Docs Home
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
fortimanager.PackagesFirewallConsolidatedPolicy
Explore with Pulumi AI
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
Configure consolidated IPv4/IPv6 policies.
Create PackagesFirewallConsolidatedPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PackagesFirewallConsolidatedPolicy(name: string, args: PackagesFirewallConsolidatedPolicyArgs, opts?: CustomResourceOptions);@overload
def PackagesFirewallConsolidatedPolicy(resource_name: str,
args: PackagesFirewallConsolidatedPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PackagesFirewallConsolidatedPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
pkg: Optional[str] = None,
_policy_block: Optional[float] = None,
action: Optional[str] = None,
adom: Optional[str] = None,
app_category: Optional[str] = None,
app_group: Optional[str] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[float]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
captive_portal_exempt: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dstaddr4: Optional[str] = None,
dstaddr6: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dstintf: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
fixedport: Optional[str] = None,
fsso_groups: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[str] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service_custom: Optional[str] = None,
internet_service_custom_group: Optional[str] = None,
internet_service_group: Optional[str] = None,
internet_service_id: Optional[str] = None,
internet_service_negate: Optional[str] = None,
internet_service_src: Optional[str] = None,
internet_service_src_custom: Optional[str] = None,
internet_service_src_custom_group: Optional[str] = None,
internet_service_src_group: Optional[str] = None,
internet_service_src_id: Optional[str] = None,
internet_service_src_negate: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
outbound: Optional[str] = None,
packages_firewall_consolidated_policy_id: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policyid: Optional[float] = None,
poolname4: Optional[str] = None,
poolname6: Optional[str] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
service: Optional[str] = None,
service_negate: Optional[str] = None,
session_ttl: Optional[float] = None,
srcaddr4: Optional[str] = None,
srcaddr6: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
tcp_mss_receiver: Optional[float] = None,
tcp_mss_sender: Optional[float] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_category: Optional[str] = None,
users: Optional[str] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
wanopt: Optional[str] = None,
wanopt_detection: Optional[str] = None,
wanopt_passive_opt: Optional[str] = None,
wanopt_peer: Optional[str] = None,
wanopt_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None)func NewPackagesFirewallConsolidatedPolicy(ctx *Context, name string, args PackagesFirewallConsolidatedPolicyArgs, opts ...ResourceOption) (*PackagesFirewallConsolidatedPolicy, error)public PackagesFirewallConsolidatedPolicy(string name, PackagesFirewallConsolidatedPolicyArgs args, CustomResourceOptions? opts = null)public PackagesFirewallConsolidatedPolicy(String name, PackagesFirewallConsolidatedPolicyArgs args)
public PackagesFirewallConsolidatedPolicy(String name, PackagesFirewallConsolidatedPolicyArgs args, CustomResourceOptions options)
type: fortimanager:PackagesFirewallConsolidatedPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesFirewallConsolidatedPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PackagesFirewallConsolidatedPolicyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesFirewallConsolidatedPolicyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesFirewallConsolidatedPolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PackagesFirewallConsolidatedPolicyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var packagesFirewallConsolidatedPolicyResource = new Fortimanager.PackagesFirewallConsolidatedPolicy("packagesFirewallConsolidatedPolicyResource", new()
{
Pkg = "string",
_policyBlock = 0,
Action = "string",
Adom = "string",
AppCategory = "string",
AppGroup = "string",
ApplicationList = "string",
Applications = new[]
{
0,
},
AutoAsicOffload = "string",
AvProfile = "string",
CaptivePortalExempt = "string",
CifsProfile = "string",
Comments = "string",
DiffservForward = "string",
DiffservReverse = "string",
DiffservcodeForward = "string",
DiffservcodeRev = "string",
DlpSensor = "string",
DnsfilterProfile = "string",
Dstaddr4 = "string",
Dstaddr6 = "string",
DstaddrNegate = "string",
Dstintf = "string",
EmailfilterProfile = "string",
Fixedport = "string",
FssoGroups = "string",
GlobalLabel = "string",
Groups = "string",
HttpPolicyRedirect = "string",
IcapProfile = "string",
Inbound = "string",
InspectionMode = "string",
InternetService = "string",
InternetServiceCustom = "string",
InternetServiceCustomGroup = "string",
InternetServiceGroup = "string",
InternetServiceId = "string",
InternetServiceNegate = "string",
InternetServiceSrc = "string",
InternetServiceSrcCustom = "string",
