fortios.firewall.Proxypolicy
Explore with Pulumi AI
Configure proxy policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Proxypolicy("trname", {
action: "deny",
disclaimer: "disable",
dstaddrs: [{
name: "all",
}],
dstaddrNegate: "disable",
dstintfs: [{
name: "port4",
}],
httpTunnelAuth: "disable",
internetService: "disable",
internetServiceNegate: "disable",
logtraffic: "disable",
logtrafficStart: "disable",
policyid: 1,
profileProtocolOptions: "default",
profileType: "single",
proxy: "transparent-web",
scanBotnetConnections: "disable",
schedule: "always",
services: [{
name: "webproxy",
}],
serviceNegate: "disable",
srcaddrs: [{
name: "all",
}],
srcaddrNegate: "disable",
srcintfs: [{
name: "port3",
}],
status: "enable",
transparent: "disable",
utmStatus: "disable",
webcache: "disable",
webcacheHttps: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Proxypolicy("trname",
action="deny",
disclaimer="disable",
dstaddrs=[fortios.firewall.ProxypolicyDstaddrArgs(
name="all",
)],
dstaddr_negate="disable",
dstintfs=[fortios.firewall.ProxypolicyDstintfArgs(
name="port4",
)],
http_tunnel_auth="disable",
internet_service="disable",
internet_service_negate="disable",
logtraffic="disable",
logtraffic_start="disable",
policyid=1,
profile_protocol_options="default",
profile_type="single",
proxy="transparent-web",
scan_botnet_connections="disable",
schedule="always",
services=[fortios.firewall.ProxypolicyServiceArgs(
name="webproxy",
)],
service_negate="disable",
srcaddrs=[fortios.firewall.ProxypolicySrcaddrArgs(
name="all",
)],
srcaddr_negate="disable",
srcintfs=[fortios.firewall.ProxypolicySrcintfArgs(
name="port3",
)],
status="enable",
transparent="disable",
utm_status="disable",
webcache="disable",
webcache_https="disable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewProxypolicy(ctx, "trname", &firewall.ProxypolicyArgs{
Action: pulumi.String("deny"),
Disclaimer: pulumi.String("disable"),
Dstaddrs: firewall.ProxypolicyDstaddrArray{
&firewall.ProxypolicyDstaddrArgs{
Name: pulumi.String("all"),
},
},
DstaddrNegate: pulumi.String("disable"),
Dstintfs: firewall.ProxypolicyDstintfArray{
&firewall.ProxypolicyDstintfArgs{
Name: pulumi.String("port4"),
},
},
HttpTunnelAuth: pulumi.String("disable"),
InternetService: pulumi.String("disable"),
InternetServiceNegate: pulumi.String("disable"),
Logtraffic: pulumi.String("disable"),
LogtrafficStart: pulumi.String("disable"),
Policyid: pulumi.Int(1),
ProfileProtocolOptions: pulumi.String("default"),
ProfileType: pulumi.String("single"),
Proxy: pulumi.String("transparent-web"),
ScanBotnetConnections: pulumi.String("disable"),
Schedule: pulumi.String("always"),
Services: firewall.ProxypolicyServiceArray{
&firewall.ProxypolicyServiceArgs{
Name: pulumi.String("webproxy"),
},
},
ServiceNegate: pulumi.String("disable"),
Srcaddrs: firewall.ProxypolicySrcaddrArray{
&firewall.ProxypolicySrcaddrArgs{
Name: pulumi.String("all"),
},
},
SrcaddrNegate: pulumi.String("disable"),
Srcintfs: firewall.ProxypolicySrcintfArray{
&firewall.ProxypolicySrcintfArgs{
Name: pulumi.String("port3"),
},
},
Status: pulumi.String("enable"),
Transparent: pulumi.String("disable"),
UtmStatus: pulumi.String("disable"),
Webcache: pulumi.String("disable"),
WebcacheHttps: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Firewall.Proxypolicy("trname", new()
{
Action = "deny",
Disclaimer = "disable",
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyDstaddrArgs
{
Name = "all",
},
},
DstaddrNegate = "disable",
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyDstintfArgs
{
Name = "port4",
},
},
HttpTunnelAuth = "disable",
InternetService = "disable",
InternetServiceNegate = "disable",
Logtraffic = "disable",
LogtrafficStart = "disable",
Policyid = 1,
ProfileProtocolOptions = "default",
ProfileType = "single",
Proxy = "transparent-web",
ScanBotnetConnections = "disable",
Schedule = "always",
Services = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyServiceArgs
{
Name = "webproxy",
},
},
ServiceNegate = "disable",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicySrcaddrArgs
{
Name = "all",
},
},
SrcaddrNegate = "disable",
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicySrcintfArgs
{
Name = "port3",
},
},
Status = "enable",
Transparent = "disable",
UtmStatus = "disable",
Webcache = "disable",
WebcacheHttps = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Proxypolicy;
import com.pulumi.fortios.firewall.ProxypolicyArgs;
import com.pulumi.fortios.firewall.inputs.ProxypolicyDstaddrArgs;
import com.pulumi.fortios.firewall.inputs.ProxypolicyDstintfArgs;
import com.pulumi.fortios.firewall.inputs.ProxypolicyServiceArgs;
import com.pulumi.fortios.firewall.inputs.ProxypolicySrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.ProxypolicySrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Proxypolicy("trname", ProxypolicyArgs.builder()
.action("deny")
.disclaimer("disable")
.dstaddrs(ProxypolicyDstaddrArgs.builder()
.name("all")
.build())
.dstaddrNegate("disable")
.dstintfs(ProxypolicyDstintfArgs.builder()
.name("port4")
.build())
.httpTunnelAuth("disable")
.internetService("disable")
.internetServiceNegate("disable")
.logtraffic("disable")
.logtrafficStart("disable")
.policyid(1)
.profileProtocolOptions("default")
.profileType("single")
.proxy("transparent-web")
.scanBotnetConnections("disable")
.schedule("always")
.services(ProxypolicyServiceArgs.builder()
.name("webproxy")
.build())
.serviceNegate("disable")
.srcaddrs(ProxypolicySrcaddrArgs.builder()
.name("all")
.build())
.srcaddrNegate("disable")
.srcintfs(ProxypolicySrcintfArgs.builder()
.name("port3")
.build())
.status("enable")
.transparent("disable")
.utmStatus("disable")
.webcache("disable")
.webcacheHttps("disable")
.build());
}
}
resources:
trname:
type: fortios:firewall:Proxypolicy
properties:
action: deny
disclaimer: disable
dstaddrs:
- name: all
dstaddrNegate: disable
dstintfs:
- name: port4
httpTunnelAuth: disable
internetService: disable
internetServiceNegate: disable
logtraffic: disable
logtrafficStart: disable
policyid: 1
profileProtocolOptions: default
profileType: single
proxy: transparent-web
scanBotnetConnections: disable
schedule: always
services:
- name: webproxy
serviceNegate: disable
srcaddrs:
- name: all
srcaddrNegate: disable
srcintfs:
- name: port3
status: enable
transparent: disable
utmStatus: disable
webcache: disable
webcacheHttps: disable
Create Proxypolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Proxypolicy(name: string, args: ProxypolicyArgs, opts?: CustomResourceOptions);
@overload
def Proxypolicy(resource_name: str,
args: ProxypolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Proxypolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
dstintfs: Optional[Sequence[ProxypolicyDstintfArgs]] = None,
proxy: Optional[str] = None,
schedule: Optional[str] = None,
access_proxies: Optional[Sequence[ProxypolicyAccessProxyArgs]] = None,
access_proxy6s: Optional[Sequence[ProxypolicyAccessProxy6Args]] = None,
action: Optional[str] = None,
application_list: Optional[str] = None,
av_profile: Optional[str] = None,
block_notification: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
detect_https_in_http_request: Optional[str] = None,
device_ownership: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
disclaimer: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dstaddr6s: Optional[Sequence[ProxypolicyDstaddr6Args]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[ProxypolicyDstaddrArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
get_all_tables: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[ProxypolicyGroupArgs]] = None,
