fortios.firewall.Securitypolicy
Explore with Pulumi AI
Configure NGFW IPv4/IPv6 application policies. Applies to FortiOS Version >= 6.2.4
.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Securitypolicy("trname", {
action: "accept",
dstaddrs: [{
name: "all",
}],
dstintfs: [{
name: "port4",
}],
logtraffic: "utm",
policyid: 1,
profileProtocolOptions: "default",
profileType: "single",
schedule: "always",
srcaddrs: [{
name: "all",
}],
srcintfs: [{
name: "port2",
}],
status: "enable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Securitypolicy("trname",
action="accept",
dstaddrs=[fortios.firewall.SecuritypolicyDstaddrArgs(
name="all",
)],
dstintfs=[fortios.firewall.SecuritypolicyDstintfArgs(
name="port4",
)],
logtraffic="utm",
policyid=1,
profile_protocol_options="default",
profile_type="single",
schedule="always",
srcaddrs=[fortios.firewall.SecuritypolicySrcaddrArgs(
name="all",
)],
srcintfs=[fortios.firewall.SecuritypolicySrcintfArgs(
name="port2",
)],
status="enable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewSecuritypolicy(ctx, "trname", &firewall.SecuritypolicyArgs{
Action: pulumi.String("accept"),
Dstaddrs: firewall.SecuritypolicyDstaddrArray{
&firewall.SecuritypolicyDstaddrArgs{
Name: pulumi.String("all"),
},
},
Dstintfs: firewall.SecuritypolicyDstintfArray{
&firewall.SecuritypolicyDstintfArgs{
Name: pulumi.String("port4"),
},
},
Logtraffic: pulumi.String("utm"),
Policyid: pulumi.Int(1),
ProfileProtocolOptions: pulumi.String("default"),
ProfileType: pulumi.String("single"),
Schedule: pulumi.String("always"),
Srcaddrs: firewall.SecuritypolicySrcaddrArray{
&firewall.SecuritypolicySrcaddrArgs{
Name: pulumi.String("all"),
},
},
Srcintfs: firewall.SecuritypolicySrcintfArray{
&firewall.SecuritypolicySrcintfArgs{
Name: pulumi.String("port2"),
},
},
Status: pulumi.String("enable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Firewall.Securitypolicy("trname", new()
{
Action = "accept",
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
{
Name = "all",
},
},
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
{
Name = "port4",
},
},
Logtraffic = "utm",
Policyid = 1,
ProfileProtocolOptions = "default",
ProfileType = "single",
Schedule = "always",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
{
Name = "all",
},
},
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
{
Name = "port2",
},
},
Status = "enable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Securitypolicy;
import com.pulumi.fortios.firewall.SecuritypolicyArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstaddrArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstintfArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Securitypolicy("trname", SecuritypolicyArgs.builder()
.action("accept")
.dstaddrs(SecuritypolicyDstaddrArgs.builder()
.name("all")
.build())
.dstintfs(SecuritypolicyDstintfArgs.builder()
.name("port4")
.build())
.logtraffic("utm")
.policyid(1)
.profileProtocolOptions("default")
.profileType("single")
.schedule("always")
.srcaddrs(SecuritypolicySrcaddrArgs.builder()
.name("all")
.build())
.srcintfs(SecuritypolicySrcintfArgs.builder()
.name("port2")
.build())
.status("enable")
.build());
}
}
resources:
trname:
type: fortios:firewall:Securitypolicy
properties:
action: accept
dstaddrs:
- name: all
dstintfs:
- name: port4
logtraffic: utm
policyid: 1
profileProtocolOptions: default
profileType: single
schedule: always
srcaddrs:
- name: all
srcintfs:
- name: port2
status: enable
Create Securitypolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Securitypolicy(name: string, args?: SecuritypolicyArgs, opts?: CustomResourceOptions);
@overload
def Securitypolicy(resource_name: str,
args: Optional[SecuritypolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Securitypolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
av_profile: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
dstaddr6_negate: Optional[str] = None,
dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
enforce_default_app_port: Optional[str] = None,
file_filter_profile: Optional[str] = None,
fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
get_all_tables: Optional[str] = None,
groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
internet_service6_negate: Optional[str] = None,
internet_service6_src: Optional[str] = None,
internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
internet_service6_src_negate: Optional[str] = None,
internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
internet_service_negate: Optional[str] = None,
internet_service_src: Optional[str] = None,
internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
internet_service_src_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
learning_mode: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat46: Optional[str] = None,
nat64: Optional[str] = None,
policyid: Optional[int] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
schedule: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
srcaddr6_negate: Optional[str] = None,
srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
ssh_filter_profile: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
url_category_unitary: Optional[str] = None,
users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
webfilter_profile: Optional[str] = None)
func NewSecuritypolicy(ctx *Context, name string, args *SecuritypolicyArgs, opts ...ResourceOption) (*Securitypolicy, error)
public Securitypolicy(string name, SecuritypolicyArgs? args = null, CustomResourceOptions? opts = null)
public Securitypolicy(String name, SecuritypolicyArgs args)
public Securitypolicy(String name, SecuritypolicyArgs args, CustomResourceOptions options)
type: fortios:firewall:Securitypolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecuritypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecuritypolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecuritypolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecuritypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecuritypolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securitypolicyResource = new Fortios.Firewall.Securitypolicy("securitypolicyResource", new()
{
Action = "string",
AppCategories = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyAppCategoryArgs
{
Id = 0,
},
},
AppGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyAppGroupArgs
{
Name = "string",
},
},
ApplicationList = "string",
Applications = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyApplicationArgs
{
Id = 0,
},
},
AvProfile = "string",
CasbProfile = "string",
CifsProfile = "string",
Comments = "string",
DiameterFilterProfile = "string",
DlpProfile = "string",
DlpSensor = "string",
DnsfilterProfile = "string",
Dstaddr4s = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstaddr4Args
{
Name = "string",
},
},
Dstaddr6Negate = "string",
Dstaddr6s = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstaddr6Args
{
Name = "string",
},
},
DstaddrNegate = "string",
Dstaddrs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
{
Name = "string",
},
},
Dstintfs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
{
Name = "string",
},
},
DynamicSortSubtable = "string",
EmailfilterProfile = "string",
EnforceDefaultAppPort = "string",
FileFilterProfile = "string",
FssoGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyFssoGroupArgs
{
Name = "string",
},
},
GetAllTables = "string",
Groups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyGroupArgs
{
Name = "string",
},
},
IcapProfile = "string",
InternetService = "string",
InternetService6 = "string",
InternetService6CustomGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroupArgs
{
Name = "string",
},
},
InternetService6Customs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomArgs
{
Name = "string",
},
},
InternetService6Groups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6GroupArgs
{
Name = "string",
},
},
InternetService6Names = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6NameArgs
{
Name = "string",
},
},
InternetService6Negate = "string",
InternetService6Src = "string",
InternetService6SrcCustomGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroupArgs
{
Name = "string",
},
},
InternetService6SrcCustoms = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomArgs
{
Name = "string",
},
},
InternetService6SrcGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroupArgs
{
Name = "string",
},
},
InternetService6SrcNames = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcNameArgs
{
Name = "string",
},
},
InternetService6SrcNegate = "string",
InternetServiceCustomGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroupArgs
{
Name = "string",
},
},
InternetServiceCustoms = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomArgs
{
Name = "string",
},
},
InternetServiceGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroupArgs
{
Name = "string",
},
},
InternetServiceIds = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceIdArgs
{
Id = 0,
},
},
InternetServiceNames = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceNameArgs
{
Name = "string",
},
},
InternetServiceNegate = "string",
InternetServiceSrc = "string",
InternetServiceSrcCustomGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroupArgs
{
Name = "string",
},
},
InternetServiceSrcCustoms = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomArgs
{
Name = "string",
},
},
InternetServiceSrcGroups = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroupArgs
{
Name = "string",
},
},
InternetServiceSrcIds = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcIdArgs
{
Id = 0,
},
},
InternetServiceSrcNames = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcNameArgs
{
Name = "string",
},
},
InternetServiceSrcNegate = "string",
IpsSensor = "string",
IpsVoipFilter = "string",
LearningMode = "string",
Logtraffic = "string",
LogtrafficStart = "string",
Name = "string",
Nat46 = "string",
Nat64 = "string",
Policyid = 0,
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
Schedule = "string",
SctpFilterProfile = "string",