InternetServiceSrcCustomGroup = "string",
InternetServiceSrcGroup = "string",
InternetServiceSrcId = "string",
InternetServiceSrcNegate = "string",
Ippool = "string",
IpsSensor = "string",
Logtraffic = "string",
LogtrafficStart = "string",
MmsProfile = "string",
Name = "string",
Nat = "string",
Outbound = "string",
PackagesFirewallConsolidatedPolicyId = "string",
PerIpShaper = "string",
PkgFolderPath = "string",
Policyid = 0,
Poolname4 = "string",
Poolname6 = "string",
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
Schedule = "string",
Scopetype = "string",
Service = "string",
ServiceNegate = "string",
SessionTtl = 0,
Srcaddr4 = "string",
Srcaddr6 = "string",
SrcaddrNegate = "string",
Srcintf = "string",
SshFilterProfile = "string",
SshPolicyRedirect = "string",
SslSshProfile = "string",
Status = "string",
TcpMssReceiver = 0,
TcpMssSender = 0,
TrafficShaper = "string",
TrafficShaperReverse = "string",
UrlCategory = "string",
Users = "string",
UtmStatus = "string",
Uuid = "string",
VoipProfile = "string",
Vpntunnel = "string",
WafProfile = "string",
Wanopt = "string",
WanoptDetection = "string",
WanoptPassiveOpt = "string",
WanoptPeer = "string",
WanoptProfile = "string",
Webcache = "string",
WebcacheHttps = "string",
WebfilterProfile = "string",
WebproxyForwardServer = "string",
WebproxyProfile = "string",
});
example, err := fortimanager.NewPackagesFirewallConsolidatedPolicy(ctx, "packagesFirewallConsolidatedPolicyResource", &fortimanager.PackagesFirewallConsolidatedPolicyArgs{
Pkg: pulumi.String("string"),
_policyBlock: pulumi.Float64(0),
Action: pulumi.String("string"),
Adom: pulumi.String("string"),
AppCategory: pulumi.String("string"),
AppGroup: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
Applications: pulumi.Float64Array{
pulumi.Float64(0),
},
AutoAsicOffload: pulumi.String("string"),
AvProfile: pulumi.String("string"),
CaptivePortalExempt: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
DiffservForward: pulumi.String("string"),
DiffservReverse: pulumi.String("string"),
DiffservcodeForward: pulumi.String("string"),
DiffservcodeRev: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
DnsfilterProfile: pulumi.String("string"),
Dstaddr4: pulumi.String("string"),
Dstaddr6: pulumi.String("string"),
DstaddrNegate: pulumi.String("string"),
Dstintf: pulumi.String("string"),
EmailfilterProfile: pulumi.String("string"),
Fixedport: pulumi.String("string"),
FssoGroups: pulumi.String("string"),
GlobalLabel: pulumi.String("string"),
Groups: pulumi.String("string"),
HttpPolicyRedirect: pulumi.String("string"),
IcapProfile: pulumi.String("string"),
Inbound: pulumi.String("string"),
InspectionMode: pulumi.String("string"),
InternetService: pulumi.String("string"),
InternetServiceCustom: pulumi.String("string"),
InternetServiceCustomGroup: pulumi.String("string"),
InternetServiceGroup: pulumi.String("string"),
InternetServiceId: pulumi.String("string"),
InternetServiceNegate: pulumi.String("string"),
InternetServiceSrc: pulumi.String("string"),
InternetServiceSrcCustom: pulumi.String("string"),
InternetServiceSrcCustomGroup: pulumi.String("string"),
InternetServiceSrcGroup: pulumi.String("string"),
InternetServiceSrcId: pulumi.String("string"),
InternetServiceSrcNegate: pulumi.String("string"),
Ippool: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
MmsProfile: pulumi.String("string"),
Name: pulumi.String("string"),
Nat: pulumi.String("string"),
Outbound: pulumi.String("string"),
PackagesFirewallConsolidatedPolicyId: pulumi.String("string"),
PerIpShaper: pulumi.String("string"),
PkgFolderPath: pulumi.String("string"),
Policyid: pulumi.Float64(0),
Poolname4: pulumi.String("string"),
Poolname6: pulumi.String("string"),
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
Schedule: pulumi.String("string"),
Scopetype: pulumi.String("string"),
Service: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
SessionTtl: pulumi.Float64(0),
Srcaddr4: pulumi.String("string"),
Srcaddr6: pulumi.String("string"),
SrcaddrNegate: pulumi.String("string"),
Srcintf: pulumi.String("string"),
SshFilterProfile: pulumi.String("string"),
SshPolicyRedirect: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
TcpMssReceiver: pulumi.Float64(0),
TcpMssSender: pulumi.Float64(0),
TrafficShaper: pulumi.String("string"),
TrafficShaperReverse: pulumi.String("string"),
UrlCategory: pulumi.String("string"),
Users: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Uuid: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
Vpntunnel: pulumi.String("string"),
WafProfile: pulumi.String("string"),
Wanopt: pulumi.String("string"),
WanoptDetection: pulumi.String("string"),
WanoptPassiveOpt: pulumi.String("string"),
WanoptPeer: pulumi.String("string"),
WanoptProfile: pulumi.String("string"),
Webcache: pulumi.String("string"),
WebcacheHttps: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
WebproxyForwardServer: pulumi.String("string"),
WebproxyProfile: pulumi.String("string"),
})
var packagesFirewallConsolidatedPolicyResource = new PackagesFirewallConsolidatedPolicy("packagesFirewallConsolidatedPolicyResource", PackagesFirewallConsolidatedPolicyArgs.builder()