http_tunnel_auth: Optional[str] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[ProxypolicyInternetService6CustomGroupArgs]] = None,
internet_service6_customs: Optional[Sequence[ProxypolicyInternetService6CustomArgs]] = None,
internet_service6_groups: Optional[Sequence[ProxypolicyInternetService6GroupArgs]] = None,
internet_service6_names: Optional[Sequence[ProxypolicyInternetService6NameArgs]] = None,
internet_service6_negate: Optional[str] = None,
internet_service_custom_groups: Optional[Sequence[ProxypolicyInternetServiceCustomGroupArgs]] = None,
internet_service_customs: Optional[Sequence[ProxypolicyInternetServiceCustomArgs]] = None,
internet_service_groups: Optional[Sequence[ProxypolicyInternetServiceGroupArgs]] = None,
internet_service_ids: Optional[Sequence[ProxypolicyInternetServiceIdArgs]] = None,
internet_service_names: Optional[Sequence[ProxypolicyInternetServiceNameArgs]] = None,
internet_service_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
policyid: Optional[int] = None,
poolnames: Optional[Sequence[ProxypolicyPoolnameArgs]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
redirect_url: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[ProxypolicyServiceArgs]] = None,
session_ttl: Optional[int] = None,
spamfilter_profile: Optional[str] = None,
srcaddr6s: Optional[Sequence[ProxypolicySrcaddr6Args]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[ProxypolicySrcaddrArgs]] = None,
srcintfs: Optional[Sequence[ProxypolicySrcintfArgs]] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
transparent: Optional[str] = None,
users: Optional[Sequence[ProxypolicyUserArgs]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None,
ztna_ems_tags: Optional[Sequence[ProxypolicyZtnaEmsTagArgs]] = None,
ztna_tags_match_logic: Optional[str] = None)
func NewProxypolicy(ctx *Context, name string, args ProxypolicyArgs, opts ...ResourceOption) (*Proxypolicy, error)
public Proxypolicy(string name, ProxypolicyArgs args, CustomResourceOptions? opts = null)
public Proxypolicy(String name, ProxypolicyArgs args)
public Proxypolicy(String name, ProxypolicyArgs args, CustomResourceOptions options)
type: fortios:firewall:Proxypolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProxypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProxypolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProxypolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProxypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProxypolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var proxypolicyResource = new Fortios.Firewall.Proxypolicy("proxypolicyResource", new()
{
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyDstintfArgs
{
Name = "string",
},
},
Proxy = "string",
Schedule = "string",
AccessProxies = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyAccessProxyArgs
{
Name = "string",
},
},
AccessProxy6s = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyAccessProxy6Args
{
Name = "string",
},
},
Action = "string",
ApplicationList = "string",
AvProfile = "string",
BlockNotification = "string",
CasbProfile = "string",
CifsProfile = "string",
Comments = "string",
DecryptedTrafficMirror = "string",
DetectHttpsInHttpRequest = "string",
DeviceOwnership = "string",
DiameterFilterProfile = "string",
Disclaimer = "string",
DlpProfile = "string",
DlpSensor = "string",
Dstaddr6s = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyDstaddr6Args
{
Name = "string",
},
},
DstaddrNegate = "string",
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyDstaddrArgs
{
Name = "string",
},
},
DynamicSortSubtable = "string",
EmailfilterProfile = "string",
FileFilterProfile = "string",
GetAllTables = "string",
GlobalLabel = "string",
Groups = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyGroupArgs
{
Name = "string",
},
},
HttpTunnelAuth = "string",
IcapProfile = "string",
InternetService = "string",
InternetService6 = "string",
InternetService6CustomGroups = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetService6CustomGroupArgs
{
Name = "string",
},
},
InternetService6Customs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetService6CustomArgs
{
Name = "string",
},
},
InternetService6Groups = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetService6GroupArgs
{
Name = "string",
},
},
InternetService6Names = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetService6NameArgs
{
Name = "string",
},
},
InternetService6Negate = "string",
InternetServiceCustomGroups = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetServiceCustomGroupArgs
{
Name = "string",
},
},
InternetServiceCustoms = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetServiceCustomArgs
{
Name = "string",
},
},
InternetServiceGroups = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetServiceGroupArgs
{
Name = "string",
},
},
InternetServiceIds = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetServiceIdArgs
{
Id = 0,
},
},
InternetServiceNames = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyInternetServiceNameArgs
{
Name = "string",
},
},
InternetServiceNegate = "string",
IpsSensor = "string",
IpsVoipFilter = "string",
Label = "string",
Logtraffic = "string",
LogtrafficStart = "string",
Name = "string",
Policyid = 0,
Poolnames = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyPoolnameArgs
{
Name = "string",
},
},
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
RedirectUrl = "string",
ReplacemsgOverrideGroup = "string",
ScanBotnetConnections = "string",
SctpFilterProfile = "string",
ServiceNegate = "string",
Services = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyServiceArgs
{
Name = "string",
},
},
SessionTtl = 0,
SpamfilterProfile = "string",
Srcaddr6s = new[]
{
new Fortios.Firewall.Inputs.ProxypolicySrcaddr6Args
{
Name = "string",
},
},
SrcaddrNegate = "string",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicySrcaddrArgs
{
Name = "string",
},
},
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.ProxypolicySrcintfArgs
{
Name = "string",
},
},
SshFilterProfile = "string",
SshPolicyRedirect = "string",
SslSshProfile = "string",
Status = "string",
Transparent = "string",
Users = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyUserArgs
{
Name = "string",
},
},
UtmStatus = "string",
Uuid = "string",
Vdomparam = "string",
VideofilterProfile = "string",
VirtualPatchProfile = "string",
VoipProfile = "string",
WafProfile = "string",
Webcache = "string",
WebcacheHttps = "string",
WebfilterProfile = "string",
WebproxyForwardServer = "string",
WebproxyProfile = "string",
ZtnaEmsTags = new[]
{
new Fortios.Firewall.Inputs.ProxypolicyZtnaEmsTagArgs
{
Name = "string",
},
},
ZtnaTagsMatchLogic = "string",
});
example, err := firewall.NewProxypolicy(ctx, "proxypolicyResource", &firewall.ProxypolicyArgs{
Dstintfs: firewall.ProxypolicyDstintfArray{
&firewall.ProxypolicyDstintfArgs{
Name: pulumi.String("string"),
},
},
Proxy: pulumi.String("string"),
Schedule: pulumi.String("string"),
AccessProxies: firewall.ProxypolicyAccessProxyArray{
&firewall.ProxypolicyAccessProxyArgs{
Name: pulumi.String("string"),
},
},
AccessProxy6s: firewall.ProxypolicyAccessProxy6Array{
&firewall.ProxypolicyAccessProxy6Args{
Name: pulumi.String("string"),
},
},
Action: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
AvProfile: pulumi.String("string"),
BlockNotification: pulumi.String("string"),
CasbProfile: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
DecryptedTrafficMirror: pulumi.String("string"),
DetectHttpsInHttpRequest: pulumi.String("string"),
DeviceOwnership: pulumi.String("string"),
DiameterFilterProfile: pulumi.String("string"),
Disclaimer: pulumi.String("string"),
