antivirus profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- custom_
log_ Sequence[Policy6Customfields Log Field Args] - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- devices
Sequence[Policy6Device
Args] - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- firewall_
session_ strdirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso_
groups Sequence[Policy6FssoGroup Args] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups
Sequence[Policy6Group
Args] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap_
profile str - Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Record logs when a session starts. Valid values:
enable
,disable
. - name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per_
ip_ strshaper - Per-IP traffic shaper.
- policyid int
- Policy ID.
- poolnames
Sequence[Policy6Poolname
Args] - IP Pool names. The structure of
poolname
block is documented below. - profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg_
override_ strgroup - Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - send_
deny_ strpacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Sequence[Policy6Service
Args] - Service and service group names. The structure of
service
block is documented below. - session_
ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl_
mirror str - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl_
mirror_ Sequence[Policy6Sslintfs Mirror Intf Args] - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp_
mss_ intreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ intsender - Sender TCP maximum segment size (MSS).
- tcp_
session_ strwithout_ syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout_
send_ strrst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos str
- ToS (Type of Service) value used for comparison.
- tos_
mask str - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_
negate str - Enable negated TOS match. Valid values:
enable
,disable
. - traffic_
shaper str - Reverse traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
categories Sequence[Policy6UrlCategory Args] - URL category ID list. The structure of
url_category
block is documented below. - users
Sequence[Policy6User
Args] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm_
status str - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_
cos_ intfwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
cos_ intrev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
filter str - Set VLAN filters.
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- dstaddrs List<Property Map>
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - schedule String
- Schedule name.
- srcaddrs List<Property Map>
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - action String
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay String - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories List<Property Map> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Property Map> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of
application
block is documented below. - auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile String - Name of an existing Antivirus profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log List<Property Map>Fields - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- devices List<Property Map>
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups List<Property Map> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip StringShaper - Per-IP traffic shaper.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Property Map>
- Service and service group names. The structure of
service
block is documented below. - session
Ttl Number - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror List<Property Map>Intfs - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Categories List<Property Map> - URL category ID list. The structure of
url_category
block is documented below. - users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos NumberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos NumberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy6 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Policy6 Resource
Get an existing Policy6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: Policy6State, opts?: CustomResourceOptions): Policy6
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
anti_replay: Optional[str] = None,
app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
decrypted_traffic_mirror: Optional[str] = None,
devices: Optional[Sequence[Policy6DeviceArgs]] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dsri: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fixedport: Optional[str] = None,
fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
get_all_tables: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[Policy6GroupArgs]] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
natinbound: Optional[str] = None,
natoutbound: Optional[str] = None,
outbound: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
policyid: Optional[int] = None,
poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
rsso: Optional[str] = None,
schedule: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[Policy6ServiceArgs]] = None,
session_ttl: Optional[int] = None,
spamfilter_profile: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_mirror: Optional[str] = None,
ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
tcp_mss_receiver: Optional[int] = None,
tcp_mss_sender: Optional[int] = None,
tcp_session_without_syn: Optional[str] = None,
timeout_send_rst: Optional[str] = None,
tos: Optional[str] = None,
tos_mask: Optional[str] = None,
tos_negate: Optional[str] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
users: Optional[Sequence[Policy6UserArgs]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
vlan_cos_fwd: Optional[int] = None,
vlan_cos_rev: Optional[int] = None,
vlan_filter: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None) -> Policy6
func GetPolicy6(ctx *Context, name string, id IDInput, state *Policy6State, opts ...ResourceOption) (*Policy6, error)
public static Policy6 Get(string name, Input<string> id, Policy6State? state, CustomResourceOptions? opts = null)
public static Policy6 get(String name, Output<String> id, Policy6State state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - App
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Category> - Application category ID list. The structure of
app_category
block is documented below. - App
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Group> - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Application> - Application ID list. The structure of
application
block is documented below. - Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - Av
Profile string - Name of an existing Antivirus profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log List<Pulumiverse.Fields Fortios. Firewall. Inputs. Policy6Custom Log Field> - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Devices
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Device> - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Dstaddr> - Destination address and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - Fsso
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Fsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - Per
Ip stringShaper - Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Poolname> - IP Pool names. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Service> - Service and service group names. The structure of
service
block is documented below. - Session
Ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Srcaddr> - Source address and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - Ssl
Mirror List<Pulumiverse.Intfs Fortios. Firewall. Inputs. Policy6Ssl Mirror Intf> - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Tcp
Mss intReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss intSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Url Category> - URL category ID list. The structure of
url_category
block is documented below. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Policy6User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Cos intFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos intRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - App
Categories []Policy6AppCategory Args - Application category ID list. The structure of
app_category
block is documented below. - App
Groups []Policy6AppGroup Args - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
[]Policy6Application
Args - Application ID list. The structure of
application
block is documented below. - Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - Av
Profile string - Name of an existing Antivirus profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log []Policy6CustomFields Log Field Args - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Devices
[]Policy6Device
Args - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
[]Policy6Dstaddr
Args - Destination address and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
[]Policy6Dstintf
Args - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - Fsso
Groups []Policy6FssoGroup Args - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups
[]Policy6Group
Args - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - Per
Ip stringShaper - Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
[]Policy6Poolname
Args - IP Pool names. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
[]Policy6Service
Args - Service and service group names. The structure of
service
block is documented below. - Session
Ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
[]Policy6Srcaddr
Args - Source address and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
[]Policy6Srcintf
Args - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - Ssl
Mirror []Policy6SslIntfs Mirror Intf Args - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Tcp
Mss intReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss intSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Categories []Policy6UrlCategory Args - URL category ID list. The structure of
url_category
block is documented below. - Users
[]Policy6User
Args - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Cos intFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos intRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- action String
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay String - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories List<Policy6AppCategory> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Policy6AppGroup> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Policy6Application>
- Application ID list. The structure of
application
block is documented below. - auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile String - Name of an existing Antivirus profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log List<Policy6CustomFields Log Field> - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- devices List<Policy6Device>
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs List<Policy6Dstaddr>
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Policy6Dstintf>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups List<Policy6FssoGroup> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups List<Policy6Group>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip StringShaper - Per-IP traffic shaper.