.pkg("string")
._policyBlock(0)
.action("string")
.adom("string")
.appCategory("string")
.appGroup("string")
.applicationList("string")
.applications(0)
.autoAsicOffload("string")
.avProfile("string")
.captivePortalExempt("string")
.cifsProfile("string")
.comments("string")
.diffservForward("string")
.diffservReverse("string")
.diffservcodeForward("string")
.diffservcodeRev("string")
.dlpSensor("string")
.dnsfilterProfile("string")
.dstaddr4("string")
.dstaddr6("string")
.dstaddrNegate("string")
.dstintf("string")
.emailfilterProfile("string")
.fixedport("string")
.fssoGroups("string")
.globalLabel("string")
.groups("string")
.httpPolicyRedirect("string")
.icapProfile("string")
.inbound("string")
.inspectionMode("string")
.internetService("string")
.internetServiceCustom("string")
.internetServiceCustomGroup("string")
.internetServiceGroup("string")
.internetServiceId("string")
.internetServiceNegate("string")
.internetServiceSrc("string")
.internetServiceSrcCustom("string")
.internetServiceSrcCustomGroup("string")
.internetServiceSrcGroup("string")
.internetServiceSrcId("string")
.internetServiceSrcNegate("string")
.ippool("string")
.ipsSensor("string")
.logtraffic("string")
.logtrafficStart("string")
.mmsProfile("string")
.name("string")
.nat("string")
.outbound("string")
.packagesFirewallConsolidatedPolicyId("string")
.perIpShaper("string")
.pkgFolderPath("string")
.policyid(0)
.poolname4("string")
.poolname6("string")
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.schedule("string")
.scopetype("string")
.service("string")
.serviceNegate("string")
.sessionTtl(0)
.srcaddr4("string")
.srcaddr6("string")
.srcaddrNegate("string")
.srcintf("string")
.sshFilterProfile("string")
.sshPolicyRedirect("string")
.sslSshProfile("string")
.status("string")
.tcpMssReceiver(0)
.tcpMssSender(0)
.trafficShaper("string")
.trafficShaperReverse("string")
.urlCategory("string")
.users("string")
.utmStatus("string")
.uuid("string")
.voipProfile("string")
.vpntunnel("string")
.wafProfile("string")
.wanopt("string")
.wanoptDetection("string")
.wanoptPassiveOpt("string")
.wanoptPeer("string")
.wanoptProfile("string")
.webcache("string")
.webcacheHttps("string")
.webfilterProfile("string")
.webproxyForwardServer("string")
.webproxyProfile("string")
.build());
packages_firewall_consolidated_policy_resource = fortimanager.PackagesFirewallConsolidatedPolicy("packagesFirewallConsolidatedPolicyResource",
pkg="string",
_policy_block=0,
action="string",
adom="string",
app_category="string",
app_group="string",
application_list="string",
applications=[0],
auto_asic_offload="string",
av_profile="string",
captive_portal_exempt="string",
cifs_profile="string",
comments="string",
diffserv_forward="string",
diffserv_reverse="string",
diffservcode_forward="string",
diffservcode_rev="string",
dlp_sensor="string",
dnsfilter_profile="string",
dstaddr4="string",
dstaddr6="string",
dstaddr_negate="string",
dstintf="string",
emailfilter_profile="string",
fixedport="string",
fsso_groups="string",
global_label="string",
groups="string",
http_policy_redirect="string",
icap_profile="string",
inbound="string",
inspection_mode="string",
internet_service="string",
internet_service_custom="string",
internet_service_custom_group="string",
internet_service_group="string",
internet_service_id="string",
internet_service_negate="string",
internet_service_src="string",
internet_service_src_custom="string",
internet_service_src_custom_group="string",
internet_service_src_group="string",
internet_service_src_id="string",
internet_service_src_negate="string",
ippool="string",
ips_sensor="string",
logtraffic="string",
logtraffic_start="string",
mms_profile="string",
name="string",
nat="string",
outbound="string",
packages_firewall_consolidated_policy_id="string",
per_ip_shaper="string",
pkg_folder_path="string",
policyid=0,
poolname4="string",
poolname6="string",
profile_group="string",
profile_protocol_options="string",
profile_type="string",
schedule="string",
scopetype="string",
service="string",
service_negate="string",
session_ttl=0,
srcaddr4="string",
srcaddr6="string",
srcaddr_negate="string",
srcintf="string",
ssh_filter_profile="string",
ssh_policy_redirect="string",
ssl_ssh_profile="string",
status="string",
tcp_mss_receiver=0,
tcp_mss_sender=0,
traffic_shaper="string",
traffic_shaper_reverse="string",
url_category="string",
users="string",
utm_status="string",
uuid="string",
voip_profile="string",
vpntunnel="string",
waf_profile="string",
wanopt="string",
wanopt_detection="string",
wanopt_passive_opt="string",
wanopt_peer="string",
wanopt_profile="string",
webcache="string",
webcache_https="string",
webfilter_profile="string",
webproxy_forward_server="string",
webproxy_profile="string")
const packagesFirewallConsolidatedPolicyResource = new fortimanager.PackagesFirewallConsolidatedPolicy("packagesFirewallConsolidatedPolicyResource", {
pkg: "string",
_policyBlock: 0,
action: "string",
adom: "string",
appCategory: "string",
appGroup: "string",
applicationList: "string",
applications: [0],