DlpProfile: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
Dstaddr6s: firewall.ProxypolicyDstaddr6Array{
&firewall.ProxypolicyDstaddr6Args{
Name: pulumi.String("string"),
},
},
DstaddrNegate: pulumi.String("string"),
Dstaddrs: firewall.ProxypolicyDstaddrArray{
&firewall.ProxypolicyDstaddrArgs{
Name: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
EmailfilterProfile: pulumi.String("string"),
FileFilterProfile: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
GlobalLabel: pulumi.String("string"),
Groups: firewall.ProxypolicyGroupArray{
&firewall.ProxypolicyGroupArgs{
Name: pulumi.String("string"),
},
},
HttpTunnelAuth: pulumi.String("string"),
IcapProfile: pulumi.String("string"),
InternetService: pulumi.String("string"),
InternetService6: pulumi.String("string"),
InternetService6CustomGroups: firewall.ProxypolicyInternetService6CustomGroupArray{
&firewall.ProxypolicyInternetService6CustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6Customs: firewall.ProxypolicyInternetService6CustomArray{
&firewall.ProxypolicyInternetService6CustomArgs{
Name: pulumi.String("string"),
},
},
InternetService6Groups: firewall.ProxypolicyInternetService6GroupArray{
&firewall.ProxypolicyInternetService6GroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6Names: firewall.ProxypolicyInternetService6NameArray{
&firewall.ProxypolicyInternetService6NameArgs{
Name: pulumi.String("string"),
},
},
InternetService6Negate: pulumi.String("string"),
InternetServiceCustomGroups: firewall.ProxypolicyInternetServiceCustomGroupArray{
&firewall.ProxypolicyInternetServiceCustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceCustoms: firewall.ProxypolicyInternetServiceCustomArray{
&firewall.ProxypolicyInternetServiceCustomArgs{
Name: pulumi.String("string"),
},
},
InternetServiceGroups: firewall.ProxypolicyInternetServiceGroupArray{
&firewall.ProxypolicyInternetServiceGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceIds: firewall.ProxypolicyInternetServiceIdArray{
&firewall.ProxypolicyInternetServiceIdArgs{
Id: pulumi.Int(0),
},
},
InternetServiceNames: firewall.ProxypolicyInternetServiceNameArray{
&firewall.ProxypolicyInternetServiceNameArgs{
Name: pulumi.String("string"),
},
},
InternetServiceNegate: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
IpsVoipFilter: pulumi.String("string"),
Label: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
Name: pulumi.String("string"),
Policyid: pulumi.Int(0),
Poolnames: firewall.ProxypolicyPoolnameArray{
&firewall.ProxypolicyPoolnameArgs{
Name: pulumi.String("string"),
},
},
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
ReplacemsgOverrideGroup: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
SctpFilterProfile: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
Services: firewall.ProxypolicyServiceArray{
&firewall.ProxypolicyServiceArgs{
Name: pulumi.String("string"),
},
},
SessionTtl: pulumi.Int(0),
SpamfilterProfile: pulumi.String("string"),
Srcaddr6s: firewall.ProxypolicySrcaddr6Array{
&firewall.ProxypolicySrcaddr6Args{
Name: pulumi.String("string"),
},
},
SrcaddrNegate: pulumi.String("string"),
Srcaddrs: firewall.ProxypolicySrcaddrArray{
&firewall.ProxypolicySrcaddrArgs{
Name: pulumi.String("string"),
},
},
Srcintfs: firewall.ProxypolicySrcintfArray{
&firewall.ProxypolicySrcintfArgs{
Name: pulumi.String("string"),
},
},
SshFilterProfile: pulumi.String("string"),
SshPolicyRedirect: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
Transparent: pulumi.String("string"),
Users: firewall.ProxypolicyUserArray{
&firewall.ProxypolicyUserArgs{
Name: pulumi.String("string"),
},
},
UtmStatus: pulumi.String("string"),
Uuid: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
VideofilterProfile: pulumi.String("string"),
VirtualPatchProfile: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
WafProfile: pulumi.String("string"),
Webcache: pulumi.String("string"),
WebcacheHttps: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
WebproxyForwardServer: pulumi.String("string"),
WebproxyProfile: pulumi.String("string"),
ZtnaEmsTags: firewall.ProxypolicyZtnaEmsTagArray{
&firewall.ProxypolicyZtnaEmsTagArgs{
Name: pulumi.String("string"),
},
},
ZtnaTagsMatchLogic: pulumi.String("string"),
})
var proxypolicyResource = new Proxypolicy("proxypolicyResource", ProxypolicyArgs.builder()
.dstintfs(ProxypolicyDstintfArgs.builder()
.name("string")
.build())
.proxy("string")
.schedule("string")
.accessProxies(ProxypolicyAccessProxyArgs.builder()
.name("string")
.build())
.accessProxy6s(ProxypolicyAccessProxy6Args.builder()
.name("string")
.build())
.action("string")
.applicationList("string")
.avProfile("string")
.blockNotification("string")
.casbProfile("string")
.cifsProfile("string")
.comments("string")
.decryptedTrafficMirror("string")
.detectHttpsInHttpRequest("string")
.deviceOwnership("string")
.diameterFilterProfile("string")
.disclaimer("string")
.dlpProfile("string")
.dlpSensor("string")
.dstaddr6s(ProxypolicyDstaddr6Args.builder()
.name("string")
.build())
.dstaddrNegate("string")
.dstaddrs(ProxypolicyDstaddrArgs.builder()
.name("string")
.build())
.dynamicSortSubtable("string")
.emailfilterProfile("string")
.fileFilterProfile("string")
.getAllTables("string")
.globalLabel("string")
.groups(ProxypolicyGroupArgs.builder()
.name("string")
.build())
.httpTunnelAuth("string")
.icapProfile("string")
.internetService("string")
.internetService6("string")
.internetService6CustomGroups(ProxypolicyInternetService6CustomGroupArgs.builder()
.name("string")
.build())
.internetService6Customs(ProxypolicyInternetService6CustomArgs.builder()
.name("string")
.build())
.internetService6Groups(ProxypolicyInternetService6GroupArgs.builder()
.name("string")
.build())
.internetService6Names(ProxypolicyInternetService6NameArgs.builder()
.name("string")
.build())
.internetService6Negate("string")
.internetServiceCustomGroups(ProxypolicyInternetServiceCustomGroupArgs.builder()
.name("string")
.build())
.internetServiceCustoms(ProxypolicyInternetServiceCustomArgs.builder()
.name("string")
.build())
.internetServiceGroups(ProxypolicyInternetServiceGroupArgs.builder()
.name("string")
.build())
.internetServiceIds(ProxypolicyInternetServiceIdArgs.builder()
.id(0)
.build())
.internetServiceNames(ProxypolicyInternetServiceNameArgs.builder()
.name("string")
.build())
.internetServiceNegate("string")
.ipsSensor("string")
.ipsVoipFilter("string")
.label("string")
.logtraffic("string")
.logtrafficStart("string")
.name("string")
.policyid(0)
.poolnames(ProxypolicyPoolnameArgs.builder()
.name("string")
.build())
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.redirectUrl("string")
.replacemsgOverrideGroup("string")
.scanBotnetConnections("string")
.sctpFilterProfile("string")
.serviceNegate("string")
.services(ProxypolicyServiceArgs.builder()
.name("string")
.build())
.sessionTtl(0)
.spamfilterProfile("string")
.srcaddr6s(ProxypolicySrcaddr6Args.builder()
.name("string")
.build())
.srcaddrNegate("string")
.srcaddrs(ProxypolicySrcaddrArgs.builder()
.name("string")
.build())
.srcintfs(ProxypolicySrcintfArgs.builder()
.name("string")
.build())
.sshFilterProfile("string")
.sshPolicyRedirect("string")
.sslSshProfile("string")
.status("string")
.transparent("string")
.users(ProxypolicyUserArgs.builder()
.name("string")
.build())
.utmStatus("string")
.uuid("string")
.vdomparam("string")
.videofilterProfile("string")
.virtualPatchProfile("string")
.voipProfile("string")
.wafProfile("string")
.webcache("string")
.webcacheHttps("string")
.webfilterProfile("string")
.webproxyForwardServer("string")
.webproxyProfile("string")
.ztnaEmsTags(ProxypolicyZtnaEmsTagArgs.builder()
.name("string")
.build())