- policyid Integer
- Policy ID.
- poolnames List<Policy6Poolname>
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Policy6Service>
- Service and service group names. The structure of
service
block is documented below. - session
Ttl Integer - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs List<Policy6Srcaddr>
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Policy6Srcintf>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror List<Policy6SslIntfs Mirror Intf> - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss IntegerReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss IntegerSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Categories List<Policy6UrlCategory> - URL category ID list. The structure of
url_category
block is documented below. - users List<Policy6User>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos IntegerFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos IntegerRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- action string
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay string - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories Policy6AppCategory[] - Application category ID list. The structure of
app_category
block is documented below. - app
Groups Policy6AppGroup[] - Application group names. The structure of
app_group
block is documented below. - application
List string - Name of an existing Application list.
- applications Policy6Application[]
- Application ID list. The structure of
application
block is documented below. - auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile string - Name of an existing Antivirus profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- custom
Log Policy6CustomFields Log Field[] - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic stringMirror - Decrypted traffic mirror.
- devices Policy6Device[]
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs Policy6Dstaddr[]
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs Policy6Dstintf[]
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups Policy6FssoGroup[] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups Policy6Group[]
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile string - Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip stringShaper - Per-IP traffic shaper.
- policyid number
- Policy ID.
- poolnames Policy6Poolname[]
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - schedule string
- Schedule name.
- send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services Policy6Service[]
- Service and service group names. The structure of
service
block is documented below. - session
Ttl number - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs Policy6Srcaddr[]
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs Policy6Srcintf[]
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror Policy6SslIntfs Mirror Intf[] - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos string
- ToS (Type of Service) value used for comparison.
- tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate string - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper string - Reverse traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Categories Policy6UrlCategory[] - URL category ID list. The structure of
url_category
block is documented below. - users Policy6User[]
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status string - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos numberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos numberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter string - Set VLAN filters.
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- action str
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti_
replay str - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app_
categories Sequence[Policy6AppCategory Args] - Application category ID list. The structure of
app_category
block is documented below. - app_
groups Sequence[Policy6AppGroup Args] - Application group names. The structure of
app_group
block is documented below. - application_
list str - Name of an existing Application list.
- applications
Sequence[Policy6Application
Args] - Application ID list. The structure of
application
block is documented below. - auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av_
profile str - Name of an existing Antivirus profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- custom_
log_ Sequence[Policy6Customfields Log Field Args] - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- devices
Sequence[Policy6Device
Args] - Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
Sequence[Policy6Dstaddr
Args] - Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Sequence[Policy6Dstintf
Args] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- firewall_
session_ strdirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso_
groups Sequence[Policy6FssoGroup Args] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups
Sequence[Policy6Group
Args] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap_
profile str - Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Record logs when a session starts. Valid values:
enable
,disable
. - name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per_
ip_ strshaper - Per-IP traffic shaper.
- policyid int
- Policy ID.
- poolnames
Sequence[Policy6Poolname
Args] - IP Pool names. The structure of
poolname
block is documented below. - profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg_
override_ strgroup - Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - schedule str
- Schedule name.
- send_
deny_ strpacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Sequence[Policy6Service
Args] - Service and service group names. The structure of
service
block is documented below. - session_
ttl int - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
Sequence[Policy6Srcaddr
Args] - Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Policy6Srcintf
Args] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl_
mirror str - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl_
mirror_ Sequence[Policy6Sslintfs Mirror Intf Args] - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp_
mss_ intreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ intsender - Sender TCP maximum segment size (MSS).
- tcp_
session_ strwithout_ syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout_
send_ strrst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos str
- ToS (Type of Service) value used for comparison.