SendDenyPacket = "string",
ServiceNegate = "string",
Services = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyServiceArgs
{
Name = "string",
},
},
Srcaddr4s = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcaddr4Args
{
Name = "string",
},
},
Srcaddr6Negate = "string",
Srcaddr6s = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcaddr6Args
{
Name = "string",
},
},
SrcaddrNegate = "string",
Srcaddrs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
{
Name = "string",
},
},
Srcintfs = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
{
Name = "string",
},
},
SshFilterProfile = "string",
SslSshProfile = "string",
Status = "string",
UrlCategories = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyUrlCategoryArgs
{
Id = 0,
},
},
UrlCategoryUnitary = "string",
Users = new[]
{
new Fortios.Firewall.Inputs.SecuritypolicyUserArgs
{
Name = "string",
},
},
Uuid = "string",
Vdomparam = "string",
VideofilterProfile = "string",
VirtualPatchProfile = "string",
VoipProfile = "string",
WebfilterProfile = "string",
});
example, err := firewall.NewSecuritypolicy(ctx, "securitypolicyResource", &firewall.SecuritypolicyArgs{
Action: pulumi.String("string"),
AppCategories: firewall.SecuritypolicyAppCategoryArray{
&firewall.SecuritypolicyAppCategoryArgs{
Id: pulumi.Int(0),
},
},
AppGroups: firewall.SecuritypolicyAppGroupArray{
&firewall.SecuritypolicyAppGroupArgs{
Name: pulumi.String("string"),
},
},
ApplicationList: pulumi.String("string"),
Applications: firewall.SecuritypolicyApplicationArray{
&firewall.SecuritypolicyApplicationArgs{
Id: pulumi.Int(0),
},
},
AvProfile: pulumi.String("string"),
CasbProfile: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
DiameterFilterProfile: pulumi.String("string"),
DlpProfile: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
DnsfilterProfile: pulumi.String("string"),
Dstaddr4s: firewall.SecuritypolicyDstaddr4Array{
&firewall.SecuritypolicyDstaddr4Args{
Name: pulumi.String("string"),
},
},
Dstaddr6Negate: pulumi.String("string"),
Dstaddr6s: firewall.SecuritypolicyDstaddr6Array{
&firewall.SecuritypolicyDstaddr6Args{
Name: pulumi.String("string"),
},
},
DstaddrNegate: pulumi.String("string"),
Dstaddrs: firewall.SecuritypolicyDstaddrArray{
&firewall.SecuritypolicyDstaddrArgs{
Name: pulumi.String("string"),
},
},
Dstintfs: firewall.SecuritypolicyDstintfArray{
&firewall.SecuritypolicyDstintfArgs{
Name: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
EmailfilterProfile: pulumi.String("string"),
EnforceDefaultAppPort: pulumi.String("string"),
FileFilterProfile: pulumi.String("string"),
FssoGroups: firewall.SecuritypolicyFssoGroupArray{
&firewall.SecuritypolicyFssoGroupArgs{
Name: pulumi.String("string"),
},
},
GetAllTables: pulumi.String("string"),
Groups: firewall.SecuritypolicyGroupArray{
&firewall.SecuritypolicyGroupArgs{
Name: pulumi.String("string"),
},
},
IcapProfile: pulumi.String("string"),
InternetService: pulumi.String("string"),
InternetService6: pulumi.String("string"),
InternetService6CustomGroups: firewall.SecuritypolicyInternetService6CustomGroupArray{
&firewall.SecuritypolicyInternetService6CustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6Customs: firewall.SecuritypolicyInternetService6CustomArray{
&firewall.SecuritypolicyInternetService6CustomArgs{
Name: pulumi.String("string"),
},
},
InternetService6Groups: firewall.SecuritypolicyInternetService6GroupArray{
&firewall.SecuritypolicyInternetService6GroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6Names: firewall.SecuritypolicyInternetService6NameArray{
&firewall.SecuritypolicyInternetService6NameArgs{
Name: pulumi.String("string"),
},
},
InternetService6Negate: pulumi.String("string"),
InternetService6Src: pulumi.String("string"),
InternetService6SrcCustomGroups: firewall.SecuritypolicyInternetService6SrcCustomGroupArray{
&firewall.SecuritypolicyInternetService6SrcCustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6SrcCustoms: firewall.SecuritypolicyInternetService6SrcCustomArray{
&firewall.SecuritypolicyInternetService6SrcCustomArgs{
Name: pulumi.String("string"),
},
},
InternetService6SrcGroups: firewall.SecuritypolicyInternetService6SrcGroupArray{
&firewall.SecuritypolicyInternetService6SrcGroupArgs{
Name: pulumi.String("string"),
},
},
InternetService6SrcNames: firewall.SecuritypolicyInternetService6SrcNameArray{
&firewall.SecuritypolicyInternetService6SrcNameArgs{
Name: pulumi.String("string"),
},
},
InternetService6SrcNegate: pulumi.String("string"),
InternetServiceCustomGroups: firewall.SecuritypolicyInternetServiceCustomGroupArray{
&firewall.SecuritypolicyInternetServiceCustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceCustoms: firewall.SecuritypolicyInternetServiceCustomArray{
&firewall.SecuritypolicyInternetServiceCustomArgs{
Name: pulumi.String("string"),
},
},
InternetServiceGroups: firewall.SecuritypolicyInternetServiceGroupArray{
&firewall.SecuritypolicyInternetServiceGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceIds: firewall.SecuritypolicyInternetServiceIdArray{
&firewall.SecuritypolicyInternetServiceIdArgs{
Id: pulumi.Int(0),
},
},
InternetServiceNames: firewall.SecuritypolicyInternetServiceNameArray{
&firewall.SecuritypolicyInternetServiceNameArgs{
Name: pulumi.String("string"),
},
},
InternetServiceNegate: pulumi.String("string"),
InternetServiceSrc: pulumi.String("string"),
InternetServiceSrcCustomGroups: firewall.SecuritypolicyInternetServiceSrcCustomGroupArray{
&firewall.SecuritypolicyInternetServiceSrcCustomGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceSrcCustoms: firewall.SecuritypolicyInternetServiceSrcCustomArray{
&firewall.SecuritypolicyInternetServiceSrcCustomArgs{
Name: pulumi.String("string"),
},
},
InternetServiceSrcGroups: firewall.SecuritypolicyInternetServiceSrcGroupArray{
&firewall.SecuritypolicyInternetServiceSrcGroupArgs{
Name: pulumi.String("string"),
},
},
InternetServiceSrcIds: firewall.SecuritypolicyInternetServiceSrcIdArray{
&firewall.SecuritypolicyInternetServiceSrcIdArgs{
Id: pulumi.Int(0),
},
},
InternetServiceSrcNames: firewall.SecuritypolicyInternetServiceSrcNameArray{
&firewall.SecuritypolicyInternetServiceSrcNameArgs{
Name: pulumi.String("string"),
},
},
InternetServiceSrcNegate: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
IpsVoipFilter: pulumi.String("string"),
LearningMode: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
Name: pulumi.String("string"),
Nat46: pulumi.String("string"),
Nat64: pulumi.String("string"),
Policyid: pulumi.Int(0),
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
Schedule: pulumi.String("string"),
SctpFilterProfile: pulumi.String("string"),
SendDenyPacket: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
Services: firewall.SecuritypolicyServiceArray{
&firewall.SecuritypolicyServiceArgs{
Name: pulumi.String("string"),
},
},
Srcaddr4s: firewall.SecuritypolicySrcaddr4Array{
&firewall.SecuritypolicySrcaddr4Args{
Name: pulumi.String("string"),
},
},
Srcaddr6Negate: pulumi.String("string"),
Srcaddr6s: firewall.SecuritypolicySrcaddr6Array{
&firewall.SecuritypolicySrcaddr6Args{
Name: pulumi.String("string"),
},
},
SrcaddrNegate: pulumi.String("string"),
Srcaddrs: firewall.SecuritypolicySrcaddrArray{
&firewall.SecuritypolicySrcaddrArgs{
Name: pulumi.String("string"),
},
},
Srcintfs: firewall.SecuritypolicySrcintfArray{
&firewall.SecuritypolicySrcintfArgs{
Name: pulumi.String("string"),
},
},
SshFilterProfile: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
UrlCategories: firewall.SecuritypolicyUrlCategoryArray{
&firewall.SecuritypolicyUrlCategoryArgs{
Id: pulumi.Int(0),
},
},
UrlCategoryUnitary: pulumi.String("string"),
Users: firewall.SecuritypolicyUserArray{
&firewall.SecuritypolicyUserArgs{
Name: pulumi.String("string"),
},
},
Uuid: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
VideofilterProfile: pulumi.String("string"),
VirtualPatchProfile: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
})
var securitypolicyResource = new Securitypolicy("securitypolicyResource", SecuritypolicyArgs.builder()
.action("string")
.appCategories(SecuritypolicyAppCategoryArgs.builder()
.id(0)
.build())
.appGroups(SecuritypolicyAppGroupArgs.builder()
.name("string")
.build())
.applicationList("string")
.applications(SecuritypolicyApplicationArgs.builder()
.id(0)
.build())
.avProfile("string")
.casbProfile("string")
.cifsProfile("string")
.comments("string")
.diameterFilterProfile("string")
.dlpProfile("string")
.dlpSensor("string")
.dnsfilterProfile("string")
.dstaddr4s(SecuritypolicyDstaddr4Args.builder()
.name("string")
.build())
.dstaddr6Negate("string")
.dstaddr6s(SecuritypolicyDstaddr6Args.builder()
.name("string")
.build())
.dstaddrNegate("string")
.dstaddrs(SecuritypolicyDstaddrArgs.builder()
.name("string")
.build())
.dstintfs(SecuritypolicyDstintfArgs.builder()
.name("string")
.build())
.dynamicSortSubtable("string")
.emailfilterProfile("string")
.enforceDefaultAppPort("string")
.fileFilterProfile("string")
.fssoGroups(SecuritypolicyFssoGroupArgs.builder()
.name("string")
.build())
.getAllTables("string")
.groups(SecuritypolicyGroupArgs.builder()
.name("string")
.build())
.icapProfile("string")
.internetService("string")
.internetService6("string")
.internetService6CustomGroups(SecuritypolicyInternetService6CustomGroupArgs.builder()
.name("string")
.build())
.internetService6Customs(SecuritypolicyInternetService6CustomArgs.builder()
.name("string")
.build())
.internetService6Groups(SecuritypolicyInternetService6GroupArgs.builder()
.name("string")
.build())
.internetService6Names(SecuritypolicyInternetService6NameArgs.builder()
.name("string")
.build())
.internetService6Negate("string")
.internetService6Src("string")
.internetService6SrcCustomGroups(SecuritypolicyInternetService6SrcCustomGroupArgs.builder()
.name("string")
.build())
.internetService6SrcCustoms(SecuritypolicyInternetService6SrcCustomArgs.builder()
.name("string")
.build())
.internetService6SrcGroups(SecuritypolicyInternetService6SrcGroupArgs.builder()
.name("string")
.build())