.ztnaTagsMatchLogic("string")
.build());
proxypolicy_resource = fortios.firewall.Proxypolicy("proxypolicyResource",
dstintfs=[{
"name": "string",
}],
proxy="string",
schedule="string",
access_proxies=[{
"name": "string",
}],
access_proxy6s=[{
"name": "string",
}],
action="string",
application_list="string",
av_profile="string",
block_notification="string",
casb_profile="string",
cifs_profile="string",
comments="string",
decrypted_traffic_mirror="string",
detect_https_in_http_request="string",
device_ownership="string",
diameter_filter_profile="string",
disclaimer="string",
dlp_profile="string",
dlp_sensor="string",
dstaddr6s=[{
"name": "string",
}],
dstaddr_negate="string",
dstaddrs=[{
"name": "string",
}],
dynamic_sort_subtable="string",
emailfilter_profile="string",
file_filter_profile="string",
get_all_tables="string",
global_label="string",
groups=[{
"name": "string",
}],
http_tunnel_auth="string",
icap_profile="string",
internet_service="string",
internet_service6="string",
internet_service6_custom_groups=[{
"name": "string",
}],
internet_service6_customs=[{
"name": "string",
}],
internet_service6_groups=[{
"name": "string",
}],
internet_service6_names=[{
"name": "string",
}],
internet_service6_negate="string",
internet_service_custom_groups=[{
"name": "string",
}],
internet_service_customs=[{
"name": "string",
}],
internet_service_groups=[{
"name": "string",
}],
internet_service_ids=[{
"id": 0,
}],
internet_service_names=[{
"name": "string",
}],
internet_service_negate="string",
ips_sensor="string",
ips_voip_filter="string",
label="string",
logtraffic="string",
logtraffic_start="string",
name="string",
policyid=0,
poolnames=[{
"name": "string",
}],
profile_group="string",
profile_protocol_options="string",
profile_type="string",
redirect_url="string",
replacemsg_override_group="string",
scan_botnet_connections="string",
sctp_filter_profile="string",
service_negate="string",
services=[{
"name": "string",
}],
session_ttl=0,
spamfilter_profile="string",
srcaddr6s=[{
"name": "string",
}],
srcaddr_negate="string",
srcaddrs=[{
"name": "string",
}],
srcintfs=[{
"name": "string",
}],
ssh_filter_profile="string",
ssh_policy_redirect="string",
ssl_ssh_profile="string",
status="string",
transparent="string",
users=[{
"name": "string",
}],
utm_status="string",
uuid="string",
vdomparam="string",
videofilter_profile="string",
virtual_patch_profile="string",
voip_profile="string",
waf_profile="string",
webcache="string",
webcache_https="string",
webfilter_profile="string",
webproxy_forward_server="string",
webproxy_profile="string",
ztna_ems_tags=[{
"name": "string",
}],
ztna_tags_match_logic="string")
const proxypolicyResource = new fortios.firewall.Proxypolicy("proxypolicyResource", {
dstintfs: [{
name: "string",
}],
proxy: "string",
schedule: "string",
accessProxies: [{
name: "string",
}],
accessProxy6s: [{
name: "string",
}],
action: "string",
applicationList: "string",
avProfile: "string",
blockNotification: "string",
casbProfile: "string",
cifsProfile: "string",
comments: "string",
decryptedTrafficMirror: "string",
detectHttpsInHttpRequest: "string",
deviceOwnership: "string",
diameterFilterProfile: "string",
disclaimer: "string",
dlpProfile: "string",
dlpSensor: "string",
dstaddr6s: [{
name: "string",
}],
dstaddrNegate: "string",
dstaddrs: [{
name: "string",
}],
dynamicSortSubtable: "string",
emailfilterProfile: "string",
fileFilterProfile: "string",
getAllTables: "string",
globalLabel: "string",
groups: [{
name: "string",
}],
httpTunnelAuth: "string",
icapProfile: "string",
internetService: "string",
internetService6: "string",
internetService6CustomGroups: [{
name: "string",
}],
internetService6Customs: [{
name: "string",
}],
internetService6Groups: [{
name: "string",
}],
internetService6Names: [{
name: "string",
}],
internetService6Negate: "string",
internetServiceCustomGroups: [{
name: "string",
}],
internetServiceCustoms: [{
name: "string",
}],
internetServiceGroups: [{
name: "string",
}],
internetServiceIds: [{
id: 0,
}],
internetServiceNames: [{
name: "string",
}],
internetServiceNegate: "string",
ipsSensor: "string",
ipsVoipFilter: "string",
label: "string",
logtraffic: "string",
logtrafficStart: "string",
name: "string",
policyid: 0,
poolnames: [{
name: "string",
}],
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
redirectUrl: "string",
replacemsgOverrideGroup: "string",
scanBotnetConnections: "string",
sctpFilterProfile: "string",
serviceNegate: "string",
services: [{
name: "string",
}],
sessionTtl: 0,
spamfilterProfile: "string",
srcaddr6s: [{
name: "string",
}],
srcaddrNegate: "string",
srcaddrs: [{
name: "string",
}],
srcintfs: [{
name: "string",
}],
sshFilterProfile: "string",
sshPolicyRedirect: "string",
sslSshProfile: "string",
status: "string",
transparent: "string",
users: [{
name: "string",
}],
utmStatus: "string",
uuid: "string",
vdomparam: "string",
videofilterProfile: "string",
virtualPatchProfile: "string",
voipProfile: "string",
wafProfile: "string",
webcache: "string",
webcacheHttps: "string",
webfilterProfile: "string",
webproxyForwardServer: "string",
webproxyProfile: "string",
ztnaEmsTags: [{
name: "string",
}],
ztnaTagsMatchLogic: "string",
});
type: fortios:firewall:Proxypolicy
properties:
accessProxies:
- name: string
accessProxy6s:
- name: string
action: string
applicationList: string
avProfile: string
blockNotification: string
casbProfile: string
cifsProfile: string
comments: string
decryptedTrafficMirror: string
detectHttpsInHttpRequest: string
deviceOwnership: string
diameterFilterProfile: string
disclaimer: string
dlpProfile: string
dlpSensor: string
dstaddr6s:
- name: string
dstaddrNegate: string
dstaddrs:
- name: string
dstintfs:
- name: string
dynamicSortSubtable: string
emailfilterProfile: string
fileFilterProfile: string
getAllTables: string
globalLabel: string
groups:
- name: string
httpTunnelAuth: string
icapProfile: string
internetService: string
internetService6: string
internetService6CustomGroups:
- name: string
internetService6Customs:
- name: string
internetService6Groups:
- name: string
internetService6Names:
- name: string
internetService6Negate: string
internetServiceCustomGroups:
- name: string
internetServiceCustoms:
- name: string
internetServiceGroups:
- name: string
internetServiceIds:
- id: 0
internetServiceNames:
- name: string
internetServiceNegate: string
ipsSensor: string
ipsVoipFilter: string
label: string
logtraffic: string
logtrafficStart: string
name: string
policyid: 0
poolnames:
- name: string
profileGroup: string
profileProtocolOptions: string
profileType: string
proxy: string
redirectUrl: string
replacemsgOverrideGroup: string
scanBotnetConnections: string
schedule: string
sctpFilterProfile: string
serviceNegate: string
services:
- name: string
sessionTtl: 0
spamfilterProfile: string
srcaddr6s:
- name: string
srcaddrNegate: string
srcaddrs:
- name: string
srcintfs:
- name: string
sshFilterProfile: string
sshPolicyRedirect: string
sslSshProfile: string
status: string
transparent: string
users:
- name: string
utmStatus: string
uuid: string
vdomparam: string
videofilterProfile: string
virtualPatchProfile: string
voipProfile: string
wafProfile: string
webcache: string
webcacheHttps: string
webfilterProfile: string
webproxyForwardServer: string
webproxyProfile: string
ztnaEmsTags:
- name: string
ztnaTagsMatchLogic: string
Proxypolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Proxypolicy resource accepts the following input properties:
- Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstintf> - Destination interface names. The structure of
dstintf
block is documented below. - Proxy string
- Type of explicit proxy.