- tos_
mask str - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_
negate str - Enable negated TOS match. Valid values:
enable
,disable
. - traffic_
shaper str - Reverse traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
categories Sequence[Policy6UrlCategory Args] - URL category ID list. The structure of
url_category
block is documented below. - users
Sequence[Policy6User
Args] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm_
status str - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_
cos_ intfwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
cos_ intrev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
filter str - Set VLAN filters.
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- action String
- Policy action (allow/deny/ipsec). Valid values:
accept
,deny
,ipsec
. - anti
Replay String - Enable/disable anti-replay check. Valid values:
enable
,disable
. - app
Categories List<Property Map> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Property Map> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of
application
block is documented below. - auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
enable
,disable
. - av
Profile String - Name of an existing Antivirus profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log List<Property Map>Fields - Log field index numbers to append custom log fields to log messages for this policy. The structure of
custom_log_fields
block is documented below. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- devices List<Property Map>
- Names of devices or device groups that can be matched by the policy. The structure of
devices
block is documented below. - diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
enable
,disable
. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
enable
,disable
. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
enable
,disable
. - dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs List<Property Map>
- Destination address and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all
,check-new
. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
enable
,disable
. - fsso
Groups List<Property Map> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
enable
,disable
. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy
,flow
. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
enable
,disable
. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
enable
,disable
. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
enable
,disable
. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
enable
,disable
. - per
Ip StringShaper - Per-IP traffic shaper.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- IP Pool names. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
enable
,disable
. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
enable
,disable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Property Map>
- Service and service group names. The structure of
service
block is documented below. - session
Ttl Number - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs List<Property Map>
- Source address and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
enable
,disable
. - ssl
Mirror List<Property Map>Intfs - SSL mirror interface name. The structure of
ssl_mirror_intf
block is documented below. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all
,data-only
,disable
. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
enable
,disable
. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
enable
,disable
. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Categories List<Property Map> - URL category ID list. The structure of
url_category
block is documented below. - users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Cos NumberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos NumberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Supporting Types
Policy6AppCategory, Policy6AppCategoryArgs
- Id int
- Category IDs.
- Id int
- Category IDs.
- id Integer
- Category IDs.
- id number
- Category IDs.
- id int
- Category IDs.
- id Number
- Category IDs.
Policy6AppGroup, Policy6AppGroupArgs
- Name string
- Application group names.
- Name string
- Application group names.
- name String
- Application group names.
- name string
- Application group names.
- name str
- Application group names.
- name String
- Application group names.
Policy6Application, Policy6ApplicationArgs
- Id int
- Application IDs.
- Id int
- Application IDs.
- id Integer
- Application IDs.
- id number
- Application IDs.
- id int
- Application IDs.
- id Number
- Application IDs.
Policy6CustomLogField, Policy6CustomLogFieldArgs
- Field
Id string - Custom log field.
- Field
Id string - Custom log field.
- field
Id String - Custom log field.
- field
Id string - Custom log field.
- field_
id str - Custom log field.
- field
Id String - Custom log field.
Policy6Device, Policy6DeviceArgs
- Name string
- Device or group name.
- Name string
- Device or group name.
- name String
- Device or group name.
- name string
- Device or group name.
- name str
- Device or group name.
- name String
- Device or group name.
Policy6Dstaddr, Policy6DstaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Dstintf, Policy6DstintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6FssoGroup, Policy6FssoGroupArgs
- Name string
- Names of FSSO groups.
- Name string
- Names of FSSO groups.
- name String
- Names of FSSO groups.
- name string
- Names of FSSO groups.
- name str
- Names of FSSO groups.
- name String
- Names of FSSO groups.
Policy6Group, Policy6GroupArgs
- Name string
- Group name.
- Name string
- Group name.
- name String
- Group name.
- name string
- Group name.
- name str
- Group name.
- name String
- Group name.
Policy6Poolname, Policy6PoolnameArgs
- Name string
- IP pool name.
- Name string
- IP pool name.
- name String
- IP pool name.
- name string
- IP pool name.
- name str
- IP pool name.
- name String
- IP pool name.
Policy6Service, Policy6ServiceArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Srcaddr, Policy6SrcaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Srcintf, Policy6SrcintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6SslMirrorIntf, Policy6SslMirrorIntfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6UrlCategory, Policy6UrlCategoryArgs
- Id int
- URL category ID.
- Id int
- URL category ID.
- id Integer
- URL category ID.
- id number
- URL category ID.
- id int
- URL category ID.
- id Number
- URL category ID.
Policy6User, Policy6UserArgs
- Name string
- Names of individual users that can authenticate with this policy.
- Name string
- Names of individual users that can authenticate with this policy.
- name String
- Names of individual users that can authenticate with this policy.
- name string
- Names of individual users that can authenticate with this policy.
- name str
- Names of individual users that can authenticate with this policy.
- name String
- Names of individual users that can authenticate with this policy.
Import
Firewall Policy6 can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.