.internetService6SrcNames(SecuritypolicyInternetService6SrcNameArgs.builder()
.name("string")
.build())
.internetService6SrcNegate("string")
.internetServiceCustomGroups(SecuritypolicyInternetServiceCustomGroupArgs.builder()
.name("string")
.build())
.internetServiceCustoms(SecuritypolicyInternetServiceCustomArgs.builder()
.name("string")
.build())
.internetServiceGroups(SecuritypolicyInternetServiceGroupArgs.builder()
.name("string")
.build())
.internetServiceIds(SecuritypolicyInternetServiceIdArgs.builder()
.id(0)
.build())
.internetServiceNames(SecuritypolicyInternetServiceNameArgs.builder()
.name("string")
.build())
.internetServiceNegate("string")
.internetServiceSrc("string")
.internetServiceSrcCustomGroups(SecuritypolicyInternetServiceSrcCustomGroupArgs.builder()
.name("string")
.build())
.internetServiceSrcCustoms(SecuritypolicyInternetServiceSrcCustomArgs.builder()
.name("string")
.build())
.internetServiceSrcGroups(SecuritypolicyInternetServiceSrcGroupArgs.builder()
.name("string")
.build())
.internetServiceSrcIds(SecuritypolicyInternetServiceSrcIdArgs.builder()
.id(0)
.build())
.internetServiceSrcNames(SecuritypolicyInternetServiceSrcNameArgs.builder()
.name("string")
.build())
.internetServiceSrcNegate("string")
.ipsSensor("string")
.ipsVoipFilter("string")
.learningMode("string")
.logtraffic("string")
.logtrafficStart("string")
.name("string")
.nat46("string")
.nat64("string")
.policyid(0)
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.schedule("string")
.sctpFilterProfile("string")
.sendDenyPacket("string")
.serviceNegate("string")
.services(SecuritypolicyServiceArgs.builder()
.name("string")
.build())
.srcaddr4s(SecuritypolicySrcaddr4Args.builder()
.name("string")
.build())
.srcaddr6Negate("string")
.srcaddr6s(SecuritypolicySrcaddr6Args.builder()
.name("string")
.build())
.srcaddrNegate("string")
.srcaddrs(SecuritypolicySrcaddrArgs.builder()
.name("string")
.build())
.srcintfs(SecuritypolicySrcintfArgs.builder()
.name("string")
.build())
.sshFilterProfile("string")
.sslSshProfile("string")
.status("string")
.urlCategories(SecuritypolicyUrlCategoryArgs.builder()
.id(0)
.build())
.urlCategoryUnitary("string")
.users(SecuritypolicyUserArgs.builder()
.name("string")
.build())
.uuid("string")
.vdomparam("string")
.videofilterProfile("string")
.virtualPatchProfile("string")
.voipProfile("string")
.webfilterProfile("string")
.build());
securitypolicy_resource = fortios.firewall.Securitypolicy("securitypolicyResource",
action="string",
app_categories=[{
"id": 0,
}],
app_groups=[{
"name": "string",
}],
application_list="string",
applications=[{
"id": 0,
}],
av_profile="string",
casb_profile="string",
cifs_profile="string",
comments="string",
diameter_filter_profile="string",
dlp_profile="string",
dlp_sensor="string",
dnsfilter_profile="string",
dstaddr4s=[{
"name": "string",
}],
dstaddr6_negate="string",
dstaddr6s=[{
"name": "string",
}],
dstaddr_negate="string",
dstaddrs=[{
"name": "string",
}],
dstintfs=[{
"name": "string",
}],
dynamic_sort_subtable="string",
emailfilter_profile="string",
enforce_default_app_port="string",
file_filter_profile="string",
fsso_groups=[{
"name": "string",
}],
get_all_tables="string",
groups=[{
"name": "string",
}],
icap_profile="string",
internet_service="string",
internet_service6="string",
internet_service6_custom_groups=[{
"name": "string",
}],
internet_service6_customs=[{
"name": "string",
}],
internet_service6_groups=[{
"name": "string",
}],
internet_service6_names=[{
"name": "string",
}],
internet_service6_negate="string",
internet_service6_src="string",
internet_service6_src_custom_groups=[{
"name": "string",
}],
internet_service6_src_customs=[{
"name": "string",
}],
internet_service6_src_groups=[{
"name": "string",
}],
internet_service6_src_names=[{
"name": "string",
}],
internet_service6_src_negate="string",
internet_service_custom_groups=[{
"name": "string",
}],
internet_service_customs=[{
"name": "string",
}],
internet_service_groups=[{
"name": "string",
}],
internet_service_ids=[{
"id": 0,
}],
internet_service_names=[{
"name": "string",
}],
internet_service_negate="string",
internet_service_src="string",
internet_service_src_custom_groups=[{
"name": "string",
}],
internet_service_src_customs=[{
"name": "string",
}],
internet_service_src_groups=[{
"name": "string",
}],
internet_service_src_ids=[{
"id": 0,
}],
internet_service_src_names=[{
"name": "string",
}],
internet_service_src_negate="string",
ips_sensor="string",
ips_voip_filter="string",
learning_mode="string",
logtraffic="string",
logtraffic_start="string",
name="string",
nat46="string",
nat64="string",
policyid=0,
profile_group="string",
profile_protocol_options="string",
profile_type="string",
schedule="string",
sctp_filter_profile="string",
send_deny_packet="string",
service_negate="string",
services=[{
"name": "string",
}],
srcaddr4s=[{
"name": "string",
}],
srcaddr6_negate="string",
srcaddr6s=[{
"name": "string",
}],
srcaddr_negate="string",
srcaddrs=[{
"name": "string",
}],
srcintfs=[{
"name": "string",
}],
ssh_filter_profile="string",
ssl_ssh_profile="string",
status="string",
url_categories=[{
"id": 0,
}],
url_category_unitary="string",
users=[{
"name": "string",
}],
uuid="string",
vdomparam="string",
videofilter_profile="string",
virtual_patch_profile="string",
voip_profile="string",
webfilter_profile="string")
const securitypolicyResource = new fortios.firewall.Securitypolicy("securitypolicyResource", {
action: "string",
appCategories: [{
id: 0,
}],
appGroups: [{
name: "string",
}],
applicationList: "string",
applications: [{
id: 0,
}],
avProfile: "string",
casbProfile: "string",
cifsProfile: "string",
comments: "string",
diameterFilterProfile: "string",
dlpProfile: "string",
dlpSensor: "string",
dnsfilterProfile: "string",
dstaddr4s: [{
name: "string",
}],
dstaddr6Negate: "string",
dstaddr6s: [{
name: "string",
}],
dstaddrNegate: "string",
dstaddrs: [{
name: "string",
}],
dstintfs: [{
name: "string",
}],
dynamicSortSubtable: "string",
emailfilterProfile: "string",
enforceDefaultAppPort: "string",
fileFilterProfile: "string",
fssoGroups: [{
name: "string",
}],
getAllTables: "string",
groups: [{
name: "string",
}],
icapProfile: "string",
internetService: "string",
internetService6: "string",
internetService6CustomGroups: [{
name: "string",
}],
internetService6Customs: [{
name: "string",
}],
internetService6Groups: [{
name: "string",
}],
internetService6Names: [{
name: "string",
}],
internetService6Negate: "string",
internetService6Src: "string",
internetService6SrcCustomGroups: [{
name: "string",
}],
internetService6SrcCustoms: [{
name: "string",
}],
internetService6SrcGroups: [{
name: "string",
}],
internetService6SrcNames: [{
name: "string",
}],
internetService6SrcNegate: "string",
internetServiceCustomGroups: [{
name: "string",
}],
internetServiceCustoms: [{
name: "string",
}],
internetServiceGroups: [{
name: "string",
}],
internetServiceIds: [{
id: 0,
}],
internetServiceNames: [{
name: "string",
}],
internetServiceNegate: "string",
internetServiceSrc: "string",
internetServiceSrcCustomGroups: [{
name: "string",
}],
internetServiceSrcCustoms: [{
name: "string",
}],
internetServiceSrcGroups: [{
name: "string",
}],
internetServiceSrcIds: [{
id: 0,
}],
internetServiceSrcNames: [{
name: "string",
}],
internetServiceSrcNegate: "string",
ipsSensor: "string",
ipsVoipFilter: "string",
learningMode: "string",
logtraffic: "string",
logtrafficStart: "string",
name: "string",
nat46: "string",
nat64: "string",
policyid: 0,
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
schedule: "string",
sctpFilterProfile: "string",
sendDenyPacket: "string",
serviceNegate: "string",
services: [{
name: "string",
}],
srcaddr4s: [{
name: "string",
}],
srcaddr6Negate: "string",
srcaddr6s: [{
name: "string",
}],
srcaddrNegate: "string",
srcaddrs: [{
name: "string",
}],
srcintfs: [{
name: "string",
}],
sshFilterProfile: "string",
sslSshProfile: "string",
status: "string",
urlCategories: [{
id: 0,
}],
urlCategoryUnitary: "string",
users: [{
name: "string",
}],
uuid: "string",
vdomparam: "string",
videofilterProfile: "string",
virtualPatchProfile: "string",
voipProfile: "string",
webfilterProfile: "string",
});
type: fortios:firewall:Securitypolicy
properties:
action: string
appCategories:
- id: 0
appGroups:
- name: string
applicationList: string
applications:
- id: 0
avProfile: string
casbProfile: string
cifsProfile: string
comments: string
diameterFilterProfile: string
dlpProfile: string
dlpSensor: string
dnsfilterProfile: string
dstaddr4s:
- name: string
dstaddr6Negate: string
dstaddr6s:
- name: string
dstaddrNegate: string
dstaddrs:
- name: string
dstintfs:
- name: string
dynamicSortSubtable: string
emailfilterProfile: string
enforceDefaultAppPort: string
fileFilterProfile: string
fssoGroups:
- name: string
getAllTables: string
groups:
- name: string
icapProfile: string
internetService: string
internetService6: string
internetService6CustomGroups:
- name: string
internetService6Customs:
- name: string
internetService6Groups:
- name: string
internetService6Names:
- name: string
internetService6Negate: string
internetService6Src: string
internetService6SrcCustomGroups:
- name: string
internetService6SrcCustoms:
- name: string
internetService6SrcGroups:
- name: string
internetService6SrcNames:
- name: string
internetService6SrcNegate: string
internetServiceCustomGroups:
- name: string
internetServiceCustoms:
- name: string
internetServiceGroups:
- name: string
internetServiceIds:
- id: 0
internetServiceNames:
- name: string
internetServiceNegate: string
internetServiceSrc: string
internetServiceSrcCustomGroups:
- name: string
internetServiceSrcCustoms:
- name: string
internetServiceSrcGroups:
- name: string
internetServiceSrcIds:
- id: 0
internetServiceSrcNames:
- name: string
internetServiceSrcNegate: string
ipsSensor: string
ipsVoipFilter: string
learningMode: string
logtraffic: string
logtrafficStart: string
name: string
nat46: string
nat64: string
policyid: 0
profileGroup: string
profileProtocolOptions: string
profileType: string
schedule: string