autoAsicOffload: "string",
avProfile: "string",
captivePortalExempt: "string",
cifsProfile: "string",
comments: "string",
diffservForward: "string",
diffservReverse: "string",
diffservcodeForward: "string",
diffservcodeRev: "string",
dlpSensor: "string",
dnsfilterProfile: "string",
dstaddr4: "string",
dstaddr6: "string",
dstaddrNegate: "string",
dstintf: "string",
emailfilterProfile: "string",
fixedport: "string",
fssoGroups: "string",
globalLabel: "string",
groups: "string",
httpPolicyRedirect: "string",
icapProfile: "string",
inbound: "string",
inspectionMode: "string",
internetService: "string",
internetServiceCustom: "string",
internetServiceCustomGroup: "string",
internetServiceGroup: "string",
internetServiceId: "string",
internetServiceNegate: "string",
internetServiceSrc: "string",
internetServiceSrcCustom: "string",
internetServiceSrcCustomGroup: "string",
internetServiceSrcGroup: "string",
internetServiceSrcId: "string",
internetServiceSrcNegate: "string",
ippool: "string",
ipsSensor: "string",
logtraffic: "string",
logtrafficStart: "string",
mmsProfile: "string",
name: "string",
nat: "string",
outbound: "string",
packagesFirewallConsolidatedPolicyId: "string",
perIpShaper: "string",
pkgFolderPath: "string",
policyid: 0,
poolname4: "string",
poolname6: "string",
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
schedule: "string",
scopetype: "string",
service: "string",
serviceNegate: "string",
sessionTtl: 0,
srcaddr4: "string",
srcaddr6: "string",
srcaddrNegate: "string",
srcintf: "string",
sshFilterProfile: "string",
sshPolicyRedirect: "string",
sslSshProfile: "string",
status: "string",
tcpMssReceiver: 0,
tcpMssSender: 0,
trafficShaper: "string",
trafficShaperReverse: "string",
urlCategory: "string",
users: "string",
utmStatus: "string",
uuid: "string",
voipProfile: "string",
vpntunnel: "string",
wafProfile: "string",
wanopt: "string",
wanoptDetection: "string",
wanoptPassiveOpt: "string",
wanoptPeer: "string",
wanoptProfile: "string",
webcache: "string",
webcacheHttps: "string",
webfilterProfile: "string",
webproxyForwardServer: "string",
webproxyProfile: "string",
});
type: fortimanager:PackagesFirewallConsolidatedPolicy
properties:
_policyBlock: 0
action: string
adom: string
appCategory: string
appGroup: string
applicationList: string
applications:
- 0
autoAsicOffload: string
avProfile: string
captivePortalExempt: string
cifsProfile: string
comments: string
diffservForward: string
diffservReverse: string
diffservcodeForward: string
diffservcodeRev: string
dlpSensor: string
dnsfilterProfile: string
dstaddr4: string
dstaddr6: string
dstaddrNegate: string
dstintf: string
emailfilterProfile: string
fixedport: string
fssoGroups: string
globalLabel: string
groups: string
httpPolicyRedirect: string
icapProfile: string
inbound: string
inspectionMode: string
internetService: string
internetServiceCustom: string
internetServiceCustomGroup: string
internetServiceGroup: string
internetServiceId: string
internetServiceNegate: string
internetServiceSrc: string
internetServiceSrcCustom: string
internetServiceSrcCustomGroup: string
internetServiceSrcGroup: string
internetServiceSrcId: string
internetServiceSrcNegate: string
ippool: string
ipsSensor: string
logtraffic: string
logtrafficStart: string
mmsProfile: string
name: string
nat: string
outbound: string
packagesFirewallConsolidatedPolicyId: string
perIpShaper: string
pkg: string
pkgFolderPath: string
policyid: 0
poolname4: string
poolname6: string
profileGroup: string
profileProtocolOptions: string
profileType: string
schedule: string
scopetype: string
service: string
serviceNegate: string
sessionTtl: 0
srcaddr4: string
srcaddr6: string
srcaddrNegate: string
srcintf: string
sshFilterProfile: string
sshPolicyRedirect: string
sslSshProfile: string
status: string
tcpMssReceiver: 0
tcpMssSender: 0
trafficShaper: string
trafficShaperReverse: string
urlCategory: string
users: string
utmStatus: string
uuid: string
voipProfile: string
vpntunnel: string
wafProfile: string
wanopt: string
wanoptDetection: string
wanoptPassiveOpt: string
wanoptPeer: string
wanoptProfile: string
webcache: string
webcacheHttps: string
webfilterProfile: string
webproxyForwardServer: string
webproxyProfile: string
PackagesFirewallConsolidatedPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PackagesFirewallConsolidatedPolicy resource accepts the following input properties:
- Pkg
This property is required. string - Package.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - App
Category string - App-Category.
- App
Group string - App-Group.
- Application
List string - Name of an existing Application list.
- Applications List<double>
- Application.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4 string
- Destination IPv4 address name and address group names.
- Dstaddr6 string
- Destination IPv6 address name and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Emailfilter
Profile string - Name of an existing email filter profile.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - Internet
Service stringSrc Custom - Custom Internet Service source name.
- Internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- Internet
Service stringSrc Group - Internet Service source group name.
- Internet
Service stringSrc Id - Internet Service source ID.
- Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid double
- Policy ID (0 - 4294967294).
- Poolname4 string
- IPv4 pool names.
- Poolname6 string
- IPv6 pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Schedule string
- Schedule name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Srcaddr4 string
- Source IPv4 address name and address group names.
- Srcaddr6 string
- Source IPv6 address name and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
disable,enable. - Tcp
Mss doubleReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss doubleSender - Sender TCP maximum segment size (MSS).
- Traffic
Shaper string - Traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - Url-Category.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - Wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - Wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - Wanopt
Peer string - WAN optimization peer.
- Wanopt
Profile string - WAN optimization profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Webproxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Pkg
This property is required. string - Package.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - App
Category string - App-Category.
- App
Group string - App-Group.
- Application
List string - Name of an existing Application list.
- Applications []float64
- Application.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4 string
- Destination IPv4 address name and address group names.
- Dstaddr6 string
- Destination IPv6 address name and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Emailfilter
Profile string - Name of an existing email filter profile.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - Internet
Service stringSrc Custom - Custom Internet Service source name.
- Internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- Internet
Service stringSrc Group - Internet Service source group name.
- Internet
Service stringSrc Id - Internet Service source ID.
- Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid float64
- Policy ID (0 - 4294967294).
- Poolname4 string
- IPv4 pool names.
- Poolname6 string
- IPv6 pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Schedule string
- Schedule name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl float64 - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Srcaddr4 string
- Source IPv4 address name and address group names.
- Srcaddr6 string
- Source IPv6 address name and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
disable,enable. - Tcp
Mss float64Receiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss float64Sender - Sender TCP maximum segment size (MSS).
- Traffic
Shaper string - Traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - Url-Category.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - Wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - Wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - Wanopt
Peer string - WAN optimization peer.
- Wanopt
Profile string - WAN optimization profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Webproxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- pkg
This property is required. String - Package.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category String - App-Category.
- app
Group String - App-Group.
- application
List String - Name of an existing Application list.
- applications List<Double>
- Application.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- captive
Portal StringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4 String
- Destination IPv4 address name and address group names.
- dstaddr6 String
- Destination IPv6 address name and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- emailfilter
Profile String - Name of an existing email filter profile.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service StringSrc Custom - Custom Internet Service source name.
- internet
Service StringSrc Custom Group - Custom Internet Service source group name.
- internet
Service StringSrc Group - Internet Service source group name.
- internet
Service StringSrc Id - Internet Service source ID.
- internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall StringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Double
- Policy ID (0 - 4294967294).
- poolname4 String
- IPv4 pool names.
- poolname6 String
- IPv6 pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule String
- Schedule name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl Double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 String
- Source IPv4 address name and address group names.
- srcaddr6 String
- Source IPv6 address name and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss DoubleReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss DoubleSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper String - Traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - Url-Category.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- wanopt String
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection String - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive StringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer String - WAN optimization peer.
- wanopt
Profile String - WAN optimization profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Webproxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- pkg
This property is required. string - Package.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category string - App-Category.
- app
Group string - App-Group.
- application
List string - Name of an existing Application list.
- applications number[]
- Application.
- auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile string - Name of an existing Antivirus profile.
- captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dstaddr4 string
- Destination IPv4 address name and address group names.
- dstaddr6 string
- Destination IPv6 address name and address group names.
- dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf string
- Outgoing (egress) interface.
- emailfilter
Profile string - Name of an existing email filter profile.
- fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups string - Names of FSSO groups.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups string
- Names of user groups that can authenticate with this policy.
- http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service stringCustom - Custom Internet Service name.
- internet
Service stringCustom Group - Custom Internet Service group name.
- internet
Service stringGroup - Internet Service group name.
- internet
Service stringId - Internet Service ID.
- internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service stringSrc Custom - Custom Internet Service source name.
- internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- internet
Service stringSrc Group - Internet Service source group name.
- internet
Service stringSrc Id - Internet Service source ID.
- internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
disable,enable. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip stringShaper - Per-IP traffic shaper.
- pkg
Folder stringPath - Pkg Folder Path.
- policyid number
- Policy ID (0 - 4294967294).
- poolname4 string
- IPv4 pool names.
- poolname6 string
- IPv6 pool names.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule string
- Schedule name.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service string
- Service and service group names.
- service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 string
- Source IPv4 address name and address group names.
- srcaddr6 string
- Source IPv6 address name and address group names.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf string
- Incoming (ingress) interface.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper string - Traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Category string - Url-Category.
- users string
- Names of individual users that can authenticate with this policy.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer string - WAN optimization peer.
- wanopt
Profile string - WAN optimization profile.
- webcache string
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Webproxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- pkg
This property is required. str - Package.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action str
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app_
category str - App-Category.
- app_
group str - App-Group.
- application_
list str - Name of an existing Application list.
- applications Sequence[float]
- Application.
- auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av_
profile str - Name of an existing Antivirus profile.