- Schedule string
- Name of schedule object.
- Access
Proxies List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Access Proxy> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - Access
Proxy6s List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Access Proxy6> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dstaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstaddr6> - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstaddr> - Destination address objects. The structure of
dstaddr
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Global web-based manager visible label.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Group> - Names of group objects. The structure of
groups
block is documented below. - Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - Internet
Service6Custom List<Pulumiverse.Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service6Custom Group> - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Custom> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Group> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Name> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Customs Fortios. Firewall. Inputs. Proxypolicy Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service List<Pulumiverse.Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service List<Pulumiverse.Ids Fortios. Firewall. Inputs. Proxypolicy Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service List<Pulumiverse.Names Fortios. Firewall. Inputs. Proxypolicy Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - Name string
- Policy name.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Poolname> - Name of IP pool object. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Service> - Name of service objects. The structure of
service
block is documented below. - Session
Ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcaddr6> - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcaddr> - Source address objects. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcintf> - Source interface names. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy User> - Names of user objects. The structure of
users
block is documented below. - Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Ztna Ems Tag> - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- Dstintfs
[]Proxypolicy
Dstintf Args - Destination interface names. The structure of
dstintf
block is documented below. - Proxy string
- Type of explicit proxy.
- Schedule string
- Name of schedule object.
- Access
Proxies []ProxypolicyAccess Proxy Args - IPv4 access proxy. The structure of
access_proxy
block is documented below. - Access
Proxy6s []ProxypolicyAccess Proxy6Args - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dstaddr6s
[]Proxypolicy
Dstaddr6Args - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - Dstaddrs
[]Proxypolicy
Dstaddr Args - Destination address objects. The structure of
dstaddr
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Global web-based manager visible label.
- Groups
[]Proxypolicy
Group Args - Names of group objects. The structure of
groups
block is documented below. - Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - Internet
Service6Custom []ProxypolicyGroups Internet Service6Custom Group Args - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs []ProxypolicyInternet Service6Custom Args - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups []ProxypolicyInternet Service6Group Args - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names []ProxypolicyInternet Service6Name Args - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - Internet
Service []ProxypolicyCustom Groups Internet Service Custom Group Args - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service []ProxypolicyCustoms Internet Service Custom Args - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service []ProxypolicyGroups Internet Service Group Args - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service []ProxypolicyIds Internet Service Id Args - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service []ProxypolicyNames Internet Service Name Args - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - Name string
- Policy name.
- Policyid int
- Policy ID.
- Poolnames
[]Proxypolicy
Poolname Args - Name of IP pool object. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - Services
[]Proxypolicy
Service Args - Name of service objects. The structure of
service
block is documented below. - Session
Ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s
[]Proxypolicy
Srcaddr6Args - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - Srcaddrs
[]Proxypolicy
Srcaddr Args - Source address objects. The structure of
srcaddr
block is documented below. - Srcintfs
[]Proxypolicy
Srcintf Args - Source interface names. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - Users
[]Proxypolicy
User Args - Names of user objects. The structure of
users
block is documented below. - Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- []Proxypolicy
Ztna Ems Tag Args - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- dstintfs
List<Proxypolicy
Dstintf> - Destination interface names. The structure of
dstintf
block is documented below. - proxy String
- Type of explicit proxy.
- schedule String
- Name of schedule object.
- access
Proxies List<ProxypolicyAccess Proxy> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s List<ProxypolicyAccess Proxy6> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dstaddr6s
List<Proxypolicy
Dstaddr6> - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
List<Proxypolicy
Dstaddr> - Destination address objects. The structure of
dstaddr
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Global web-based manager visible label.
- groups
List<Proxypolicy
Group> - Names of group objects. The structure of
groups
block is documented below. - http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<ProxypolicyGroups Internet Service6Custom Group> - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<ProxypolicyInternet Service6Custom> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<ProxypolicyInternet Service6Group> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<ProxypolicyInternet Service6Name> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service List<ProxypolicyCustom Groups Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<ProxypolicyCustoms Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<ProxypolicyGroups Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<ProxypolicyIds Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<ProxypolicyNames Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name String
- Policy name.
- policyid Integer
- Policy ID.
- poolnames
List<Proxypolicy
Poolname> - Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
List<Proxypolicy
Service> - Name of service objects. The structure of
service
block is documented below. - session
Ttl Integer - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s
List<Proxypolicy
Srcaddr6> - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
List<Proxypolicy
Srcaddr> - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
List<Proxypolicy
Srcintf> - Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
List<Proxypolicy
User> - Names of user objects. The structure of
users
block is documented below. - utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<Proxypolicy
Ztna Ems Tag> - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - String
- ZTNA tag matching logic. Valid values:
or
,and
.
- dstintfs
Proxypolicy
Dstintf[] - Destination interface names. The structure of
dstintf
block is documented below. - proxy string
- Type of explicit proxy.
- schedule string
- Name of schedule object.
- access
Proxies ProxypolicyAccess Proxy[] - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s ProxypolicyAccess Proxy6[] - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List string - Name of an existing Application list.
- av
Profile string - Name of an existing Antivirus profile.
- block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Optional comments.
- decrypted
Traffic stringMirror - Decrypted traffic mirror.
- detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dstaddr6s
Proxypolicy
Dstaddr6[] - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
Proxypolicy
Dstaddr[] - Destination address objects. The structure of
dstaddr
block is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - Name of an existing file-filter profile.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label string - Global web-based manager visible label.
- groups
Proxypolicy
Group[] - Names of group objects. The structure of
groups
block is documented below. - http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom ProxypolicyGroups Internet Service6Custom Group[] - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs ProxypolicyInternet Service6Custom[] - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups ProxypolicyInternet Service6Group[] - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names ProxypolicyInternet Service6Name[] - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service ProxypolicyCustom Groups Internet Service Custom Group[] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service ProxypolicyCustoms Internet Service Custom[] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service ProxypolicyGroups Internet Service Group[] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service ProxypolicyIds Internet Service Id[] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service ProxypolicyNames Internet Service Name[] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- label string
- VDOM-specific GUI visible label.
- logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name string
- Policy name.
- policyid number
- Policy ID.
- poolnames
Proxypolicy
Poolname[] - Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - redirect
Url string - Redirect URL for further explicit web proxy processing.
- replacemsg
Override stringGroup - Authentication replacement message override group.
- scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
Proxypolicy
Service[] - Name of service objects. The structure of
service
block is documented below. - session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr6s
Proxypolicy
Srcaddr6[] - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
Proxypolicy
Srcaddr[] - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
Proxypolicy
Srcintf[] - Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
Proxypolicy
User[] - Names of user objects. The structure of
users
block is documented below. - utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- voip
Profile string - Name of an existing VoIP profile.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Name of web proxy profile.
- Proxypolicy
Ztna Ems Tag[] - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- dstintfs
Sequence[Proxypolicy
Dstintf Args] - Destination interface names. The structure of
dstintf
block is documented below. - proxy str
- Type of explicit proxy.
- schedule str
- Name of schedule object.