sctpFilterProfile: string
sendDenyPacket: string
serviceNegate: string
services:
- name: string
srcaddr4s:
- name: string
srcaddr6Negate: string
srcaddr6s:
- name: string
srcaddrNegate: string
srcaddrs:
- name: string
srcintfs:
- name: string
sshFilterProfile: string
sslSshProfile: string
status: string
urlCategories:
- id: 0
urlCategoryUnitary: string
users:
- name: string
uuid: string
vdomparam: string
videofilterProfile: string
virtualPatchProfile: string
voipProfile: string
webfilterProfile: string
Securitypolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Securitypolicy resource accepts the following input properties:
- Action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - App
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy App Category> - Application category ID list. The structure of
app_category
block is documented below. - App
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy App Group> - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Application> - Application ID list. The structure of
application
block is documented below. - Av
Profile string - Name of an existing Antivirus profile.
- Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr4> - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - Dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr6> - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr> - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - File
Filter stringProfile - Name of an existing file-filter profile.
- Fsso
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Fsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - Internet
Service6Custom List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Custom Group> - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Custom> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Group> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Name> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service6Src List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Custom Group> - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - Internet
Service6Src List<Pulumiverse.Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Custom> - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - Internet
Service6Src List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Group> - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - Internet
Service6Src List<Pulumiverse.Names Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Name> - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - Internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service List<Pulumiverse.Ids Fortios. Firewall. Inputs. Securitypolicy Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service List<Pulumiverse.Names Fortios. Firewall. Inputs. Securitypolicy Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Src Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Custom Group> - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Src Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Custom> - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - Internet
Service List<Pulumiverse.Src Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Group> - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - Internet
Service List<Pulumiverse.Src Ids Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Id> - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - Internet
Service List<Pulumiverse.Src Names Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Name> - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - Nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - Policyid int
- Policy ID.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Schedule string
- Schedule name.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Service> - Service and service group names. The structure of
service
block is documented below. - Srcaddr4s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr4> - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - Srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr6> - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr> - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Url
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Url Category> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - Url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP (voipd) profile.
- Webfilter
Profile string - Name of an existing Web filter profile.
- Action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - App
Categories []SecuritypolicyApp Category Args - Application category ID list. The structure of
app_category
block is documented below. - App
Groups []SecuritypolicyApp Group Args - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
[]Securitypolicy
Application Args - Application ID list. The structure of
application
block is documented below. - Av
Profile string - Name of an existing Antivirus profile.
- Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4s
[]Securitypolicy
Dstaddr4Args - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - Dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddr6s
[]Securitypolicy
Dstaddr6Args - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
[]Securitypolicy
Dstaddr Args - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
[]Securitypolicy
Dstintf Args - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - File
Filter stringProfile - Name of an existing file-filter profile.
- Fsso
Groups []SecuritypolicyFsso Group Args - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Groups
[]Securitypolicy
Group Args - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - Internet
Service6Custom []SecuritypolicyGroups Internet Service6Custom Group Args - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs []SecuritypolicyInternet Service6Custom Args - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups []SecuritypolicyInternet Service6Group Args - Internet Service group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names []SecuritypolicyInternet Service6Name Args - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service6Src []SecuritypolicyCustom Groups Internet Service6Src Custom Group Args - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - Internet
Service6Src []SecuritypolicyCustoms Internet Service6Src Custom Args - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - Internet
Service6Src []SecuritypolicyGroups Internet Service6Src Group Args - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - Internet
Service6Src []SecuritypolicyNames Internet Service6Src Name Args - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - Internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service []SecuritypolicyCustom Groups Internet Service Custom Group Args - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service []SecuritypolicyCustoms Internet Service Custom Args - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service []SecuritypolicyGroups Internet Service Group Args - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service []SecuritypolicyIds Internet Service Id Args - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service []SecuritypolicyNames Internet Service Name Args - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service []SecuritypolicySrc Custom Groups Internet Service Src Custom Group Args - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - Internet
Service []SecuritypolicySrc Customs Internet Service Src Custom Args - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - Internet
Service []SecuritypolicySrc Groups Internet Service Src Group Args - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - Internet
Service []SecuritypolicySrc Ids Internet Service Src Id Args - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - Internet
Service []SecuritypolicySrc Names Internet Service Src Name Args - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - Nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - Policyid int
- Policy ID.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Schedule string
- Schedule name.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
[]Securitypolicy
Service Args - Service and service group names. The structure of
service
block is documented below. - Srcaddr4s
[]Securitypolicy
Srcaddr4Args - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - Srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddr6s
[]Securitypolicy
Srcaddr6Args - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
[]Securitypolicy
Srcaddr Args - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
[]Securitypolicy
Srcintf Args - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Url
Categories []SecuritypolicyUrl Category Args - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - Url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - Users
[]Securitypolicy
User Args - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP (voipd) profile.
- Webfilter
Profile string - Name of an existing Web filter profile.
- action String
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories List<SecuritypolicyApp Category> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<SecuritypolicyApp Group> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications
List<Securitypolicy
Application> - Application ID list. The structure of
application
block is documented below. - av
Profile String - Name of an existing Antivirus profile.
- casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4s
List<Securitypolicy
Dstaddr4> - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate String
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
List<Securitypolicy
Dstaddr6> - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
List<Securitypolicy
Dstaddr> - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
List<Securitypolicy
Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- enforce
Default StringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter StringProfile - Name of an existing file-filter profile.