- captive_
portal_ strexempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dstaddr4 str
- Destination IPv4 address name and address group names.
- dstaddr6 str
- Destination IPv6 address name and address group names.
- dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf str
- Outgoing (egress) interface.
- emailfilter_
profile str - Name of an existing email filter profile.
- fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso_
groups str - Names of FSSO groups.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups str
- Names of user groups that can authenticate with this policy.
- http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet_
service_ strcustom - Custom Internet Service name.
- internet_
service_ strcustom_ group - Custom Internet Service group name.
- internet_
service_ strgroup - Internet Service group name.
- internet_
service_ strid - Internet Service ID.
- internet_
service_ strnegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet_
service_ strsrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet_
service_ strsrc_ custom - Custom Internet Service source name.
- internet_
service_ strsrc_ custom_ group - Custom Internet Service source group name.
- internet_
service_ strsrc_ group - Internet Service source group name.
- internet_
service_ strsrc_ id - Internet Service source ID.
- internet_
service_ strsrc_ negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic_
start str - Record logs when a session starts. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
disable,enable. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages_
firewall_ strconsolidated_ policy_ id - an identifier for the resource with format {{policyid}}.
- per_
ip_ strshaper - Per-IP traffic shaper.
- pkg_
folder_ strpath - Pkg Folder Path.
- policyid float
- Policy ID (0 - 4294967294).
- poolname4 str
- IPv4 pool names.
- poolname6 str
- IPv6 pool names.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule str
- Schedule name.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service str
- Service and service group names.
- service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session_
ttl float - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 str
- Source IPv4 address name and address group names.
- srcaddr6 str
- Source IPv6 address name and address group names.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf str
- Incoming (ingress) interface.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
disable,enable. - tcp_
mss_ floatreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ floatsender - Sender TCP maximum segment size (MSS).
- traffic_
shaper str - Traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
category str - Url-Category.
- users str
- Names of individual users that can authenticate with this policy.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- wanopt str
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt_
detection str - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt_
passive_ stropt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt_
peer str - WAN optimization peer.
- wanopt_
profile str - WAN optimization profile.
- webcache str
- Enable/disable web cache. Valid values:
disable,enable. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Webproxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- pkg
This property is required. String - Package.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category String - App-Category.
- app
Group String - App-Group.
- application
List String - Name of an existing Application list.
- applications List<Number>
- Application.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- captive
Portal StringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4 String
- Destination IPv4 address name and address group names.
- dstaddr6 String
- Destination IPv6 address name and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- emailfilter
Profile String - Name of an existing email filter profile.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service StringSrc Custom - Custom Internet Service source name.
- internet
Service StringSrc Custom Group - Custom Internet Service source group name.
- internet
Service StringSrc Group - Internet Service source group name.
- internet
Service StringSrc Id - Internet Service source ID.
- internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall StringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Number
- Policy ID (0 - 4294967294).
- poolname4 String
- IPv4 pool names.
- poolname6 String
- IPv6 pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule String
- Schedule name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 String
- Source IPv4 address name and address group names.
- srcaddr6 String
- Source IPv6 address name and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper String - Traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - Url-Category.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- wanopt String
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection String - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive StringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer String - WAN optimization peer.
- wanopt
Profile String - WAN optimization profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Webproxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the PackagesFirewallConsolidatedPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PackagesFirewallConsolidatedPolicy Resource
Get an existing PackagesFirewallConsolidatedPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PackagesFirewallConsolidatedPolicyState, opts?: CustomResourceOptions): PackagesFirewallConsolidatedPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_policy_block: Optional[float] = None,
action: Optional[str] = None,
adom: Optional[str] = None,
app_category: Optional[str] = None,
app_group: Optional[str] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[float]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
captive_portal_exempt: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dstaddr4: Optional[str] = None,
dstaddr6: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dstintf: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
fixedport: Optional[str] = None,
fsso_groups: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[str] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service_custom: Optional[str] = None,
internet_service_custom_group: Optional[str] = None,
internet_service_group: Optional[str] = None,
internet_service_id: Optional[str] = None,
internet_service_negate: Optional[str] = None,
internet_service_src: Optional[str] = None,
internet_service_src_custom: Optional[str] = None,
internet_service_src_custom_group: Optional[str] = None,
internet_service_src_group: Optional[str] = None,
internet_service_src_id: Optional[str] = None,
internet_service_src_negate: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
outbound: Optional[str] = None,
packages_firewall_consolidated_policy_id: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
pkg: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policyid: Optional[float] = None,
poolname4: Optional[str] = None,
poolname6: Optional[str] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
service: Optional[str] = None,
service_negate: Optional[str] = None,
session_ttl: Optional[float] = None,
srcaddr4: Optional[str] = None,
srcaddr6: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
tcp_mss_receiver: Optional[float] = None,
tcp_mss_sender: Optional[float] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_category: Optional[str] = None,
users: Optional[str] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
wanopt: Optional[str] = None,
wanopt_detection: Optional[str] = None,
wanopt_passive_opt: Optional[str] = None,
wanopt_peer: Optional[str] = None,
wanopt_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None) -> PackagesFirewallConsolidatedPolicyfunc GetPackagesFirewallConsolidatedPolicy(ctx *Context, name string, id IDInput, state *PackagesFirewallConsolidatedPolicyState, opts ...ResourceOption) (*PackagesFirewallConsolidatedPolicy, error)public static PackagesFirewallConsolidatedPolicy Get(string name, Input<string> id, PackagesFirewallConsolidatedPolicyState? state, CustomResourceOptions? opts = null)public static PackagesFirewallConsolidatedPolicy get(String name, Output<String> id, PackagesFirewallConsolidatedPolicyState state, CustomResourceOptions options)resources: _: type: fortimanager:PackagesFirewallConsolidatedPolicy get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - App
Category string - App-Category.