- access_
proxies Sequence[ProxypolicyAccess Proxy Args] - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access_
proxy6s Sequence[ProxypolicyAccess Proxy6Args] - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action str
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application_
list str - Name of an existing Application list.
- av_
profile str - Name of an existing Antivirus profile.
- block_
notification str - Enable/disable block notification. Valid values:
enable
,disable
. - casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Optional comments.
- decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- detect_
https_ strin_ http_ request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device_
ownership str - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- disclaimer str
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dstaddr6s
Sequence[Proxypolicy
Dstaddr6Args] - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr_
negate str - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
Sequence[Proxypolicy
Dstaddr Args] - Destination address objects. The structure of
dstaddr
block is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - Name of an existing file-filter profile.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_
label str - Global web-based manager visible label.
- groups
Sequence[Proxypolicy
Group Args] - Names of group objects. The structure of
groups
block is documented below. - http_
tunnel_ strauth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet_
service6 str - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Proxypolicycustom_ groups Internet Service6Custom Group Args] - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet_
service6_ Sequence[Proxypolicycustoms Internet Service6Custom Args] - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet_
service6_ Sequence[Proxypolicygroups Internet Service6Group Args] - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet_
service6_ Sequence[Proxypolicynames Internet Service6Name Args] - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet_
service6_ strnegate - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet_
service_ Sequence[Proxypolicycustom_ groups Internet Service Custom Group Args] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet_
service_ Sequence[Proxypolicycustoms Internet Service Custom Args] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet_
service_ Sequence[Proxypolicygroups Internet Service Group Args] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet_
service_ Sequence[Proxypolicyids Internet Service Id Args] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet_
service_ Sequence[Proxypolicynames Internet Service Name Args] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet_
service_ strnegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- label str
- VDOM-specific GUI visible label.
- logtraffic str
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name str
- Policy name.
- policyid int
- Policy ID.
- poolnames
Sequence[Proxypolicy
Poolname Args] - Name of IP pool object. The structure of
poolname
block is documented below. - profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - redirect_
url str - Redirect URL for further explicit web proxy processing.
- replacemsg_
override_ strgroup - Authentication replacement message override group.
- scan_
botnet_ strconnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- service_
negate str - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
Sequence[Proxypolicy
Service Args] - Name of service objects. The structure of
service
block is documented below. - session_
ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr6s
Sequence[Proxypolicy
Srcaddr6Args] - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr_
negate str - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
Sequence[Proxypolicy
Srcaddr Args] - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Proxypolicy
Srcintf Args] - Source interface names. The structure of
srcintf
block is documented below. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent str
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
Sequence[Proxypolicy
User Args] - Names of user objects. The structure of
users
block is documented below. - utm_
status str - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Name of an existing virtual-patch profile.
- voip_
profile str - Name of an existing VoIP profile.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache_
https str - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Name of web proxy profile.
- Sequence[Proxypolicy
Ztna Ems Tag Args] - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - str
- ZTNA tag matching logic. Valid values:
or
,and
.
- dstintfs List<Property Map>
- Destination interface names. The structure of
dstintf
block is documented below. - proxy String
- Type of explicit proxy.
- schedule String
- Name of schedule object.
- access
Proxies List<Property Map> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s List<Property Map> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dstaddr6s List<Property Map>
- IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs List<Property Map>
- Destination address objects. The structure of
dstaddr
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Global web-based manager visible label.
- groups List<Property Map>
- Names of group objects. The structure of
groups
block is documented below. - http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<Property Map>Groups - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<Property Map> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<Property Map> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<Property Map> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service List<Property Map>Custom Groups - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<Property Map>Customs - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<Property Map>Groups - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<Property Map>Ids - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<Property Map>Names - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name String
- Policy name.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services List<Property Map>
- Name of service objects. The structure of
service
block is documented below. - session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<Property Map>
- IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs List<Property Map>
- Source address objects. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users List<Property Map>
- Names of user objects. The structure of
users
block is documented below. - utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<Property Map>
- ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - String
- ZTNA tag matching logic. Valid values:
or
,and
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Proxypolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Proxypolicy Resource
Get an existing Proxypolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProxypolicyState, opts?: CustomResourceOptions): Proxypolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_proxies: Optional[Sequence[ProxypolicyAccessProxyArgs]] = None,
access_proxy6s: Optional[Sequence[ProxypolicyAccessProxy6Args]] = None,
action: Optional[str] = None,
application_list: Optional[str] = None,
av_profile: Optional[str] = None,
block_notification: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
detect_https_in_http_request: Optional[str] = None,
device_ownership: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
disclaimer: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dstaddr6s: Optional[Sequence[ProxypolicyDstaddr6Args]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[ProxypolicyDstaddrArgs]] = None,
dstintfs: Optional[Sequence[ProxypolicyDstintfArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
get_all_tables: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[ProxypolicyGroupArgs]] = None,
http_tunnel_auth: Optional[str] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[ProxypolicyInternetService6CustomGroupArgs]] = None,
internet_service6_customs: Optional[Sequence[ProxypolicyInternetService6CustomArgs]] = None,
internet_service6_groups: Optional[Sequence[ProxypolicyInternetService6GroupArgs]] = None,
internet_service6_names: Optional[Sequence[ProxypolicyInternetService6NameArgs]] = None,
internet_service6_negate: Optional[str] = None,
internet_service_custom_groups: Optional[Sequence[ProxypolicyInternetServiceCustomGroupArgs]] = None,
internet_service_customs: Optional[Sequence[ProxypolicyInternetServiceCustomArgs]] = None,
internet_service_groups: Optional[Sequence[ProxypolicyInternetServiceGroupArgs]] = None,
internet_service_ids: Optional[Sequence[ProxypolicyInternetServiceIdArgs]] = None,
internet_service_names: Optional[Sequence[ProxypolicyInternetServiceNameArgs]] = None,
internet_service_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
policyid: Optional[int] = None,
poolnames: Optional[Sequence[ProxypolicyPoolnameArgs]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
proxy: Optional[str] = None,
redirect_url: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[ProxypolicyServiceArgs]] = None,
session_ttl: Optional[int] = None,
spamfilter_profile: Optional[str] = None,
srcaddr6s: Optional[Sequence[ProxypolicySrcaddr6Args]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[ProxypolicySrcaddrArgs]] = None,
srcintfs: Optional[Sequence[ProxypolicySrcintfArgs]] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
transparent: Optional[str] = None,
users: Optional[Sequence[ProxypolicyUserArgs]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None,
ztna_ems_tags: Optional[Sequence[ProxypolicyZtnaEmsTagArgs]] = None,
ztna_tags_match_logic: Optional[str] = None) -> Proxypolicy
func GetProxypolicy(ctx *Context, name string, id IDInput, state *ProxypolicyState, opts ...ResourceOption) (*Proxypolicy, error)
public static Proxypolicy Get(string name, Input<string> id, ProxypolicyState? state, CustomResourceOptions? opts = null)
public static Proxypolicy get(String name, Output<String> id, ProxypolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Proxies List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Access Proxy> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - Access
Proxy6s List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Access Proxy6> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dstaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstaddr6> - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstaddr> - Destination address objects. The structure of
dstaddr
block is documented below. - Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Dstintf> - Destination interface names. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Global web-based manager visible label.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Group> - Names of group objects. The structure of
groups
block is documented below. - Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - Internet
Service6Custom List<Pulumiverse.Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service6Custom Group> - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Custom> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Group> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names List<Pulumiverse.Fortios. Firewall. Inputs. Proxypolicy Internet Service6Name> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Customs Fortios. Firewall. Inputs. Proxypolicy Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service List<Pulumiverse.Groups Fortios. Firewall. Inputs. Proxypolicy Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service List<Pulumiverse.Ids Fortios. Firewall. Inputs. Proxypolicy Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service List<Pulumiverse.Names Fortios. Firewall. Inputs. Proxypolicy Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - Name string
- Policy name.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Poolname> - Name of IP pool object. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Proxy string
- Type of explicit proxy.
- Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - Schedule string
- Name of schedule object.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Service> - Name of service objects. The structure of
service
block is documented below. - Session
Ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcaddr6> - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcaddr> - Source address objects. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Srcintf> - Source interface names. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy User> - Names of user objects. The structure of
users
block is documented below. - Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- List<Pulumiverse.
Fortios. Firewall. Inputs. Proxypolicy Ztna Ems Tag> - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- Access
Proxies []ProxypolicyAccess Proxy Args - IPv4 access proxy. The structure of
access_proxy
block is documented below. - Access
Proxy6s []ProxypolicyAccess Proxy6Args - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dstaddr6s
[]Proxypolicy
Dstaddr6Args - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - Dstaddrs
[]Proxypolicy
Dstaddr Args - Destination address objects. The structure of
dstaddr
block is documented below. - Dstintfs
[]Proxypolicy
Dstintf Args - Destination interface names. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Global
Label string - Global web-based manager visible label.
- Groups
[]Proxypolicy
Group Args - Names of group objects. The structure of
groups
block is documented below. - Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - Internet
Service6Custom []ProxypolicyGroups Internet Service6Custom Group Args - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs []ProxypolicyInternet Service6Custom Args - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups []ProxypolicyInternet Service6Group Args - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names []ProxypolicyInternet Service6Name Args - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - Internet
Service []ProxypolicyCustom Groups Internet Service Custom Group Args - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service []ProxypolicyCustoms Internet Service Custom Args - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service []ProxypolicyGroups Internet Service Group Args - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service []ProxypolicyIds Internet Service Id Args - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service []ProxypolicyNames Internet Service Name Args - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - Name string
- Policy name.
- Policyid int
- Policy ID.
- Poolnames
[]Proxypolicy
Poolname Args - Name of IP pool object. The structure of
poolname
block is documented below. - Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Proxy string
- Type of explicit proxy.
- Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - Schedule string
- Name of schedule object.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - Services
[]Proxypolicy
Service Args - Name of service objects. The structure of
service
block is documented below. - Session
Ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s
[]Proxypolicy
Srcaddr6Args - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - Srcaddrs
[]Proxypolicy
Srcaddr Args - Source address objects. The structure of
srcaddr
block is documented below. - Srcintfs
[]Proxypolicy
Srcintf Args - Source interface names. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - Users
[]Proxypolicy
User Args - Names of user objects. The structure of
users
block is documented below. - Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- []Proxypolicy
Ztna Ems Tag Args - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- access
Proxies List<ProxypolicyAccess Proxy> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s List<ProxypolicyAccess Proxy6> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dstaddr6s
List<Proxypolicy
Dstaddr6> - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
List<Proxypolicy
Dstaddr> - Destination address objects. The structure of
dstaddr
block is documented below. - dstintfs
List<Proxypolicy
Dstintf> - Destination interface names. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Global web-based manager visible label.
- groups
List<Proxypolicy
Group> - Names of group objects. The structure of
groups
block is documented below. - http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<ProxypolicyGroups Internet Service6Custom Group> - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<ProxypolicyInternet Service6Custom> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<ProxypolicyInternet Service6Group> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<ProxypolicyInternet Service6Name> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service List<ProxypolicyCustom Groups Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<ProxypolicyCustoms Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<ProxypolicyGroups Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<ProxypolicyIds Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<ProxypolicyNames Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name String
- Policy name.
- policyid Integer
- Policy ID.
- poolnames
List<Proxypolicy
Poolname> - Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - proxy String
- Type of explicit proxy.
- redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - schedule String
- Name of schedule object.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
List<Proxypolicy
Service> - Name of service objects. The structure of
service
block is documented below. - session
Ttl Integer - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s
List<Proxypolicy
Srcaddr6> - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
List<Proxypolicy
Srcaddr> - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
List<Proxypolicy
Srcintf> - Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
List<Proxypolicy
User> - Names of user objects. The structure of
users
block is documented below. - utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<Proxypolicy
Ztna Ems Tag> - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - String
- ZTNA tag matching logic. Valid values:
or
,and
.
- access
Proxies ProxypolicyAccess Proxy[] - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s ProxypolicyAccess Proxy6[] - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List string - Name of an existing Application list.
- av
Profile string - Name of an existing Antivirus profile.
- block
Notification string - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Optional comments.
- decrypted
Traffic stringMirror - Decrypted traffic mirror.
- detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dstaddr6s
Proxypolicy
Dstaddr6[] - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
Proxypolicy
Dstaddr[] - Destination address objects. The structure of
dstaddr
block is documented below. - dstintfs
Proxypolicy
Dstintf[] - Destination interface names. The structure of
dstintf
block is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - Name of an existing file-filter profile.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label string - Global web-based manager visible label.
- groups
Proxypolicy
Group[] - Names of group objects. The structure of
groups
block is documented below. - http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom ProxypolicyGroups Internet Service6Custom Group[] - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs ProxypolicyInternet Service6Custom[] - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups ProxypolicyInternet Service6Group[] - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names ProxypolicyInternet Service6Name[] - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service ProxypolicyCustom Groups Internet Service Custom Group[] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service ProxypolicyCustoms Internet Service Custom[] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service ProxypolicyGroups Internet Service Group[] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service ProxypolicyIds Internet Service Id[] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service ProxypolicyNames Internet Service Name[] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- label string
- VDOM-specific GUI visible label.
- logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name string
- Policy name.
- policyid number
- Policy ID.
- poolnames
Proxypolicy
Poolname[] - Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - proxy string
- Type of explicit proxy.
- redirect
Url string - Redirect URL for further explicit web proxy processing.
- replacemsg
Override stringGroup - Authentication replacement message override group.
- scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - schedule string
- Name of schedule object.
- sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
Proxypolicy
Service[] - Name of service objects. The structure of
service
block is documented below. - session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr6s
Proxypolicy
Srcaddr6[] - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
Proxypolicy
Srcaddr[] - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
Proxypolicy
Srcintf[] - Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
Proxypolicy
User[] - Names of user objects. The structure of
users
block is documented below. - utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- voip
Profile string - Name of an existing VoIP profile.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Name of web proxy profile.
- Proxypolicy
Ztna Ems Tag[] - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - string
- ZTNA tag matching logic. Valid values:
or
,and
.
- access_
proxies Sequence[ProxypolicyAccess Proxy Args] - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access_
proxy6s Sequence[ProxypolicyAccess Proxy6Args] - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action str
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application_
list str - Name of an existing Application list.
- av_
profile str - Name of an existing Antivirus profile.
- block_
notification str - Enable/disable block notification. Valid values:
enable
,disable
. - casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Optional comments.
- decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- detect_
https_ strin_ http_ request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device_
ownership str - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- disclaimer str
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dstaddr6s
Sequence[Proxypolicy
Dstaddr6Args] - IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr_
negate str - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs
Sequence[Proxypolicy
Dstaddr Args] - Destination address objects. The structure of
dstaddr
block is documented below. - dstintfs
Sequence[Proxypolicy
Dstintf Args] - Destination interface names. The structure of
dstintf
block is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - Name of an existing file-filter profile.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_
label str - Global web-based manager visible label.
- groups
Sequence[Proxypolicy
Group Args] - Names of group objects. The structure of
groups
block is documented below. - http_
tunnel_ strauth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet_
service6 str - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Proxypolicycustom_ groups Internet Service6Custom Group Args] - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet_
service6_ Sequence[Proxypolicycustoms Internet Service6Custom Args] - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet_
service6_ Sequence[Proxypolicygroups Internet Service6Group Args] - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet_
service6_ Sequence[Proxypolicynames Internet Service6Name Args] - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet_
service6_ strnegate - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet_
service_ Sequence[Proxypolicycustom_ groups Internet Service Custom Group Args] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet_
service_ Sequence[Proxypolicycustoms Internet Service Custom Args] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet_
service_ Sequence[Proxypolicygroups Internet Service Group Args] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet_
service_ Sequence[Proxypolicyids Internet Service Id Args] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet_
service_ Sequence[Proxypolicynames Internet Service Name Args] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet_
service_ strnegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- label str
- VDOM-specific GUI visible label.
- logtraffic str
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name str
- Policy name.
- policyid int
- Policy ID.
- poolnames
Sequence[Proxypolicy
Poolname Args] - Name of IP pool object. The structure of
poolname
block is documented below. - profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - proxy str
- Type of explicit proxy.
- redirect_
url str - Redirect URL for further explicit web proxy processing.
- replacemsg_
override_ strgroup - Authentication replacement message override group.
- scan_
botnet_ strconnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - schedule str
- Name of schedule object.
- sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- service_
negate str - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services
Sequence[Proxypolicy
Service Args] - Name of service objects. The structure of
service
block is documented below. - session_
ttl int - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr6s
Sequence[Proxypolicy
Srcaddr6Args] - IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr_
negate str - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs
Sequence[Proxypolicy
Srcaddr Args] - Source address objects. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Proxypolicy
Srcintf Args] - Source interface names. The structure of
srcintf
block is documented below. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent str
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users
Sequence[Proxypolicy
User Args] - Names of user objects. The structure of
users
block is documented below. - utm_
status str - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Name of an existing virtual-patch profile.
- voip_
profile str - Name of an existing VoIP profile.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache_
https str - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Name of web proxy profile.
- Sequence[Proxypolicy
Ztna Ems Tag Args] - ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - str
- ZTNA tag matching logic. Valid values:
or
,and
.
- access
Proxies List<Property Map> - IPv4 access proxy. The structure of
access_proxy
block is documented below. - access
Proxy6s List<Property Map> - IPv6 access proxy. The structure of
access_proxy6
block is documented below. - action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept
,deny
,redirect
. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
enable
,disable
. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
enable
,disable
. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
enable
,disable
. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable
,domain
,policy
,user
. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dstaddr6s List<Property Map>
- IPv6 destination address objects. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
enable
,disable
. - dstaddrs List<Property Map>
- Destination address objects. The structure of
dstaddr
block is documented below. - dstintfs List<Property Map>
- Destination interface names. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global
Label String - Global web-based manager visible label.
- groups List<Property Map>
- Names of group objects. The structure of
groups
block is documented below. - http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
enable
,disable
. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<Property Map>Groups - Custom Internet Service IPv6 group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<Property Map> - Custom Internet Service IPv6 name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<Property Map> - Internet Service IPv6 group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<Property Map> - Internet Service IPv6 name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
enable
,disable
. - internet
Service List<Property Map>Custom Groups - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<Property Map>Customs - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<Property Map>Groups - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<Property Map>Ids - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<Property Map>Names - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
enable
,disable
. - name String
- Policy name.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- Name of IP pool object. The structure of
poolname
block is documented below. - profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - proxy String
- Type of explicit proxy.
- redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable
,block
,monitor
. - schedule String
- Name of schedule object.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
enable
,disable
. - services List<Property Map>
- Name of service objects. The structure of
service
block is documented below. - session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<Property Map>
- IPv6 source address objects. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
enable
,disable
. - srcaddrs List<Property Map>
- Source address objects. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Source interface names. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
enable
,disable
. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
enable
,disable
. - users List<Property Map>
- Names of user objects. The structure of
users
block is documented below. - utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
enable
,disable
. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
enable
,disable
. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable
,enable
. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<Property Map>
- ZTNA EMS Tag names. The structure of
ztna_ems_tag
block is documented below. - String
- ZTNA tag matching logic. Valid values:
or
,and
.
Supporting Types
ProxypolicyAccessProxy, ProxypolicyAccessProxyArgs
- Name string
- Access proxy name.
- Name string
- Access proxy name.
- name String
- Access proxy name.
- name string
- Access proxy name.
- name str
- Access proxy name.
- name String
- Access proxy name.
ProxypolicyAccessProxy6, ProxypolicyAccessProxy6Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyDstaddr, ProxypolicyDstaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
ProxypolicyDstaddr6, ProxypolicyDstaddr6Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyDstintf, ProxypolicyDstintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
ProxypolicyGroup, ProxypolicyGroupArgs
- Name string
- Group name.
- Name string
- Group name.
- name String
- Group name.
- name string
- Group name.
- name str
- Group name.
- name String
- Group name.
ProxypolicyInternetService6Custom, ProxypolicyInternetService6CustomArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyInternetService6CustomGroup, ProxypolicyInternetService6CustomGroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyInternetService6Group, ProxypolicyInternetService6GroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyInternetService6Name, ProxypolicyInternetService6NameArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicyInternetServiceCustom, ProxypolicyInternetServiceCustomArgs
- Name string
- Custom name.
- Name string
- Custom name.
- name String
- Custom name.
- name string
- Custom name.
- name str
- Custom name.
- name String
- Custom name.
ProxypolicyInternetServiceCustomGroup, ProxypolicyInternetServiceCustomGroupArgs
- Name string
- Custom Internet Service IPv6 group name.
- Name string
- Custom Internet Service IPv6 group name.
- name String
- Custom Internet Service IPv6 group name.
- name string
- Custom Internet Service IPv6 group name.
- name str
- Custom Internet Service IPv6 group name.
- name String
- Custom Internet Service IPv6 group name.
ProxypolicyInternetServiceGroup, ProxypolicyInternetServiceGroupArgs
- Name string
- Internet Service group name.
- Name string
- Internet Service group name.
- name String
- Internet Service group name.
- name string
- Internet Service group name.
- name str
- Internet Service group name.
- name String
- Internet Service group name.
ProxypolicyInternetServiceId, ProxypolicyInternetServiceIdArgs
- Id int
- Internet Service ID.
- Id int
- Internet Service ID.
- id Integer
- Internet Service ID.
- id number
- Internet Service ID.
- id int
- Internet Service ID.
- id Number
- Internet Service ID.
ProxypolicyInternetServiceName, ProxypolicyInternetServiceNameArgs
- Name string
- Internet Service name.
- Name string
- Internet Service name.
- name String
- Internet Service name.
- name string
- Internet Service name.
- name str
- Internet Service name.
- name String
- Internet Service name.
ProxypolicyPoolname, ProxypolicyPoolnameArgs
- Name string
- IP pool name.
- Name string
- IP pool name.
- name String
- IP pool name.
- name string
- IP pool name.
- name str
- IP pool name.
- name String
- IP pool name.
ProxypolicyService, ProxypolicyServiceArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
ProxypolicySrcaddr, ProxypolicySrcaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
ProxypolicySrcaddr6, ProxypolicySrcaddr6Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
ProxypolicySrcintf, ProxypolicySrcintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
ProxypolicyUser, ProxypolicyUserArgs
- Name string
- Group name.
- Name string
- Group name.
- name String
- Group name.
- name string
- Group name.
- name str
- Group name.
- name String
- Group name.
ProxypolicyZtnaEmsTag, ProxypolicyZtnaEmsTagArgs
- Name string
- EMS Tag name.
- Name string
- EMS Tag name.
- name String
- EMS Tag name.
- name string
- EMS Tag name.
- name str
- EMS Tag name.
- name String
- EMS Tag name.
Import
Firewall ProxyPolicy can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/proxypolicy:Proxypolicy labelname {{policyid}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/proxypolicy:Proxypolicy labelname {{policyid}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.