- fsso
Groups List<SecuritypolicyFsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
List<Securitypolicy
Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<SecuritypolicyGroups Internet Service6Custom Group> - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<SecuritypolicyInternet Service6Custom> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<SecuritypolicyInternet Service6Group> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<SecuritypolicyInternet Service6Name> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src String - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src List<SecuritypolicyCustom Groups Internet Service6Src Custom Group> - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src List<SecuritypolicyCustoms Internet Service6Src Custom> - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src List<SecuritypolicyGroups Internet Service6Src Group> - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src List<SecuritypolicyNames Internet Service6Src Name> - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src StringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service List<SecuritypolicyCustom Groups Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<SecuritypolicyCustoms Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<SecuritypolicyGroups Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<SecuritypolicyIds Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<SecuritypolicyNames Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service List<SecuritypolicySrc Custom Groups Internet Service Src Custom Group> - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service List<SecuritypolicySrc Customs Internet Service Src Custom> - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service List<SecuritypolicySrc Groups Internet Service Src Group> - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service List<SecuritypolicySrc Ids Internet Service Src Id> - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service List<SecuritypolicySrc Names Internet Service Src Name> - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode String - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat46 String
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 String
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid Integer
- Policy ID.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule String
- Schedule name.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- send
Deny StringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
List<Securitypolicy
Service> - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
List<Securitypolicy
Srcaddr4> - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate String
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
List<Securitypolicy
Srcaddr6> - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
List<Securitypolicy
Srcaddr> - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
List<Securitypolicy
Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories List<SecuritypolicyUrl Category> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category StringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
List<Securitypolicy
User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP (voipd) profile.
- webfilter
Profile String - Name of an existing Web filter profile.
- action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories SecuritypolicyApp Category[] - Application category ID list. The structure of
app_category
block is documented below. - app
Groups SecuritypolicyApp Group[] - Application group names. The structure of
app_group
block is documented below. - application
List string - Name of an existing Application list.
- applications
Securitypolicy
Application[] - Application ID list. The structure of
application
block is documented below. - av
Profile string - Name of an existing Antivirus profile.
- casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dstaddr4s
Securitypolicy
Dstaddr4[] - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
Securitypolicy
Dstaddr6[] - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
Securitypolicy
Dstaddr[] - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Securitypolicy
Dstintf[] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter stringProfile - Name of an existing file-filter profile.
- fsso
Groups SecuritypolicyFsso Group[] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
Securitypolicy
Group[] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom SecuritypolicyGroups Internet Service6Custom Group[] - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs SecuritypolicyInternet Service6Custom[] - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups SecuritypolicyInternet Service6Group[] - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names SecuritypolicyInternet Service6Name[] - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src SecuritypolicyCustom Groups Internet Service6Src Custom Group[] - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src SecuritypolicyCustoms Internet Service6Src Custom[] - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src SecuritypolicyGroups Internet Service6Src Group[] - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src SecuritypolicyNames Internet Service6Src Name[] - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service SecuritypolicyCustom Groups Internet Service Custom Group[] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service SecuritypolicyCustoms Internet Service Custom[] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service SecuritypolicyGroups Internet Service Group[] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service SecuritypolicyIds Internet Service Id[] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service SecuritypolicyNames Internet Service Name[] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service SecuritypolicySrc Custom Groups Internet Service Src Custom Group[] - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service SecuritypolicySrc Customs Internet Service Src Custom[] - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service SecuritypolicySrc Groups Internet Service Src Group[] - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service SecuritypolicySrc Ids Internet Service Src Id[] - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service SecuritypolicySrc Names Internet Service Src Name[] - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - name string
- Policy name.
- nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid number
- Policy ID.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule string
- Schedule name.
- sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Securitypolicy
Service[] - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
Securitypolicy
Srcaddr4[] - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
Securitypolicy
Srcaddr6[] - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
Securitypolicy
Srcaddr[] - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Securitypolicy
Srcintf[] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories SecuritypolicyUrl Category[] - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
Securitypolicy
User[] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- voip
Profile string - Name of an existing VoIP (voipd) profile.
- webfilter
Profile string - Name of an existing Web filter profile.
- action str
- Policy action (accept/deny). Valid values:
accept
,deny
. - app_
categories Sequence[SecuritypolicyApp Category Args] - Application category ID list. The structure of
app_category
block is documented below. - app_
groups Sequence[SecuritypolicyApp Group Args] - Application group names. The structure of
app_group
block is documented below. - application_
list str - Name of an existing Application list.
- applications
Sequence[Securitypolicy
Application Args] - Application ID list. The structure of
application
block is documented below. - av_
profile str - Name of an existing Antivirus profile.
- casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dstaddr4s
Sequence[Securitypolicy
Dstaddr4Args] - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6_
negate str - When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
Sequence[Securitypolicy
Dstaddr6Args] - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr_
negate str - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
Sequence[Securitypolicy
Dstaddr Args] - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Sequence[Securitypolicy
Dstintf Args] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- enforce_
default_ strapp_ port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file_
filter_ strprofile - Name of an existing file-filter profile.
- fsso_
groups Sequence[SecuritypolicyFsso Group Args] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
Sequence[Securitypolicy
Group Args] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet_
service6 str - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Securitypolicycustom_ groups Internet Service6Custom Group Args] - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet_
service6_ Sequence[Securitypolicycustoms Internet Service6Custom Args] - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet_
service6_ Sequence[Securitypolicygroups Internet Service6Group Args] - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet_
service6_ Sequence[Securitypolicynames Internet Service6Name Args] - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet_
service6_ strnegate - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service6_ strsrc - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Securitypolicysrc_ custom_ groups Internet Service6Src Custom Group Args] - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ customs Internet Service6Src Custom Args] - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ groups Internet Service6Src Group Args] - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ names Internet Service6Src Name Args] - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet_
service6_ strsrc_ negate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service_ Sequence[Securitypolicycustom_ groups Internet Service Custom Group Args] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet_
service_ Sequence[Securitypolicycustoms Internet Service Custom Args] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet_
service_ Sequence[Securitypolicygroups Internet Service Group Args] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet_
service_ Sequence[Securitypolicyids Internet Service Id Args] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet_
service_ Sequence[Securitypolicynames Internet Service Name Args] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet_
service_ strnegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service_ strsrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet_
service_ Sequence[Securitypolicysrc_ custom_ groups Internet Service Src Custom Group Args] - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ customs Internet Service Src Custom Args] - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ groups Internet Service Src Group Args] - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ ids Internet Service Src Id Args] - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ names Internet Service Src Name Args] - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet_
service_ strsrc_ negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- learning_
mode str - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Record logs when a session starts. Valid values:
enable
,disable
. - name str
- Policy name.
- nat46 str
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 str
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid int
- Policy ID.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule str
- Schedule name.
- sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- send_
deny_ strpacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Sequence[Securitypolicy
Service Args] - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
Sequence[Securitypolicy
Srcaddr4Args] - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6_
negate str - When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
Sequence[Securitypolicy
Srcaddr6Args] - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr_
negate str - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
Sequence[Securitypolicy
Srcaddr Args] - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Securitypolicy
Srcintf Args] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
enable
,disable
. - url_
categories Sequence[SecuritypolicyUrl Category Args] - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url_
category_ strunitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
Sequence[Securitypolicy
User Args] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Name of an existing virtual-patch profile.
- voip_
profile str - Name of an existing VoIP (voipd) profile.
- webfilter_
profile str - Name of an existing Web filter profile.
- action String
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories List<Property Map> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Property Map> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of
application
block is documented below. - av
Profile String - Name of an existing Antivirus profile.
- casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4s List<Property Map>
- Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate String
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s List<Property Map>
- Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs List<Property Map>
- Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- enforce
Default StringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter StringProfile - Name of an existing file-filter profile.
- fsso
Groups List<Property Map> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<Property Map>Groups - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<Property Map> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<Property Map> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<Property Map> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src String - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src List<Property Map>Custom Groups - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src List<Property Map>Customs - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src List<Property Map>Groups - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src List<Property Map>Names - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src StringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service List<Property Map>Custom Groups - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<Property Map>Customs - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<Property Map>Groups - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<Property Map>Ids - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<Property Map>Names - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service List<Property Map>Src Custom Groups - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service List<Property Map>Src Customs - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service List<Property Map>Src Groups - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service List<Property Map>Src Ids - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service List<Property Map>Src Names - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode String - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat46 String
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 String
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid Number
- Policy ID.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule String
- Schedule name.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- send
Deny StringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Property Map>
- Service and service group names. The structure of
service
block is documented below. - srcaddr4s List<Property Map>
- Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate String
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s List<Property Map>
- Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs List<Property Map>
- Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories List<Property Map> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category StringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP (voipd) profile.
- webfilter
Profile String - Name of an existing Web filter profile.