- App
Group string - App-Group.
- Application
List string - Name of an existing Application list.
- Applications List<double>
- Application.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4 string
- Destination IPv4 address name and address group names.
- Dstaddr6 string
- Destination IPv6 address name and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Emailfilter
Profile string - Name of an existing email filter profile.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - Internet
Service stringSrc Custom - Custom Internet Service source name.
- Internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- Internet
Service stringSrc Group - Internet Service source group name.
- Internet
Service stringSrc Id - Internet Service source ID.
- Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid double
- Policy ID (0 - 4294967294).
- Poolname4 string
- IPv4 pool names.
- Poolname6 string
- IPv6 pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Schedule string
- Schedule name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Srcaddr4 string
- Source IPv4 address name and address group names.
- Srcaddr6 string
- Source IPv6 address name and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
disable,enable. - Tcp
Mss doubleReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss doubleSender - Sender TCP maximum segment size (MSS).
- Traffic
Shaper string - Traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - Url-Category.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - Wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - Wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - Wanopt
Peer string - WAN optimization peer.
- Wanopt
Profile string - WAN optimization profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Webproxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - App
Category string - App-Category.
- App
Group string - App-Group.
- Application
List string - Name of an existing Application list.
- Applications []float64
- Application.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4 string
- Destination IPv4 address name and address group names.
- Dstaddr6 string
- Destination IPv6 address name and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Emailfilter
Profile string - Name of an existing email filter profile.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - Internet
Service stringSrc Custom - Custom Internet Service source name.
- Internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- Internet
Service stringSrc Group - Internet Service source group name.
- Internet
Service stringSrc Id - Internet Service source ID.
- Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid float64
- Policy ID (0 - 4294967294).
- Poolname4 string
- IPv4 pool names.
- Poolname6 string
- IPv6 pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Schedule string
- Schedule name.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl float64 - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Srcaddr4 string
- Source IPv4 address name and address group names.
- Srcaddr6 string
- Source IPv6 address name and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
disable,enable. - Tcp
Mss float64Receiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss float64Sender - Sender TCP maximum segment size (MSS).
- Traffic
Shaper string - Traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - Url-Category.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - Wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - Wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - Wanopt
Peer string - WAN optimization peer.
- Wanopt
Profile string - WAN optimization profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Webproxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category String - App-Category.
- app
Group String - App-Group.
- application
List String - Name of an existing Application list.
- applications List<Double>
- Application.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- captive
Portal StringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4 String
- Destination IPv4 address name and address group names.
- dstaddr6 String
- Destination IPv6 address name and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- emailfilter
Profile String - Name of an existing email filter profile.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service StringSrc Custom - Custom Internet Service source name.
- internet
Service StringSrc Custom Group - Custom Internet Service source group name.
- internet
Service StringSrc Group - Internet Service source group name.
- internet
Service StringSrc Id - Internet Service source ID.
- internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall StringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Double
- Policy ID (0 - 4294967294).
- poolname4 String
- IPv4 pool names.
- poolname6 String
- IPv6 pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule String
- Schedule name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl Double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 String
- Source IPv4 address name and address group names.
- srcaddr6 String
- Source IPv6 address name and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss DoubleReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss DoubleSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper String - Traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - Url-Category.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- wanopt String
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection String - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive StringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer String - WAN optimization peer.
- wanopt
Profile String - WAN optimization profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Webproxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category string - App-Category.
- app
Group string - App-Group.
- application
List string - Name of an existing Application list.
- applications number[]
- Application.
- auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile string - Name of an existing Antivirus profile.
- captive
Portal stringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dstaddr4 string
- Destination IPv4 address name and address group names.
- dstaddr6 string
- Destination IPv6 address name and address group names.
- dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf string
- Outgoing (egress) interface.
- emailfilter
Profile string - Name of an existing email filter profile.
- fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups string - Names of FSSO groups.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups string
- Names of user groups that can authenticate with this policy.
- http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service stringCustom - Custom Internet Service name.
- internet
Service stringCustom Group - Custom Internet Service group name.
- internet
Service stringGroup - Internet Service group name.
- internet
Service stringId - Internet Service ID.
- internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service stringSrc Custom - Custom Internet Service source name.
- internet
Service stringSrc Custom Group - Custom Internet Service source group name.
- internet
Service stringSrc Group - Internet Service source group name.