Outputs
All input properties are implicitly available as output properties. Additionally, the Securitypolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Securitypolicy Resource
Get an existing Securitypolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecuritypolicyState, opts?: CustomResourceOptions): Securitypolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
av_profile: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
dstaddr6_negate: Optional[str] = None,
dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
enforce_default_app_port: Optional[str] = None,
file_filter_profile: Optional[str] = None,
fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
get_all_tables: Optional[str] = None,
groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
internet_service6_negate: Optional[str] = None,
internet_service6_src: Optional[str] = None,
internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
internet_service6_src_negate: Optional[str] = None,
internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
internet_service_negate: Optional[str] = None,
internet_service_src: Optional[str] = None,
internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
internet_service_src_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
learning_mode: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat46: Optional[str] = None,
nat64: Optional[str] = None,
policyid: Optional[int] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
schedule: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
srcaddr6_negate: Optional[str] = None,
srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
ssh_filter_profile: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
url_category_unitary: Optional[str] = None,
users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
webfilter_profile: Optional[str] = None) -> Securitypolicy
func GetSecuritypolicy(ctx *Context, name string, id IDInput, state *SecuritypolicyState, opts ...ResourceOption) (*Securitypolicy, error)
public static Securitypolicy Get(string name, Input<string> id, SecuritypolicyState? state, CustomResourceOptions? opts = null)
public static Securitypolicy get(String name, Output<String> id, SecuritypolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - App
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy App Category> - Application category ID list. The structure of
app_category
block is documented below. - App
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy App Group> - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Application> - Application ID list. The structure of
application
block is documented below. - Av
Profile string - Name of an existing Antivirus profile.
- Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr4> - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - Dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr6> - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstaddr> - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - File
Filter stringProfile - Name of an existing file-filter profile.
- Fsso
Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Fsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Groups
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - Internet
Service6Custom List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Custom Group> - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Custom> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Group> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Internet Service6Name> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service6Src List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Custom Group> - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - Internet
Service6Src List<Pulumiverse.Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Custom> - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - Internet
Service6Src List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Group> - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - Internet
Service6Src List<Pulumiverse.Names Fortios. Firewall. Inputs. Securitypolicy Internet Service6Src Name> - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - Internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service List<Pulumiverse.Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service List<Pulumiverse.Ids Fortios. Firewall. Inputs. Securitypolicy Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service List<Pulumiverse.Names Fortios. Firewall. Inputs. Securitypolicy Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service List<Pulumiverse.Src Custom Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Custom Group> - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - Internet
Service List<Pulumiverse.Src Customs Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Custom> - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - Internet
Service List<Pulumiverse.Src Groups Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Group> - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - Internet
Service List<Pulumiverse.Src Ids Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Id> - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - Internet
Service List<Pulumiverse.Src Names Fortios. Firewall. Inputs. Securitypolicy Internet Service Src Name> - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - Nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - Policyid int
- Policy ID.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Schedule string
- Schedule name.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Service> - Service and service group names. The structure of
service
block is documented below. - Srcaddr4s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr4> - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - Srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddr6s
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr6> - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcaddr> - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Url
Categories List<Pulumiverse.Fortios. Firewall. Inputs. Securitypolicy Url Category> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - Url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - Users
List<Pulumiverse.
Fortios. Firewall. Inputs. Securitypolicy User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP (voipd) profile.
- Webfilter
Profile string - Name of an existing Web filter profile.
- Action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - App
Categories []SecuritypolicyApp Category Args - Application category ID list. The structure of
app_category
block is documented below. - App
Groups []SecuritypolicyApp Group Args - Application group names. The structure of
app_group
block is documented below. - Application
List string - Name of an existing Application list.
- Applications
[]Securitypolicy
Application Args - Application ID list. The structure of
application
block is documented below. - Av
Profile string - Name of an existing Antivirus profile.
- Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dstaddr4s
[]Securitypolicy
Dstaddr4Args - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - Dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddr6s
[]Securitypolicy
Dstaddr6Args - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - Dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - Dstaddrs
[]Securitypolicy
Dstaddr Args - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - Dstintfs
[]Securitypolicy
Dstintf Args - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Emailfilter
Profile string - Name of an existing email filter profile.
- Enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - File
Filter stringProfile - Name of an existing file-filter profile.
- Fsso
Groups []SecuritypolicyFsso Group Args - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Groups
[]Securitypolicy
Group Args - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - Internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - Internet
Service6Custom []SecuritypolicyGroups Internet Service6Custom Group Args - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - Internet
Service6Customs []SecuritypolicyInternet Service6Custom Args - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - Internet
Service6Groups []SecuritypolicyInternet Service6Group Args - Internet Service group name. The structure of
internet_service6_group
block is documented below. - Internet
Service6Names []SecuritypolicyInternet Service6Name Args - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - Internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service6Src []SecuritypolicyCustom Groups Internet Service6Src Custom Group Args - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - Internet
Service6Src []SecuritypolicyCustoms Internet Service6Src Custom Args - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - Internet
Service6Src []SecuritypolicyGroups Internet Service6Src Group Args - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - Internet
Service6Src []SecuritypolicyNames Internet Service6Src Name Args - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - Internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service []SecuritypolicyCustom Groups Internet Service Custom Group Args - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - Internet
Service []SecuritypolicyCustoms Internet Service Custom Args - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - Internet
Service []SecuritypolicyGroups Internet Service Group Args - Internet Service group name. The structure of
internet_service_group
block is documented below. - Internet
Service []SecuritypolicyIds Internet Service Id Args - Internet Service ID. The structure of
internet_service_id
block is documented below. - Internet
Service []SecuritypolicyNames Internet Service Name Args - Internet Service name. The structure of
internet_service_name
block is documented below. - Internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - Internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - Internet
Service []SecuritypolicySrc Custom Groups Internet Service Src Custom Group Args - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - Internet
Service []SecuritypolicySrc Customs Internet Service Src Custom Args - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - Internet
Service []SecuritypolicySrc Groups Internet Service Src Group Args - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - Internet
Service []SecuritypolicySrc Ids Internet Service Src Id Args - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - Internet
Service []SecuritypolicySrc Names Internet Service Src Name Args - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - Internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - Logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - Name string
- Policy name.
- Nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - Nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - Policyid int
- Policy ID.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - Schedule string
- Schedule name.
- Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - Services
[]Securitypolicy
Service Args - Service and service group names. The structure of
service
block is documented below. - Srcaddr4s
[]Securitypolicy
Srcaddr4Args - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - Srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddr6s
[]Securitypolicy
Srcaddr6Args - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - Srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - Srcaddrs
[]Securitypolicy
Srcaddr Args - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - Srcintfs
[]Securitypolicy
Srcintf Args - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values:
enable
,disable
. - Url
Categories []SecuritypolicyUrl Category Args - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - Url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - Users
[]Securitypolicy
User Args - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- Voip
Profile string - Name of an existing VoIP (voipd) profile.
- Webfilter
Profile string - Name of an existing Web filter profile.
- action String
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories List<SecuritypolicyApp Category> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<SecuritypolicyApp Group> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications
List<Securitypolicy
Application> - Application ID list. The structure of
application
block is documented below. - av
Profile String - Name of an existing Antivirus profile.
- casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4s
List<Securitypolicy
Dstaddr4> - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate String
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
List<Securitypolicy
Dstaddr6> - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
List<Securitypolicy
Dstaddr> - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
List<Securitypolicy
Dstintf> - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- enforce
Default StringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter StringProfile - Name of an existing file-filter profile.
- fsso
Groups List<SecuritypolicyFsso Group> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
List<Securitypolicy
Group> - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<SecuritypolicyGroups Internet Service6Custom Group> - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<SecuritypolicyInternet Service6Custom> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<SecuritypolicyInternet Service6Group> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<SecuritypolicyInternet Service6Name> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src String - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src List<SecuritypolicyCustom Groups Internet Service6Src Custom Group> - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src List<SecuritypolicyCustoms Internet Service6Src Custom> - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src List<SecuritypolicyGroups Internet Service6Src Group> - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src List<SecuritypolicyNames Internet Service6Src Name> - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src StringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service List<SecuritypolicyCustom Groups Internet Service Custom Group> - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<SecuritypolicyCustoms Internet Service Custom> - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<SecuritypolicyGroups Internet Service Group> - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<SecuritypolicyIds Internet Service Id> - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<SecuritypolicyNames Internet Service Name> - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service List<SecuritypolicySrc Custom Groups Internet Service Src Custom Group> - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service List<SecuritypolicySrc Customs Internet Service Src Custom> - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service List<SecuritypolicySrc Groups Internet Service Src Group> - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service List<SecuritypolicySrc Ids Internet Service Src Id> - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service List<SecuritypolicySrc Names Internet Service Src Name> - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode String - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat46 String
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 String
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid Integer
- Policy ID.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule String
- Schedule name.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- send
Deny StringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
List<Securitypolicy
Service> - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
List<Securitypolicy
Srcaddr4> - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate String
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
List<Securitypolicy
Srcaddr6> - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
List<Securitypolicy
Srcaddr> - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
List<Securitypolicy
Srcintf> - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories List<SecuritypolicyUrl Category> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category StringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
List<Securitypolicy
User> - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP (voipd) profile.
- webfilter
Profile String - Name of an existing Web filter profile.
- action string
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories SecuritypolicyApp Category[] - Application category ID list. The structure of
app_category
block is documented below. - app
Groups SecuritypolicyApp Group[] - Application group names. The structure of
app_group
block is documented below. - application
List string - Name of an existing Application list.
- applications
Securitypolicy
Application[] - Application ID list. The structure of
application
block is documented below. - av
Profile string - Name of an existing Antivirus profile.
- casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dstaddr4s
Securitypolicy
Dstaddr4[] - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate string
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
Securitypolicy
Dstaddr6[] - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate string - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
Securitypolicy
Dstaddr[] - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Securitypolicy
Dstintf[] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile string - Name of an existing email filter profile.
- enforce
Default stringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter stringProfile - Name of an existing file-filter profile.
- fsso
Groups SecuritypolicyFsso Group[] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
Securitypolicy
Group[] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 string - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom SecuritypolicyGroups Internet Service6Custom Group[] - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs SecuritypolicyInternet Service6Custom[] - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups SecuritypolicyInternet Service6Group[] - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names SecuritypolicyInternet Service6Name[] - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate string - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src string - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src SecuritypolicyCustom Groups Internet Service6Src Custom Group[] - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src SecuritypolicyCustoms Internet Service6Src Custom[] - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src SecuritypolicyGroups Internet Service6Src Group[] - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src SecuritypolicyNames Internet Service6Src Name[] - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src stringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service SecuritypolicyCustom Groups Internet Service Custom Group[] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service SecuritypolicyCustoms Internet Service Custom[] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service SecuritypolicyGroups Internet Service Group[] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service SecuritypolicyIds Internet Service Id[] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service SecuritypolicyNames Internet Service Name[] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service stringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service stringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service SecuritypolicySrc Custom Groups Internet Service Src Custom Group[] - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service SecuritypolicySrc Customs Internet Service Src Custom[] - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service SecuritypolicySrc Groups Internet Service Src Group[] - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service SecuritypolicySrc Ids Internet Service Src Id[] - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service SecuritypolicySrc Names Internet Service Src Name[] - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service stringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode string - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start string - Record logs when a session starts. Valid values:
enable
,disable
. - name string
- Policy name.
- nat46 string
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 string
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid number
- Policy ID.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule string
- Schedule name.
- sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- send
Deny stringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Securitypolicy
Service[] - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
Securitypolicy
Srcaddr4[] - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate string
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
Securitypolicy
Srcaddr6[] - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate string - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
Securitypolicy
Srcaddr[] - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Securitypolicy
Srcintf[] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories SecuritypolicyUrl Category[] - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category stringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
Securitypolicy
User[] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Name of an existing virtual-patch profile.
- voip
Profile string - Name of an existing VoIP (voipd) profile.
- webfilter
Profile string - Name of an existing Web filter profile.
- action str
- Policy action (accept/deny). Valid values:
accept
,deny
. - app_
categories Sequence[SecuritypolicyApp Category Args] - Application category ID list. The structure of
app_category
block is documented below. - app_
groups Sequence[SecuritypolicyApp Group Args] - Application group names. The structure of
app_group
block is documented below. - application_
list str - Name of an existing Application list.
- applications
Sequence[Securitypolicy
Application Args] - Application ID list. The structure of
application
block is documented below. - av_
profile str - Name of an existing Antivirus profile.
- casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dstaddr4s
Sequence[Securitypolicy
Dstaddr4Args] - Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6_
negate str - When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s
Sequence[Securitypolicy
Dstaddr6Args] - Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr_
negate str - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs
Sequence[Securitypolicy
Dstaddr Args] - Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs
Sequence[Securitypolicy
Dstintf Args] - Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_
profile str - Name of an existing email filter profile.
- enforce_
default_ strapp_ port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file_
filter_ strprofile - Name of an existing file-filter profile.
- fsso_
groups Sequence[SecuritypolicyFsso Group Args] - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups
Sequence[Securitypolicy
Group Args] - Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet_
service6 str - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Securitypolicycustom_ groups Internet Service6Custom Group Args] - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet_
service6_ Sequence[Securitypolicycustoms Internet Service6Custom Args] - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet_
service6_ Sequence[Securitypolicygroups Internet Service6Group Args] - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet_
service6_ Sequence[Securitypolicynames Internet Service6Name Args] - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet_
service6_ strnegate - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service6_ strsrc - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet_
service6_ Sequence[Securitypolicysrc_ custom_ groups Internet Service6Src Custom Group Args] - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ customs Internet Service6Src Custom Args] - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ groups Internet Service6Src Group Args] - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet_
service6_ Sequence[Securitypolicysrc_ names Internet Service6Src Name Args] - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet_
service6_ strsrc_ negate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service_ Sequence[Securitypolicycustom_ groups Internet Service Custom Group Args] - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet_
service_ Sequence[Securitypolicycustoms Internet Service Custom Args] - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet_
service_ Sequence[Securitypolicygroups Internet Service Group Args] - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet_
service_ Sequence[Securitypolicyids Internet Service Id Args] - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet_
service_ Sequence[Securitypolicynames Internet Service Name Args] - Internet Service name. The structure of
internet_service_name
block is documented below. - internet_
service_ strnegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet_
service_ strsrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet_
service_ Sequence[Securitypolicysrc_ custom_ groups Internet Service Src Custom Group Args] - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ customs Internet Service Src Custom Args] - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ groups Internet Service Src Group Args] - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ ids Internet Service Src Id Args] - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet_
service_ Sequence[Securitypolicysrc_ names Internet Service Src Name Args] - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet_
service_ strsrc_ negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- learning_
mode str - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic_
start str - Record logs when a session starts. Valid values:
enable
,disable
. - name str
- Policy name.
- nat46 str
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 str
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid int
- Policy ID.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule str
- Schedule name.
- sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- send_
deny_ strpacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services
Sequence[Securitypolicy
Service Args] - Service and service group names. The structure of
service
block is documented below. - srcaddr4s
Sequence[Securitypolicy
Srcaddr4Args] - Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6_
negate str - When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s
Sequence[Securitypolicy
Srcaddr6Args] - Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr_
negate str - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs
Sequence[Securitypolicy
Srcaddr Args] - Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs
Sequence[Securitypolicy
Srcintf Args] - Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values:
enable
,disable
. - url_
categories Sequence[SecuritypolicyUrl Category Args] - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url_
category_ strunitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users
Sequence[Securitypolicy
User Args] - Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Name of an existing virtual-patch profile.
- voip_
profile str - Name of an existing VoIP (voipd) profile.
- webfilter_
profile str - Name of an existing Web filter profile.
- action String
- Policy action (accept/deny). Valid values:
accept
,deny
. - app
Categories List<Property Map> - Application category ID list. The structure of
app_category
block is documented below. - app
Groups List<Property Map> - Application group names. The structure of
app_group
block is documented below. - application
List String - Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of
application
block is documented below. - av
Profile String - Name of an existing Antivirus profile.
- casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dstaddr4s List<Property Map>
- Destination IPv4 address name and address group names. The structure of
dstaddr4
block is documented below. - dstaddr6Negate String
- When enabled dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddr6s List<Property Map>
- Destination IPv6 address name and address group names. The structure of
dstaddr6
block is documented below. - dstaddr
Negate String - When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values:
enable
,disable
. - dstaddrs List<Property Map>
- Destination IPv4 address name and address group names. The structure of
dstaddr
block is documented below. - dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of
dstintf
block is documented below. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter
Profile String - Name of an existing email filter profile.
- enforce
Default StringApp Port - Enable/disable default application port enforcement for allowed applications. Valid values:
enable
,disable
. - file
Filter StringProfile - Name of an existing file-filter profile.
- fsso
Groups List<Property Map> - Names of FSSO groups. The structure of
fsso_groups
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of
groups
block is documented below. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
enable
,disable
. - internet
Service6 String - Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values:
enable
,disable
. - internet
Service6Custom List<Property Map>Groups - Custom IPv6 Internet Service group name. The structure of
internet_service6_custom_group
block is documented below. - internet
Service6Customs List<Property Map> - Custom IPv6 Internet Service name. The structure of
internet_service6_custom
block is documented below. - internet
Service6Groups List<Property Map> - Internet Service group name. The structure of
internet_service6_group
block is documented below. - internet
Service6Names List<Property Map> - IPv6 Internet Service name. The structure of
internet_service6_name
block is documented below. - internet
Service6Negate String - When enabled internet-service6 specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service6Src String - Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service6Src List<Property Map>Custom Groups - Custom Internet Service6 source group name. The structure of
internet_service6_src_custom_group
block is documented below. - internet
Service6Src List<Property Map>Customs - Custom IPv6 Internet Service source name. The structure of
internet_service6_src_custom
block is documented below. - internet
Service6Src List<Property Map>Groups - Internet Service6 source group name. The structure of
internet_service6_src_group
block is documented below. - internet
Service6Src List<Property Map>Names - IPv6 Internet Service source name. The structure of
internet_service6_src_name
block is documented below. - internet
Service6Src StringNegate - When enabled internet-service6-src specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service List<Property Map>Custom Groups - Custom Internet Service group name. The structure of
internet_service_custom_group
block is documented below. - internet
Service List<Property Map>Customs - Custom Internet Service name. The structure of
internet_service_custom
block is documented below. - internet
Service List<Property Map>Groups - Internet Service group name. The structure of
internet_service_group
block is documented below. - internet
Service List<Property Map>Ids - Internet Service ID. The structure of
internet_service_id
block is documented below. - internet
Service List<Property Map>Names - Internet Service name. The structure of
internet_service_name
block is documented below. - internet
Service StringNegate - When enabled internet-service specifies what the service must NOT be. Valid values:
enable
,disable
. - internet
Service StringSrc - Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values:
enable
,disable
. - internet
Service List<Property Map>Src Custom Groups - Custom Internet Service source group name. The structure of
internet_service_src_custom_group
block is documented below. - internet
Service List<Property Map>Src Customs - Custom Internet Service source name. The structure of
internet_service_src_custom
block is documented below. - internet
Service List<Property Map>Src Groups - Internet Service source group name. The structure of
internet_service_src_group
block is documented below. - internet
Service List<Property Map>Src Ids - Internet Service source ID. The structure of
internet_service_src_id
block is documented below. - internet
Service List<Property Map>Src Names - Internet Service source name. The structure of
internet_service_src_name
block is documented below. - internet
Service StringSrc Negate - When enabled internet-service-src specifies what the service must NOT be. Valid values:
enable
,disable
. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- learning
Mode String - Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values:
enable
,disable
. - logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
all
,utm
,disable
. - logtraffic
Start String - Record logs when a session starts. Valid values:
enable
,disable
. - name String
- Policy name.
- nat46 String
- Enable/disable NAT46. Valid values:
enable
,disable
. - nat64 String
- Enable/disable NAT64. Valid values:
enable
,disable
. - policyid Number
- Policy ID.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single
,group
. - schedule String
- Schedule name.
- sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- send
Deny StringPacket - Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values:
disable
,enable
. - service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
enable
,disable
. - services List<Property Map>
- Service and service group names. The structure of
service
block is documented below. - srcaddr4s List<Property Map>
- Source IPv4 address name and address group names. The structure of
srcaddr4
block is documented below. - srcaddr6Negate String
- When enabled srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddr6s List<Property Map>
- Source IPv6 address name and address group names. The structure of
srcaddr6
block is documented below. - srcaddr
Negate String - When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values:
enable
,disable
. - srcaddrs List<Property Map>
- Source IPv4 address name and address group names. The structure of
srcaddr
block is documented below. - srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of
srcintf
block is documented below. - ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values:
enable
,disable
. - url
Categories List<Property Map> - URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category_unitary
. The structure ofurl_category
block is documented below. - url
Category StringUnitary - URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable
url-category
. - users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of
users
block is documented below. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Name of an existing virtual-patch profile.
- voip
Profile String - Name of an existing VoIP (voipd) profile.
- webfilter
Profile String - Name of an existing Web filter profile.
Supporting Types
SecuritypolicyAppCategory, SecuritypolicyAppCategoryArgs
- Id int
- Category IDs.
- Id int
- Category IDs.
- id Integer
- Category IDs.
- id number
- Category IDs.
- id int
- Category IDs.
- id Number
- Category IDs.
SecuritypolicyAppGroup, SecuritypolicyAppGroupArgs
- Name string
- Application group names.
- Name string
- Application group names.
- name String
- Application group names.
- name string
- Application group names.
- name str
- Application group names.
- name String
- Application group names.
SecuritypolicyApplication, SecuritypolicyApplicationArgs
- Id int
- Application IDs.
- Id int
- Application IDs.
- id Integer
- Application IDs.
- id number
- Application IDs.
- id int
- Application IDs.
- id Number
- Application IDs.
SecuritypolicyDstaddr, SecuritypolicyDstaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
SecuritypolicyDstaddr4, SecuritypolicyDstaddr4Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyDstaddr6, SecuritypolicyDstaddr6Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyDstintf, SecuritypolicyDstintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
SecuritypolicyFssoGroup, SecuritypolicyFssoGroupArgs
- Name string
- Names of FSSO groups.
- Name string
- Names of FSSO groups.
- name String
- Names of FSSO groups.
- name string
- Names of FSSO groups.
- name str
- Names of FSSO groups.
- name String
- Names of FSSO groups.
SecuritypolicyGroup, SecuritypolicyGroupArgs
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
SecuritypolicyInternetService6Custom, SecuritypolicyInternetService6CustomArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6CustomGroup, SecuritypolicyInternetService6CustomGroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6Group, SecuritypolicyInternetService6GroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6Name, SecuritypolicyInternetService6NameArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6SrcCustom, SecuritypolicyInternetService6SrcCustomArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6SrcCustomGroup, SecuritypolicyInternetService6SrcCustomGroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6SrcGroup, SecuritypolicyInternetService6SrcGroupArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetService6SrcName, SecuritypolicyInternetService6SrcNameArgs
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicyInternetServiceCustom, SecuritypolicyInternetServiceCustomArgs
- Name string
- Custom Internet Service name.
- Name string
- Custom Internet Service name.
- name String
- Custom Internet Service name.
- name string
- Custom Internet Service name.
- name str
- Custom Internet Service name.
- name String
- Custom Internet Service name.
SecuritypolicyInternetServiceCustomGroup, SecuritypolicyInternetServiceCustomGroupArgs
- Name string
- Custom Internet Service group name.
- Name string
- Custom Internet Service group name.
- name String
- Custom Internet Service group name.
- name string
- Custom Internet Service group name.
- name str
- Custom Internet Service group name.
- name String
- Custom Internet Service group name.
SecuritypolicyInternetServiceGroup, SecuritypolicyInternetServiceGroupArgs
- Name string
- Internet Service group name.
- Name string
- Internet Service group name.
- name String
- Internet Service group name.
- name string
- Internet Service group name.
- name str
- Internet Service group name.
- name String
- Internet Service group name.
SecuritypolicyInternetServiceId, SecuritypolicyInternetServiceIdArgs
- Id int
- Internet Service ID.
- Id int
- Internet Service ID.
- id Integer
- Internet Service ID.
- id number
- Internet Service ID.
- id int
- Internet Service ID.
- id Number
- Internet Service ID.
SecuritypolicyInternetServiceName, SecuritypolicyInternetServiceNameArgs
- Name string
- Internet Service name.
- Name string
- Internet Service name.
- name String
- Internet Service name.
- name string
- Internet Service name.
- name str
- Internet Service name.
- name String
- Internet Service name.
SecuritypolicyInternetServiceSrcCustom, SecuritypolicyInternetServiceSrcCustomArgs
- Name string
- Custom Internet Service name.
- Name string
- Custom Internet Service name.
- name String
- Custom Internet Service name.
- name string
- Custom Internet Service name.
- name str
- Custom Internet Service name.
- name String
- Custom Internet Service name.
SecuritypolicyInternetServiceSrcCustomGroup, SecuritypolicyInternetServiceSrcCustomGroupArgs
- Name string
- Custom Internet Service6 group name.
- Name string
- Custom Internet Service6 group name.
- name String
- Custom Internet Service6 group name.
- name string
- Custom Internet Service6 group name.
- name str
- Custom Internet Service6 group name.
- name String
- Custom Internet Service6 group name.
SecuritypolicyInternetServiceSrcGroup, SecuritypolicyInternetServiceSrcGroupArgs
- Name string
- Internet Service group name.
- Name string
- Internet Service group name.
- name String
- Internet Service group name.
- name string
- Internet Service group name.
- name str
- Internet Service group name.
- name String
- Internet Service group name.
SecuritypolicyInternetServiceSrcId, SecuritypolicyInternetServiceSrcIdArgs
- Id int
- Internet Service ID.
- Id int
- Internet Service ID.
- id Integer
- Internet Service ID.
- id number
- Internet Service ID.
- id int
- Internet Service ID.
- id Number
- Internet Service ID.
SecuritypolicyInternetServiceSrcName, SecuritypolicyInternetServiceSrcNameArgs
- Name string
- Internet Service name.
- Name string
- Internet Service name.
- name String
- Internet Service name.
- name string
- Internet Service name.
- name str
- Internet Service name.
- name String
- Internet Service name.
SecuritypolicyService, SecuritypolicyServiceArgs
- Name string
- Service name.
- Name string
- Service name.
- name String
- Service name.
- name string
- Service name.
- name str
- Service name.
- name String
- Service name.
SecuritypolicySrcaddr, SecuritypolicySrcaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
SecuritypolicySrcaddr4, SecuritypolicySrcaddr4Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicySrcaddr6, SecuritypolicySrcaddr6Args
- Name string
- Policy name.
- Name string
- Policy name.
- name String
- Policy name.
- name string
- Policy name.
- name str
- Policy name.
- name String
- Policy name.
SecuritypolicySrcintf, SecuritypolicySrcintfArgs
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
SecuritypolicyUrlCategory, SecuritypolicyUrlCategoryArgs
- Id int
- URL category ID.
- Id int
- URL category ID.
- id Integer
- URL category ID.
- id number
- URL category ID.
- id int
- URL category ID.
- id Number
- URL category ID.
SecuritypolicyUser, SecuritypolicyUserArgs
- Name string
- User name.
- Name string
- User name.
- name String
- User name.
- name string
- User name.
- name str
- User name.
- name String
- User name.
Import
Firewall SecurityPolicy can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.