- internet
Service stringSrc Id - Internet Service source ID.
- internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
disable,enable. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall stringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip stringShaper - Per-IP traffic shaper.
- pkg string
- Package.
- pkg
Folder stringPath - Pkg Folder Path.
- policyid number
- Policy ID (0 - 4294967294).
- poolname4 string
- IPv4 pool names.
- poolname6 string
- IPv6 pool names.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule string
- Schedule name.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service string
- Service and service group names.
- service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 string
- Source IPv4 address name and address group names.
- srcaddr6 string
- Source IPv6 address name and address group names.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf string
- Incoming (ingress) interface.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper string - Traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Category string - Url-Category.
- users string
- Names of individual users that can authenticate with this policy.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- wanopt string
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection string - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive stringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer string - WAN optimization peer.
- wanopt
Profile string - WAN optimization profile.
- webcache string
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Webproxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action str
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app_
category str - App-Category.
- app_
group str - App-Group.
- application_
list str - Name of an existing Application list.
- applications Sequence[float]
- Application.
- auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av_
profile str - Name of an existing Antivirus profile.
- captive_
portal_ strexempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dstaddr4 str
- Destination IPv4 address name and address group names.
- dstaddr6 str
- Destination IPv6 address name and address group names.
- dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf str
- Outgoing (egress) interface.
- emailfilter_
profile str - Name of an existing email filter profile.
- fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso_
groups str - Names of FSSO groups.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups str
- Names of user groups that can authenticate with this policy.
- http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet_
service_ strcustom - Custom Internet Service name.
- internet_
service_ strcustom_ group - Custom Internet Service group name.
- internet_
service_ strgroup - Internet Service group name.
- internet_
service_ strid - Internet Service ID.
- internet_
service_ strnegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet_
service_ strsrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet_
service_ strsrc_ custom - Custom Internet Service source name.
- internet_
service_ strsrc_ custom_ group - Custom Internet Service source group name.
- internet_
service_ strsrc_ group - Internet Service source group name.
- internet_
service_ strsrc_ id - Internet Service source ID.
- internet_
service_ strsrc_ negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic_
start str - Record logs when a session starts. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
disable,enable. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages_
firewall_ strconsolidated_ policy_ id - an identifier for the resource with format {{policyid}}.
- per_
ip_ strshaper - Per-IP traffic shaper.
- pkg str
- Package.
- pkg_
folder_ strpath - Pkg Folder Path.
- policyid float
- Policy ID (0 - 4294967294).
- poolname4 str
- IPv4 pool names.
- poolname6 str
- IPv6 pool names.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule str
- Schedule name.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service str
- Service and service group names.
- service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session_
ttl float - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 str
- Source IPv4 address name and address group names.
- srcaddr6 str
- Source IPv6 address name and address group names.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf str
- Incoming (ingress) interface.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
disable,enable. - tcp_
mss_ floatreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ floatsender - Sender TCP maximum segment size (MSS).
- traffic_
shaper str - Traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
category str - Url-Category.
- users str
- Names of individual users that can authenticate with this policy.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- wanopt str
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt_
detection str - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt_
passive_ stropt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt_
peer str - WAN optimization peer.
- wanopt_
profile str - WAN optimization profile.
- webcache str
- Enable/disable web cache. Valid values:
disable,enable. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Webproxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - app
Category String - App-Category.
- app
Group String - App-Group.
- application
List String - Name of an existing Application list.
- applications List<Number>
- Application.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- captive
Portal StringExempt - Enable exemption of some users from the captive portal. Valid values:
disable,enable. - cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4 String
- Destination IPv4 address name and address group names.
- dstaddr6 String
- Destination IPv6 address name and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- emailfilter
Profile String - Name of an existing email filter profile.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
disable,enable. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
disable,enable. - internet
Service StringSrc Custom - Custom Internet Service source name.
- internet
Service StringSrc Custom Group - Custom Internet Service source group name.
- internet
Service StringSrc Group - Internet Service source group name.
- internet
Service StringSrc Id - Internet Service source ID.
- internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
disable,enable. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Firewall StringConsolidated Policy Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Number
- Policy ID (0 - 4294967294).
- poolname4 String
- IPv4 pool names.
- poolname6 String
- IPv6 pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - schedule String
- Schedule name.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- srcaddr4 String
- Source IPv4 address name and address group names.
- srcaddr6 String
- Source IPv6 address name and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
disable,enable. - tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- traffic
Shaper String - Traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - Url-Category.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- wanopt String
- Enable/disable WAN optimization. Valid values:
disable,enable. - wanopt
Detection String - WAN optimization auto-detection mode. Valid values:
active,passive,off. - wanopt
Passive StringOpt - WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values:
default,transparent,non-transparent. - wanopt
Peer String - WAN optimization peer.
- wanopt
Profile String - WAN optimization profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Webproxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Import
Packages FirewallConsolidatedPolicy can be imported using any of these accepted formats:
Set import_options = [“pkg_folder_path=YOUR_VALUE”, “pkg=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/packagesFirewallConsolidatedPolicy:PackagesFirewallConsolidatedPolicy labelname {{policyid}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev