1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Securitypolicy
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.Securitypolicy

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure NGFW IPv4/IPv6 application policies. Applies to FortiOS Version >= 6.2.4.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.firewall.Securitypolicy("trname", {
        action: "accept",
        dstaddrs: [{
            name: "all",
        }],
        dstintfs: [{
            name: "port4",
        }],
        logtraffic: "utm",
        policyid: 1,
        profileProtocolOptions: "default",
        profileType: "single",
        schedule: "always",
        srcaddrs: [{
            name: "all",
        }],
        srcintfs: [{
            name: "port2",
        }],
        status: "enable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.firewall.Securitypolicy("trname",
        action="accept",
        dstaddrs=[fortios.firewall.SecuritypolicyDstaddrArgs(
            name="all",
        )],
        dstintfs=[fortios.firewall.SecuritypolicyDstintfArgs(
            name="port4",
        )],
        logtraffic="utm",
        policyid=1,
        profile_protocol_options="default",
        profile_type="single",
        schedule="always",
        srcaddrs=[fortios.firewall.SecuritypolicySrcaddrArgs(
            name="all",
        )],
        srcintfs=[fortios.firewall.SecuritypolicySrcintfArgs(
            name="port2",
        )],
        status="enable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewSecuritypolicy(ctx, "trname", &firewall.SecuritypolicyArgs{
    			Action: pulumi.String("accept"),
    			Dstaddrs: firewall.SecuritypolicyDstaddrArray{
    				&firewall.SecuritypolicyDstaddrArgs{
    					Name: pulumi.String("all"),
    				},
    			},
    			Dstintfs: firewall.SecuritypolicyDstintfArray{
    				&firewall.SecuritypolicyDstintfArgs{
    					Name: pulumi.String("port4"),
    				},
    			},
    			Logtraffic:             pulumi.String("utm"),
    			Policyid:               pulumi.Int(1),
    			ProfileProtocolOptions: pulumi.String("default"),
    			ProfileType:            pulumi.String("single"),
    			Schedule:               pulumi.String("always"),
    			Srcaddrs: firewall.SecuritypolicySrcaddrArray{
    				&firewall.SecuritypolicySrcaddrArgs{
    					Name: pulumi.String("all"),
    				},
    			},
    			Srcintfs: firewall.SecuritypolicySrcintfArray{
    				&firewall.SecuritypolicySrcintfArgs{
    					Name: pulumi.String("port2"),
    				},
    			},
    			Status: pulumi.String("enable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Firewall.Securitypolicy("trname", new()
        {
            Action = "accept",
            Dstaddrs = new[]
            {
                new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
                {
                    Name = "all",
                },
            },
            Dstintfs = new[]
            {
                new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
                {
                    Name = "port4",
                },
            },
            Logtraffic = "utm",
            Policyid = 1,
            ProfileProtocolOptions = "default",
            ProfileType = "single",
            Schedule = "always",
            Srcaddrs = new[]
            {
                new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
                {
                    Name = "all",
                },
            },
            Srcintfs = new[]
            {
                new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
                {
                    Name = "port2",
                },
            },
            Status = "enable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Securitypolicy;
    import com.pulumi.fortios.firewall.SecuritypolicyArgs;
    import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstaddrArgs;
    import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstintfArgs;
    import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcaddrArgs;
    import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcintfArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Securitypolicy("trname", SecuritypolicyArgs.builder()
                .action("accept")
                .dstaddrs(SecuritypolicyDstaddrArgs.builder()
                    .name("all")
                    .build())
                .dstintfs(SecuritypolicyDstintfArgs.builder()
                    .name("port4")
                    .build())
                .logtraffic("utm")
                .policyid(1)
                .profileProtocolOptions("default")
                .profileType("single")
                .schedule("always")
                .srcaddrs(SecuritypolicySrcaddrArgs.builder()
                    .name("all")
                    .build())
                .srcintfs(SecuritypolicySrcintfArgs.builder()
                    .name("port2")
                    .build())
                .status("enable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:firewall:Securitypolicy
        properties:
          action: accept
          dstaddrs:
            - name: all
          dstintfs:
            - name: port4
          logtraffic: utm
          policyid: 1
          profileProtocolOptions: default
          profileType: single
          schedule: always
          srcaddrs:
            - name: all
          srcintfs:
            - name: port2
          status: enable
    

    Create Securitypolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Securitypolicy(name: string, args?: SecuritypolicyArgs, opts?: CustomResourceOptions);
    @overload
    def Securitypolicy(resource_name: str,
                       args: Optional[SecuritypolicyArgs] = None,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def Securitypolicy(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       action: Optional[str] = None,
                       app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
                       app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
                       application_list: Optional[str] = None,
                       applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
                       av_profile: Optional[str] = None,
                       casb_profile: Optional[str] = None,
                       cifs_profile: Optional[str] = None,
                       comments: Optional[str] = None,
                       diameter_filter_profile: Optional[str] = None,
                       dlp_profile: Optional[str] = None,
                       dlp_sensor: Optional[str] = None,
                       dnsfilter_profile: Optional[str] = None,
                       dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
                       dstaddr6_negate: Optional[str] = None,
                       dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
                       dstaddr_negate: Optional[str] = None,
                       dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
                       dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
                       dynamic_sort_subtable: Optional[str] = None,
                       emailfilter_profile: Optional[str] = None,
                       enforce_default_app_port: Optional[str] = None,
                       file_filter_profile: Optional[str] = None,
                       fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
                       get_all_tables: Optional[str] = None,
                       groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
                       icap_profile: Optional[str] = None,
                       internet_service: Optional[str] = None,
                       internet_service6: Optional[str] = None,
                       internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
                       internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
                       internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
                       internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
                       internet_service6_negate: Optional[str] = None,
                       internet_service6_src: Optional[str] = None,
                       internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
                       internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
                       internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
                       internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
                       internet_service6_src_negate: Optional[str] = None,
                       internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
                       internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
                       internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
                       internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
                       internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
                       internet_service_negate: Optional[str] = None,
                       internet_service_src: Optional[str] = None,
                       internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
                       internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
                       internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
                       internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
                       internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
                       internet_service_src_negate: Optional[str] = None,
                       ips_sensor: Optional[str] = None,
                       ips_voip_filter: Optional[str] = None,
                       learning_mode: Optional[str] = None,
                       logtraffic: Optional[str] = None,
                       logtraffic_start: Optional[str] = None,
                       name: Optional[str] = None,
                       nat46: Optional[str] = None,
                       nat64: Optional[str] = None,
                       policyid: Optional[int] = None,
                       profile_group: Optional[str] = None,
                       profile_protocol_options: Optional[str] = None,
                       profile_type: Optional[str] = None,
                       schedule: Optional[str] = None,
                       sctp_filter_profile: Optional[str] = None,
                       send_deny_packet: Optional[str] = None,
                       service_negate: Optional[str] = None,
                       services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
                       srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
                       srcaddr6_negate: Optional[str] = None,
                       srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
                       srcaddr_negate: Optional[str] = None,
                       srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
                       srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
                       ssh_filter_profile: Optional[str] = None,
                       ssl_ssh_profile: Optional[str] = None,
                       status: Optional[str] = None,
                       url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
                       url_category_unitary: Optional[str] = None,
                       users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
                       uuid: Optional[str] = None,
                       vdomparam: Optional[str] = None,
                       videofilter_profile: Optional[str] = None,
                       virtual_patch_profile: Optional[str] = None,
                       voip_profile: Optional[str] = None,
                       webfilter_profile: Optional[str] = None)
    func NewSecuritypolicy(ctx *Context, name string, args *SecuritypolicyArgs, opts ...ResourceOption) (*Securitypolicy, error)
    public Securitypolicy(string name, SecuritypolicyArgs? args = null, CustomResourceOptions? opts = null)
    public Securitypolicy(String name, SecuritypolicyArgs args)
    public Securitypolicy(String name, SecuritypolicyArgs args, CustomResourceOptions options)
    
    type: fortios:firewall:Securitypolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecuritypolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecuritypolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecuritypolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecuritypolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecuritypolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var securitypolicyResource = new Fortios.Firewall.Securitypolicy("securitypolicyResource", new()
    {
        Action = "string",
        AppCategories = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyAppCategoryArgs
            {
                Id = 0,
            },
        },
        AppGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyAppGroupArgs
            {
                Name = "string",
            },
        },
        ApplicationList = "string",
        Applications = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyApplicationArgs
            {
                Id = 0,
            },
        },
        AvProfile = "string",
        CasbProfile = "string",
        CifsProfile = "string",
        Comments = "string",
        DiameterFilterProfile = "string",
        DlpProfile = "string",
        DlpSensor = "string",
        DnsfilterProfile = "string",
        Dstaddr4s = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstaddr4Args
            {
                Name = "string",
            },
        },
        Dstaddr6Negate = "string",
        Dstaddr6s = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstaddr6Args
            {
                Name = "string",
            },
        },
        DstaddrNegate = "string",
        Dstaddrs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
            {
                Name = "string",
            },
        },
        Dstintfs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
            {
                Name = "string",
            },
        },
        DynamicSortSubtable = "string",
        EmailfilterProfile = "string",
        EnforceDefaultAppPort = "string",
        FileFilterProfile = "string",
        FssoGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyFssoGroupArgs
            {
                Name = "string",
            },
        },
        GetAllTables = "string",
        Groups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyGroupArgs
            {
                Name = "string",
            },
        },
        IcapProfile = "string",
        InternetService = "string",
        InternetService6 = "string",
        InternetService6CustomGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetService6Customs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomArgs
            {
                Name = "string",
            },
        },
        InternetService6Groups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6GroupArgs
            {
                Name = "string",
            },
        },
        InternetService6Names = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6NameArgs
            {
                Name = "string",
            },
        },
        InternetService6Negate = "string",
        InternetService6Src = "string",
        InternetService6SrcCustomGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetService6SrcCustoms = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomArgs
            {
                Name = "string",
            },
        },
        InternetService6SrcGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroupArgs
            {
                Name = "string",
            },
        },
        InternetService6SrcNames = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcNameArgs
            {
                Name = "string",
            },
        },
        InternetService6SrcNegate = "string",
        InternetServiceCustomGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceCustoms = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomArgs
            {
                Name = "string",
            },
        },
        InternetServiceGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceIds = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceIdArgs
            {
                Id = 0,
            },
        },
        InternetServiceNames = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceNameArgs
            {
                Name = "string",
            },
        },
        InternetServiceNegate = "string",
        InternetServiceSrc = "string",
        InternetServiceSrcCustomGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcCustoms = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcGroups = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcIds = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcIdArgs
            {
                Id = 0,
            },
        },
        InternetServiceSrcNames = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcNameArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcNegate = "string",
        IpsSensor = "string",
        IpsVoipFilter = "string",
        LearningMode = "string",
        Logtraffic = "string",
        LogtrafficStart = "string",
        Name = "string",
        Nat46 = "string",
        Nat64 = "string",
        Policyid = 0,
        ProfileGroup = "string",
        ProfileProtocolOptions = "string",
        ProfileType = "string",
        Schedule = "string",
        SctpFilterProfile = "string",
        SendDenyPacket = "string",
        ServiceNegate = "string",
        Services = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyServiceArgs
            {
                Name = "string",
            },
        },
        Srcaddr4s = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcaddr4Args
            {
                Name = "string",
            },
        },
        Srcaddr6Negate = "string",
        Srcaddr6s = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcaddr6Args
            {
                Name = "string",
            },
        },
        SrcaddrNegate = "string",
        Srcaddrs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
            {
                Name = "string",
            },
        },
        Srcintfs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
            {
                Name = "string",
            },
        },
        SshFilterProfile = "string",
        SslSshProfile = "string",
        Status = "string",
        UrlCategories = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyUrlCategoryArgs
            {
                Id = 0,
            },
        },
        UrlCategoryUnitary = "string",
        Users = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyUserArgs
            {
                Name = "string",
            },
        },
        Uuid = "string",
        Vdomparam = "string",
        VideofilterProfile = "string",
        VirtualPatchProfile = "string",
        VoipProfile = "string",
        WebfilterProfile = "string",
    });
    
    example, err := firewall.NewSecuritypolicy(ctx, "securitypolicyResource", &firewall.SecuritypolicyArgs{
    	Action: pulumi.String("string"),
    	AppCategories: firewall.SecuritypolicyAppCategoryArray{
    		&firewall.SecuritypolicyAppCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AppGroups: firewall.SecuritypolicyAppGroupArray{
    		&firewall.SecuritypolicyAppGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	ApplicationList: pulumi.String("string"),
    	Applications: firewall.SecuritypolicyApplicationArray{
    		&firewall.SecuritypolicyApplicationArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AvProfile:             pulumi.String("string"),
    	CasbProfile:           pulumi.String("string"),
    	CifsProfile:           pulumi.String("string"),
    	Comments:              pulumi.String("string"),
    	DiameterFilterProfile: pulumi.String("string"),
    	DlpProfile:            pulumi.String("string"),
    	DlpSensor:             pulumi.String("string"),
    	DnsfilterProfile:      pulumi.String("string"),
    	Dstaddr4s: firewall.SecuritypolicyDstaddr4Array{
    		&firewall.SecuritypolicyDstaddr4Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	Dstaddr6Negate: pulumi.String("string"),
    	Dstaddr6s: firewall.SecuritypolicyDstaddr6Array{
    		&firewall.SecuritypolicyDstaddr6Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	DstaddrNegate: pulumi.String("string"),
    	Dstaddrs: firewall.SecuritypolicyDstaddrArray{
    		&firewall.SecuritypolicyDstaddrArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Dstintfs: firewall.SecuritypolicyDstintfArray{
    		&firewall.SecuritypolicyDstintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	DynamicSortSubtable:   pulumi.String("string"),
    	EmailfilterProfile:    pulumi.String("string"),
    	EnforceDefaultAppPort: pulumi.String("string"),
    	FileFilterProfile:     pulumi.String("string"),
    	FssoGroups: firewall.SecuritypolicyFssoGroupArray{
    		&firewall.SecuritypolicyFssoGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	GetAllTables: pulumi.String("string"),
    	Groups: firewall.SecuritypolicyGroupArray{
    		&firewall.SecuritypolicyGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	IcapProfile:      pulumi.String("string"),
    	InternetService:  pulumi.String("string"),
    	InternetService6: pulumi.String("string"),
    	InternetService6CustomGroups: firewall.SecuritypolicyInternetService6CustomGroupArray{
    		&firewall.SecuritypolicyInternetService6CustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6Customs: firewall.SecuritypolicyInternetService6CustomArray{
    		&firewall.SecuritypolicyInternetService6CustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6Groups: firewall.SecuritypolicyInternetService6GroupArray{
    		&firewall.SecuritypolicyInternetService6GroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6Names: firewall.SecuritypolicyInternetService6NameArray{
    		&firewall.SecuritypolicyInternetService6NameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6Negate: pulumi.String("string"),
    	InternetService6Src:    pulumi.String("string"),
    	InternetService6SrcCustomGroups: firewall.SecuritypolicyInternetService6SrcCustomGroupArray{
    		&firewall.SecuritypolicyInternetService6SrcCustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6SrcCustoms: firewall.SecuritypolicyInternetService6SrcCustomArray{
    		&firewall.SecuritypolicyInternetService6SrcCustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6SrcGroups: firewall.SecuritypolicyInternetService6SrcGroupArray{
    		&firewall.SecuritypolicyInternetService6SrcGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6SrcNames: firewall.SecuritypolicyInternetService6SrcNameArray{
    		&firewall.SecuritypolicyInternetService6SrcNameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetService6SrcNegate: pulumi.String("string"),
    	InternetServiceCustomGroups: firewall.SecuritypolicyInternetServiceCustomGroupArray{
    		&firewall.SecuritypolicyInternetServiceCustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceCustoms: firewall.SecuritypolicyInternetServiceCustomArray{
    		&firewall.SecuritypolicyInternetServiceCustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceGroups: firewall.SecuritypolicyInternetServiceGroupArray{
    		&firewall.SecuritypolicyInternetServiceGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceIds: firewall.SecuritypolicyInternetServiceIdArray{
    		&firewall.SecuritypolicyInternetServiceIdArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	InternetServiceNames: firewall.SecuritypolicyInternetServiceNameArray{
    		&firewall.SecuritypolicyInternetServiceNameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceNegate: pulumi.String("string"),
    	InternetServiceSrc:    pulumi.String("string"),
    	InternetServiceSrcCustomGroups: firewall.SecuritypolicyInternetServiceSrcCustomGroupArray{
    		&firewall.SecuritypolicyInternetServiceSrcCustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcCustoms: firewall.SecuritypolicyInternetServiceSrcCustomArray{
    		&firewall.SecuritypolicyInternetServiceSrcCustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcGroups: firewall.SecuritypolicyInternetServiceSrcGroupArray{
    		&firewall.SecuritypolicyInternetServiceSrcGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcIds: firewall.SecuritypolicyInternetServiceSrcIdArray{
    		&firewall.SecuritypolicyInternetServiceSrcIdArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	InternetServiceSrcNames: firewall.SecuritypolicyInternetServiceSrcNameArray{
    		&firewall.SecuritypolicyInternetServiceSrcNameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcNegate: pulumi.String("string"),
    	IpsSensor:                pulumi.String("string"),
    	IpsVoipFilter:            pulumi.String("string"),
    	LearningMode:             pulumi.String("string"),
    	Logtraffic:               pulumi.String("string"),
    	LogtrafficStart:          pulumi.String("string"),
    	Name:                     pulumi.String("string"),
    	Nat46:                    pulumi.String("string"),
    	Nat64:                    pulumi.String("string"),
    	Policyid:                 pulumi.Int(0),
    	ProfileGroup:             pulumi.String("string"),
    	ProfileProtocolOptions:   pulumi.String("string"),
    	ProfileType:              pulumi.String("string"),
    	Schedule:                 pulumi.String("string"),
    	SctpFilterProfile:        pulumi.String("string"),
    	SendDenyPacket:           pulumi.String("string"),
    	ServiceNegate:            pulumi.String("string"),
    	Services: firewall.SecuritypolicyServiceArray{
    		&firewall.SecuritypolicyServiceArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Srcaddr4s: firewall.SecuritypolicySrcaddr4Array{
    		&firewall.SecuritypolicySrcaddr4Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	Srcaddr6Negate: pulumi.String("string"),
    	Srcaddr6s: firewall.SecuritypolicySrcaddr6Array{
    		&firewall.SecuritypolicySrcaddr6Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	SrcaddrNegate: pulumi.String("string"),
    	Srcaddrs: firewall.SecuritypolicySrcaddrArray{
    		&firewall.SecuritypolicySrcaddrArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Srcintfs: firewall.SecuritypolicySrcintfArray{
    		&firewall.SecuritypolicySrcintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SshFilterProfile: pulumi.String("string"),
    	SslSshProfile:    pulumi.String("string"),
    	Status:           pulumi.String("string"),
    	UrlCategories: firewall.SecuritypolicyUrlCategoryArray{
    		&firewall.SecuritypolicyUrlCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	UrlCategoryUnitary: pulumi.String("string"),
    	Users: firewall.SecuritypolicyUserArray{
    		&firewall.SecuritypolicyUserArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Uuid:                pulumi.String("string"),
    	Vdomparam:           pulumi.String("string"),
    	VideofilterProfile:  pulumi.String("string"),
    	VirtualPatchProfile: pulumi.String("string"),
    	VoipProfile:         pulumi.String("string"),
    	WebfilterProfile:    pulumi.String("string"),
    })
    
    var securitypolicyResource = new Securitypolicy("securitypolicyResource", SecuritypolicyArgs.builder()
        .action("string")
        .appCategories(SecuritypolicyAppCategoryArgs.builder()
            .id(0)
            .build())
        .appGroups(SecuritypolicyAppGroupArgs.builder()
            .name("string")
            .build())
        .applicationList("string")
        .applications(SecuritypolicyApplicationArgs.builder()
            .id(0)
            .build())
        .avProfile("string")
        .casbProfile("string")
        .cifsProfile("string")
        .comments("string")
        .diameterFilterProfile("string")
        .dlpProfile("string")
        .dlpSensor("string")
        .dnsfilterProfile("string")
        .dstaddr4s(SecuritypolicyDstaddr4Args.builder()
            .name("string")
            .build())
        .dstaddr6Negate("string")
        .dstaddr6s(SecuritypolicyDstaddr6Args.builder()
            .name("string")
            .build())
        .dstaddrNegate("string")
        .dstaddrs(SecuritypolicyDstaddrArgs.builder()
            .name("string")
            .build())
        .dstintfs(SecuritypolicyDstintfArgs.builder()
            .name("string")
            .build())
        .dynamicSortSubtable("string")
        .emailfilterProfile("string")
        .enforceDefaultAppPort("string")
        .fileFilterProfile("string")
        .fssoGroups(SecuritypolicyFssoGroupArgs.builder()
            .name("string")
            .build())
        .getAllTables("string")
        .groups(SecuritypolicyGroupArgs.builder()
            .name("string")
            .build())
        .icapProfile("string")
        .internetService("string")
        .internetService6("string")
        .internetService6CustomGroups(SecuritypolicyInternetService6CustomGroupArgs.builder()
            .name("string")
            .build())
        .internetService6Customs(SecuritypolicyInternetService6CustomArgs.builder()
            .name("string")
            .build())
        .internetService6Groups(SecuritypolicyInternetService6GroupArgs.builder()
            .name("string")
            .build())
        .internetService6Names(SecuritypolicyInternetService6NameArgs.builder()
            .name("string")
            .build())
        .internetService6Negate("string")
        .internetService6Src("string")
        .internetService6SrcCustomGroups(SecuritypolicyInternetService6SrcCustomGroupArgs.builder()
            .name("string")
            .build())
        .internetService6SrcCustoms(SecuritypolicyInternetService6SrcCustomArgs.builder()
            .name("string")
            .build())
        .internetService6SrcGroups(SecuritypolicyInternetService6SrcGroupArgs.builder()
            .name("string")
            .build())
        .internetService6SrcNames(SecuritypolicyInternetService6SrcNameArgs.builder()
            .name("string")
            .build())
        .internetService6SrcNegate("string")
        .internetServiceCustomGroups(SecuritypolicyInternetServiceCustomGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceCustoms(SecuritypolicyInternetServiceCustomArgs.builder()
            .name("string")
            .build())
        .internetServiceGroups(SecuritypolicyInternetServiceGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceIds(SecuritypolicyInternetServiceIdArgs.builder()
            .id(0)
            .build())
        .internetServiceNames(SecuritypolicyInternetServiceNameArgs.builder()
            .name("string")
            .build())
        .internetServiceNegate("string")
        .internetServiceSrc("string")
        .internetServiceSrcCustomGroups(SecuritypolicyInternetServiceSrcCustomGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcCustoms(SecuritypolicyInternetServiceSrcCustomArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcGroups(SecuritypolicyInternetServiceSrcGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcIds(SecuritypolicyInternetServiceSrcIdArgs.builder()
            .id(0)
            .build())
        .internetServiceSrcNames(SecuritypolicyInternetServiceSrcNameArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcNegate("string")
        .ipsSensor("string")
        .ipsVoipFilter("string")
        .learningMode("string")
        .logtraffic("string")
        .logtrafficStart("string")
        .name("string")
        .nat46("string")
        .nat64("string")
        .policyid(0)
        .profileGroup("string")
        .profileProtocolOptions("string")
        .profileType("string")
        .schedule("string")
        .sctpFilterProfile("string")
        .sendDenyPacket("string")
        .serviceNegate("string")
        .services(SecuritypolicyServiceArgs.builder()
            .name("string")
            .build())
        .srcaddr4s(SecuritypolicySrcaddr4Args.builder()
            .name("string")
            .build())
        .srcaddr6Negate("string")
        .srcaddr6s(SecuritypolicySrcaddr6Args.builder()
            .name("string")
            .build())
        .srcaddrNegate("string")
        .srcaddrs(SecuritypolicySrcaddrArgs.builder()
            .name("string")
            .build())
        .srcintfs(SecuritypolicySrcintfArgs.builder()
            .name("string")
            .build())
        .sshFilterProfile("string")
        .sslSshProfile("string")
        .status("string")
        .urlCategories(SecuritypolicyUrlCategoryArgs.builder()
            .id(0)
            .build())
        .urlCategoryUnitary("string")
        .users(SecuritypolicyUserArgs.builder()
            .name("string")
            .build())
        .uuid("string")
        .vdomparam("string")
        .videofilterProfile("string")
        .virtualPatchProfile("string")
        .voipProfile("string")
        .webfilterProfile("string")
        .build());
    
    securitypolicy_resource = fortios.firewall.Securitypolicy("securitypolicyResource",
        action="string",
        app_categories=[{
            "id": 0,
        }],
        app_groups=[{
            "name": "string",
        }],
        application_list="string",
        applications=[{
            "id": 0,
        }],
        av_profile="string",
        casb_profile="string",
        cifs_profile="string",
        comments="string",
        diameter_filter_profile="string",
        dlp_profile="string",
        dlp_sensor="string",
        dnsfilter_profile="string",
        dstaddr4s=[{
            "name": "string",
        }],
        dstaddr6_negate="string",
        dstaddr6s=[{
            "name": "string",
        }],
        dstaddr_negate="string",
        dstaddrs=[{
            "name": "string",
        }],
        dstintfs=[{
            "name": "string",
        }],
        dynamic_sort_subtable="string",
        emailfilter_profile="string",
        enforce_default_app_port="string",
        file_filter_profile="string",
        fsso_groups=[{
            "name": "string",
        }],
        get_all_tables="string",
        groups=[{
            "name": "string",
        }],
        icap_profile="string",
        internet_service="string",
        internet_service6="string",
        internet_service6_custom_groups=[{
            "name": "string",
        }],
        internet_service6_customs=[{
            "name": "string",
        }],
        internet_service6_groups=[{
            "name": "string",
        }],
        internet_service6_names=[{
            "name": "string",
        }],
        internet_service6_negate="string",
        internet_service6_src="string",
        internet_service6_src_custom_groups=[{
            "name": "string",
        }],
        internet_service6_src_customs=[{
            "name": "string",
        }],
        internet_service6_src_groups=[{
            "name": "string",
        }],
        internet_service6_src_names=[{
            "name": "string",
        }],
        internet_service6_src_negate="string",
        internet_service_custom_groups=[{
            "name": "string",
        }],
        internet_service_customs=[{
            "name": "string",
        }],
        internet_service_groups=[{
            "name": "string",
        }],
        internet_service_ids=[{
            "id": 0,
        }],
        internet_service_names=[{
            "name": "string",
        }],
        internet_service_negate="string",
        internet_service_src="string",
        internet_service_src_custom_groups=[{
            "name": "string",
        }],
        internet_service_src_customs=[{
            "name": "string",
        }],
        internet_service_src_groups=[{
            "name": "string",
        }],
        internet_service_src_ids=[{
            "id": 0,
        }],
        internet_service_src_names=[{
            "name": "string",
        }],
        internet_service_src_negate="string",
        ips_sensor="string",
        ips_voip_filter="string",
        learning_mode="string",
        logtraffic="string",
        logtraffic_start="string",
        name="string",
        nat46="string",
        nat64="string",
        policyid=0,
        profile_group="string",
        profile_protocol_options="string",
        profile_type="string",
        schedule="string",
        sctp_filter_profile="string",
        send_deny_packet="string",
        service_negate="string",
        services=[{
            "name": "string",
        }],
        srcaddr4s=[{
            "name": "string",
        }],
        srcaddr6_negate="string",
        srcaddr6s=[{
            "name": "string",
        }],
        srcaddr_negate="string",
        srcaddrs=[{
            "name": "string",
        }],
        srcintfs=[{
            "name": "string",
        }],
        ssh_filter_profile="string",
        ssl_ssh_profile="string",
        status="string",
        url_categories=[{
            "id": 0,
        }],
        url_category_unitary="string",
        users=[{
            "name": "string",
        }],
        uuid="string",
        vdomparam="string",
        videofilter_profile="string",
        virtual_patch_profile="string",
        voip_profile="string",
        webfilter_profile="string")
    
    const securitypolicyResource = new fortios.firewall.Securitypolicy("securitypolicyResource", {
        action: "string",
        appCategories: [{
            id: 0,
        }],
        appGroups: [{
            name: "string",
        }],
        applicationList: "string",
        applications: [{
            id: 0,
        }],
        avProfile: "string",
        casbProfile: "string",
        cifsProfile: "string",
        comments: "string",
        diameterFilterProfile: "string",
        dlpProfile: "string",
        dlpSensor: "string",
        dnsfilterProfile: "string",
        dstaddr4s: [{
            name: "string",
        }],
        dstaddr6Negate: "string",
        dstaddr6s: [{
            name: "string",
        }],
        dstaddrNegate: "string",
        dstaddrs: [{
            name: "string",
        }],
        dstintfs: [{
            name: "string",
        }],
        dynamicSortSubtable: "string",
        emailfilterProfile: "string",
        enforceDefaultAppPort: "string",
        fileFilterProfile: "string",
        fssoGroups: [{
            name: "string",
        }],
        getAllTables: "string",
        groups: [{
            name: "string",
        }],
        icapProfile: "string",
        internetService: "string",
        internetService6: "string",
        internetService6CustomGroups: [{
            name: "string",
        }],
        internetService6Customs: [{
            name: "string",
        }],
        internetService6Groups: [{
            name: "string",
        }],
        internetService6Names: [{
            name: "string",
        }],
        internetService6Negate: "string",
        internetService6Src: "string",
        internetService6SrcCustomGroups: [{
            name: "string",
        }],
        internetService6SrcCustoms: [{
            name: "string",
        }],
        internetService6SrcGroups: [{
            name: "string",
        }],
        internetService6SrcNames: [{
            name: "string",
        }],
        internetService6SrcNegate: "string",
        internetServiceCustomGroups: [{
            name: "string",
        }],
        internetServiceCustoms: [{
            name: "string",
        }],
        internetServiceGroups: [{
            name: "string",
        }],
        internetServiceIds: [{
            id: 0,
        }],
        internetServiceNames: [{
            name: "string",
        }],
        internetServiceNegate: "string",
        internetServiceSrc: "string",
        internetServiceSrcCustomGroups: [{
            name: "string",
        }],
        internetServiceSrcCustoms: [{
            name: "string",
        }],
        internetServiceSrcGroups: [{
            name: "string",
        }],
        internetServiceSrcIds: [{
            id: 0,
        }],
        internetServiceSrcNames: [{
            name: "string",
        }],
        internetServiceSrcNegate: "string",
        ipsSensor: "string",
        ipsVoipFilter: "string",
        learningMode: "string",
        logtraffic: "string",
        logtrafficStart: "string",
        name: "string",
        nat46: "string",
        nat64: "string",
        policyid: 0,
        profileGroup: "string",
        profileProtocolOptions: "string",
        profileType: "string",
        schedule: "string",
        sctpFilterProfile: "string",
        sendDenyPacket: "string",
        serviceNegate: "string",
        services: [{
            name: "string",
        }],
        srcaddr4s: [{
            name: "string",
        }],
        srcaddr6Negate: "string",
        srcaddr6s: [{
            name: "string",
        }],
        srcaddrNegate: "string",
        srcaddrs: [{
            name: "string",
        }],
        srcintfs: [{
            name: "string",
        }],
        sshFilterProfile: "string",
        sslSshProfile: "string",
        status: "string",
        urlCategories: [{
            id: 0,
        }],
        urlCategoryUnitary: "string",
        users: [{
            name: "string",
        }],
        uuid: "string",
        vdomparam: "string",
        videofilterProfile: "string",
        virtualPatchProfile: "string",
        voipProfile: "string",
        webfilterProfile: "string",
    });
    
    type: fortios:firewall:Securitypolicy
    properties:
        action: string
        appCategories:
            - id: 0
        appGroups:
            - name: string
        applicationList: string
        applications:
            - id: 0
        avProfile: string
        casbProfile: string
        cifsProfile: string
        comments: string
        diameterFilterProfile: string
        dlpProfile: string
        dlpSensor: string
        dnsfilterProfile: string
        dstaddr4s:
            - name: string
        dstaddr6Negate: string
        dstaddr6s:
            - name: string
        dstaddrNegate: string
        dstaddrs:
            - name: string
        dstintfs:
            - name: string
        dynamicSortSubtable: string
        emailfilterProfile: string
        enforceDefaultAppPort: string
        fileFilterProfile: string
        fssoGroups:
            - name: string
        getAllTables: string
        groups:
            - name: string
        icapProfile: string
        internetService: string
        internetService6: string
        internetService6CustomGroups:
            - name: string
        internetService6Customs:
            - name: string
        internetService6Groups:
            - name: string
        internetService6Names:
            - name: string
        internetService6Negate: string
        internetService6Src: string
        internetService6SrcCustomGroups:
            - name: string
        internetService6SrcCustoms:
            - name: string
        internetService6SrcGroups:
            - name: string
        internetService6SrcNames:
            - name: string
        internetService6SrcNegate: string
        internetServiceCustomGroups:
            - name: string
        internetServiceCustoms:
            - name: string
        internetServiceGroups:
            - name: string
        internetServiceIds:
            - id: 0
        internetServiceNames:
            - name: string
        internetServiceNegate: string
        internetServiceSrc: string
        internetServiceSrcCustomGroups:
            - name: string
        internetServiceSrcCustoms:
            - name: string
        internetServiceSrcGroups:
            - name: string
        internetServiceSrcIds:
            - id: 0
        internetServiceSrcNames:
            - name: string
        internetServiceSrcNegate: string
        ipsSensor: string
        ipsVoipFilter: string
        learningMode: string
        logtraffic: string
        logtrafficStart: string
        name: string
        nat46: string
        nat64: string
        policyid: 0
        profileGroup: string
        profileProtocolOptions: string
        profileType: string
        schedule: string
        sctpFilterProfile: string
        sendDenyPacket: string
        serviceNegate: string
        services:
            - name: string
        srcaddr4s:
            - name: string
        srcaddr6Negate: string
        srcaddr6s:
            - name: string
        srcaddrNegate: string
        srcaddrs:
            - name: string
        srcintfs:
            - name: string
        sshFilterProfile: string
        sslSshProfile: string
        status: string
        urlCategories:
            - id: 0
        urlCategoryUnitary: string
        users:
            - name: string
        uuid: string
        vdomparam: string
        videofilterProfile: string
        virtualPatchProfile: string
        voipProfile: string
        webfilterProfile: string
    

    Securitypolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Securitypolicy resource accepts the following input properties:

    Action string
    Policy action (accept/deny). Valid values: accept, deny.
    AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyApplication>
    Application ID list. The structure of application block is documented below.
    AvProfile string
    Name of an existing Antivirus profile.
    CasbProfile string
    Name of an existing CASB profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiameterFilterProfile string
    Name of an existing Diameter filter profile.
    DlpProfile string
    Name of an existing DLP profile.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    EnforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    FileFilterProfile string
    Name of an existing file-filter profile.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    IcapProfile string
    Name of an existing ICAP profile.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    InternetService6CustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroup>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    InternetService6Customs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Custom>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    InternetService6Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Group>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    InternetService6Names List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Name>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    InternetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    InternetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetService6SrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroup>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    InternetService6SrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustom>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    InternetService6SrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroup>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    InternetService6SrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcName>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    InternetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    IpsVoipFilter string
    Name of an existing VoIP (ips) profile.
    LearningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    Nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    Policyid int
    Policy ID.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    SctpFilterProfile string
    Name of an existing SCTP filter profile.
    SendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyService>
    Service and service group names. The structure of service block is documented below.
    Srcaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUrlCategory>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    UrlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    Users List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VideofilterProfile string
    Name of an existing VideoFilter profile.
    VirtualPatchProfile string
    Name of an existing virtual-patch profile.
    VoipProfile string
    Name of an existing VoIP (voipd) profile.
    WebfilterProfile string
    Name of an existing Web filter profile.
    Action string
    Policy action (accept/deny). Valid values: accept, deny.
    AppCategories []SecuritypolicyAppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []SecuritypolicyAppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []SecuritypolicyApplicationArgs
    Application ID list. The structure of application block is documented below.
    AvProfile string
    Name of an existing Antivirus profile.
    CasbProfile string
    Name of an existing CASB profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiameterFilterProfile string
    Name of an existing Diameter filter profile.
    DlpProfile string
    Name of an existing DLP profile.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s []SecuritypolicyDstaddr4Args
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddr6s []SecuritypolicyDstaddr6Args
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs []SecuritypolicyDstaddrArgs
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    Dstintfs []SecuritypolicyDstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    EnforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    FileFilterProfile string
    Name of an existing file-filter profile.
    FssoGroups []SecuritypolicyFssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups []SecuritypolicyGroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    IcapProfile string
    Name of an existing ICAP profile.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    InternetService6CustomGroups []SecuritypolicyInternetService6CustomGroupArgs
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    InternetService6Customs []SecuritypolicyInternetService6CustomArgs
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    InternetService6Groups []SecuritypolicyInternetService6GroupArgs
    Internet Service group name. The structure of internet_service6_group block is documented below.
    InternetService6Names []SecuritypolicyInternetService6NameArgs
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    InternetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    InternetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetService6SrcCustomGroups []SecuritypolicyInternetService6SrcCustomGroupArgs
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    InternetService6SrcCustoms []SecuritypolicyInternetService6SrcCustomArgs
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    InternetService6SrcGroups []SecuritypolicyInternetService6SrcGroupArgs
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    InternetService6SrcNames []SecuritypolicyInternetService6SrcNameArgs
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    InternetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceCustomGroups []SecuritypolicyInternetServiceCustomGroupArgs
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms []SecuritypolicyInternetServiceCustomArgs
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups []SecuritypolicyInternetServiceGroupArgs
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds []SecuritypolicyInternetServiceIdArgs
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames []SecuritypolicyInternetServiceNameArgs
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups []SecuritypolicyInternetServiceSrcCustomGroupArgs
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms []SecuritypolicyInternetServiceSrcCustomArgs
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups []SecuritypolicyInternetServiceSrcGroupArgs
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds []SecuritypolicyInternetServiceSrcIdArgs
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames []SecuritypolicyInternetServiceSrcNameArgs
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    IpsVoipFilter string
    Name of an existing VoIP (ips) profile.
    LearningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    Nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    Policyid int
    Policy ID.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    SctpFilterProfile string
    Name of an existing SCTP filter profile.
    SendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []SecuritypolicyServiceArgs
    Service and service group names. The structure of service block is documented below.
    Srcaddr4s []SecuritypolicySrcaddr4Args
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddr6s []SecuritypolicySrcaddr6Args
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs []SecuritypolicySrcaddrArgs
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    Srcintfs []SecuritypolicySrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    UrlCategories []SecuritypolicyUrlCategoryArgs
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    UrlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    Users []SecuritypolicyUserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VideofilterProfile string
    Name of an existing VideoFilter profile.
    VirtualPatchProfile string
    Name of an existing virtual-patch profile.
    VoipProfile string
    Name of an existing VoIP (voipd) profile.
    WebfilterProfile string
    Name of an existing Web filter profile.
    action String
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories List<SecuritypolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<SecuritypolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<SecuritypolicyApplication>
    Application ID list. The structure of application block is documented below.
    avProfile String
    Name of an existing Antivirus profile.
    casbProfile String
    Name of an existing CASB profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diameterFilterProfile String
    Name of an existing Diameter filter profile.
    dlpProfile String
    Name of an existing DLP profile.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<SecuritypolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate String
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s List<SecuritypolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<SecuritypolicyDstaddr>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs List<SecuritypolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    enforceDefaultAppPort String
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile String
    Name of an existing file-filter profile.
    fssoGroups List<SecuritypolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<SecuritypolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile String
    Name of an existing ICAP profile.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 String
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups List<SecuritypolicyInternetService6CustomGroup>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs List<SecuritypolicyInternetService6Custom>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups List<SecuritypolicyInternetService6Group>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names List<SecuritypolicyInternetService6Name>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate String
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src String
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups List<SecuritypolicyInternetService6SrcCustomGroup>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms List<SecuritypolicyInternetService6SrcCustom>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups List<SecuritypolicyInternetService6SrcGroup>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames List<SecuritypolicyInternetService6SrcName>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate String
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups List<SecuritypolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<SecuritypolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<SecuritypolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<SecuritypolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<SecuritypolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<SecuritypolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<SecuritypolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<SecuritypolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<SecuritypolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<SecuritypolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    ipsVoipFilter String
    Name of an existing VoIP (ips) profile.
    learningMode String
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat46 String
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 String
    Enable/disable NAT64. Valid values: enable, disable.
    policyid Integer
    Policy ID.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    sctpFilterProfile String
    Name of an existing SCTP filter profile.
    sendDenyPacket String
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<SecuritypolicyService>
    Service and service group names. The structure of service block is documented below.
    srcaddr4s List<SecuritypolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate String
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s List<SecuritypolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<SecuritypolicySrcaddr>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs List<SecuritypolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories List<SecuritypolicyUrlCategory>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary String
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users List<SecuritypolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile String
    Name of an existing VideoFilter profile.
    virtualPatchProfile String
    Name of an existing virtual-patch profile.
    voipProfile String
    Name of an existing VoIP (voipd) profile.
    webfilterProfile String
    Name of an existing Web filter profile.
    action string
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories SecuritypolicyAppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups SecuritypolicyAppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications SecuritypolicyApplication[]
    Application ID list. The structure of application block is documented below.
    avProfile string
    Name of an existing Antivirus profile.
    casbProfile string
    Name of an existing CASB profile.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    diameterFilterProfile string
    Name of an existing Diameter filter profile.
    dlpProfile string
    Name of an existing DLP profile.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dstaddr4s SecuritypolicyDstaddr4[]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s SecuritypolicyDstaddr6[]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs SecuritypolicyDstaddr[]
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs SecuritypolicyDstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    enforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile string
    Name of an existing file-filter profile.
    fssoGroups SecuritypolicyFssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups SecuritypolicyGroup[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile string
    Name of an existing ICAP profile.
    internetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups SecuritypolicyInternetService6CustomGroup[]
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs SecuritypolicyInternetService6Custom[]
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups SecuritypolicyInternetService6Group[]
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names SecuritypolicyInternetService6Name[]
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups SecuritypolicyInternetService6SrcCustomGroup[]
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms SecuritypolicyInternetService6SrcCustom[]
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups SecuritypolicyInternetService6SrcGroup[]
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames SecuritypolicyInternetService6SrcName[]
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups SecuritypolicyInternetServiceCustomGroup[]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms SecuritypolicyInternetServiceCustom[]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups SecuritypolicyInternetServiceGroup[]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds SecuritypolicyInternetServiceId[]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames SecuritypolicyInternetServiceName[]
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups SecuritypolicyInternetServiceSrcCustomGroup[]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms SecuritypolicyInternetServiceSrcCustom[]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups SecuritypolicyInternetServiceSrcGroup[]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds SecuritypolicyInternetServiceSrcId[]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames SecuritypolicyInternetServiceSrcName[]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    ipsVoipFilter string
    Name of an existing VoIP (ips) profile.
    learningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    policyid number
    Policy ID.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule string
    Schedule name.
    sctpFilterProfile string
    Name of an existing SCTP filter profile.
    sendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services SecuritypolicyService[]
    Service and service group names. The structure of service block is documented below.
    srcaddr4s SecuritypolicySrcaddr4[]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s SecuritypolicySrcaddr6[]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs SecuritypolicySrcaddr[]
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs SecuritypolicySrcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories SecuritypolicyUrlCategory[]
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users SecuritypolicyUser[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile string
    Name of an existing VideoFilter profile.
    virtualPatchProfile string
    Name of an existing virtual-patch profile.
    voipProfile string
    Name of an existing VoIP (voipd) profile.
    webfilterProfile string
    Name of an existing Web filter profile.
    action str
    Policy action (accept/deny). Valid values: accept, deny.
    app_categories Sequence[SecuritypolicyAppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[SecuritypolicyAppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[SecuritypolicyApplicationArgs]
    Application ID list. The structure of application block is documented below.
    av_profile str
    Name of an existing Antivirus profile.
    casb_profile str
    Name of an existing CASB profile.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    diameter_filter_profile str
    Name of an existing Diameter filter profile.
    dlp_profile str
    Name of an existing DLP profile.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dstaddr4s Sequence[SecuritypolicyDstaddr4Args]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6_negate str
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s Sequence[SecuritypolicyDstaddr6Args]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddr_negate str
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs Sequence[SecuritypolicyDstaddrArgs]
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs Sequence[SecuritypolicyDstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    enforce_default_app_port str
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    file_filter_profile str
    Name of an existing file-filter profile.
    fsso_groups Sequence[SecuritypolicyFssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups Sequence[SecuritypolicyGroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icap_profile str
    Name of an existing ICAP profile.
    internet_service str
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internet_service6 str
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internet_service6_custom_groups Sequence[SecuritypolicyInternetService6CustomGroupArgs]
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internet_service6_customs Sequence[SecuritypolicyInternetService6CustomArgs]
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internet_service6_groups Sequence[SecuritypolicyInternetService6GroupArgs]
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internet_service6_names Sequence[SecuritypolicyInternetService6NameArgs]
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internet_service6_negate str
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internet_service6_src str
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service6_src_custom_groups Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internet_service6_src_customs Sequence[SecuritypolicyInternetService6SrcCustomArgs]
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internet_service6_src_groups Sequence[SecuritypolicyInternetService6SrcGroupArgs]
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internet_service6_src_names Sequence[SecuritypolicyInternetService6SrcNameArgs]
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internet_service6_src_negate str
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_custom_groups Sequence[SecuritypolicyInternetServiceCustomGroupArgs]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internet_service_customs Sequence[SecuritypolicyInternetServiceCustomArgs]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internet_service_groups Sequence[SecuritypolicyInternetServiceGroupArgs]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internet_service_ids Sequence[SecuritypolicyInternetServiceIdArgs]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internet_service_names Sequence[SecuritypolicyInternetServiceNameArgs]
    Internet Service name. The structure of internet_service_name block is documented below.
    internet_service_negate str
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_src str
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service_src_custom_groups Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internet_service_src_customs Sequence[SecuritypolicyInternetServiceSrcCustomArgs]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internet_service_src_groups Sequence[SecuritypolicyInternetServiceSrcGroupArgs]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internet_service_src_ids Sequence[SecuritypolicyInternetServiceSrcIdArgs]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internet_service_src_names Sequence[SecuritypolicyInternetServiceSrcNameArgs]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internet_service_src_negate str
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    ips_voip_filter str
    Name of an existing VoIP (ips) profile.
    learning_mode str
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat46 str
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 str
    Enable/disable NAT64. Valid values: enable, disable.
    policyid int
    Policy ID.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule str
    Schedule name.
    sctp_filter_profile str
    Name of an existing SCTP filter profile.
    send_deny_packet str
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[SecuritypolicyServiceArgs]
    Service and service group names. The structure of service block is documented below.
    srcaddr4s Sequence[SecuritypolicySrcaddr4Args]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6_negate str
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s Sequence[SecuritypolicySrcaddr6Args]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddr_negate str
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs Sequence[SecuritypolicySrcaddrArgs]
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs Sequence[SecuritypolicySrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    url_categories Sequence[SecuritypolicyUrlCategoryArgs]
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    url_category_unitary str
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users Sequence[SecuritypolicyUserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilter_profile str
    Name of an existing VideoFilter profile.
    virtual_patch_profile str
    Name of an existing virtual-patch profile.
    voip_profile str
    Name of an existing VoIP (voipd) profile.
    webfilter_profile str
    Name of an existing Web filter profile.
    action String
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    avProfile String
    Name of an existing Antivirus profile.
    casbProfile String
    Name of an existing CASB profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diameterFilterProfile String
    Name of an existing Diameter filter profile.
    dlpProfile String
    Name of an existing DLP profile.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate String
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s List<Property Map>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    enforceDefaultAppPort String
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile String
    Name of an existing file-filter profile.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile String
    Name of an existing ICAP profile.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 String
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups List<Property Map>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs List<Property Map>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups List<Property Map>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names List<Property Map>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate String
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src String
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups List<Property Map>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms List<Property Map>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups List<Property Map>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames List<Property Map>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate String
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups List<Property Map>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<Property Map>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<Property Map>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<Property Map>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<Property Map>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<Property Map>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<Property Map>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<Property Map>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<Property Map>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<Property Map>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    ipsVoipFilter String
    Name of an existing VoIP (ips) profile.
    learningMode String
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat46 String
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 String
    Enable/disable NAT64. Valid values: enable, disable.
    policyid Number
    Policy ID.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    sctpFilterProfile String
    Name of an existing SCTP filter profile.
    sendDenyPacket String
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    srcaddr4s List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate String
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s List<Property Map>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories List<Property Map>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary String
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile String
    Name of an existing VideoFilter profile.
    virtualPatchProfile String
    Name of an existing virtual-patch profile.
    voipProfile String
    Name of an existing VoIP (voipd) profile.
    webfilterProfile String
    Name of an existing Web filter profile.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Securitypolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Securitypolicy Resource

    Get an existing Securitypolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecuritypolicyState, opts?: CustomResourceOptions): Securitypolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
            app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
            application_list: Optional[str] = None,
            applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
            av_profile: Optional[str] = None,
            casb_profile: Optional[str] = None,
            cifs_profile: Optional[str] = None,
            comments: Optional[str] = None,
            diameter_filter_profile: Optional[str] = None,
            dlp_profile: Optional[str] = None,
            dlp_sensor: Optional[str] = None,
            dnsfilter_profile: Optional[str] = None,
            dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
            dstaddr6_negate: Optional[str] = None,
            dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
            dstaddr_negate: Optional[str] = None,
            dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
            dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
            dynamic_sort_subtable: Optional[str] = None,
            emailfilter_profile: Optional[str] = None,
            enforce_default_app_port: Optional[str] = None,
            file_filter_profile: Optional[str] = None,
            fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
            get_all_tables: Optional[str] = None,
            groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
            icap_profile: Optional[str] = None,
            internet_service: Optional[str] = None,
            internet_service6: Optional[str] = None,
            internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
            internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
            internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
            internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
            internet_service6_negate: Optional[str] = None,
            internet_service6_src: Optional[str] = None,
            internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
            internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
            internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
            internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
            internet_service6_src_negate: Optional[str] = None,
            internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
            internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
            internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
            internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
            internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
            internet_service_negate: Optional[str] = None,
            internet_service_src: Optional[str] = None,
            internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
            internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
            internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
            internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
            internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
            internet_service_src_negate: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            ips_voip_filter: Optional[str] = None,
            learning_mode: Optional[str] = None,
            logtraffic: Optional[str] = None,
            logtraffic_start: Optional[str] = None,
            name: Optional[str] = None,
            nat46: Optional[str] = None,
            nat64: Optional[str] = None,
            policyid: Optional[int] = None,
            profile_group: Optional[str] = None,
            profile_protocol_options: Optional[str] = None,
            profile_type: Optional[str] = None,
            schedule: Optional[str] = None,
            sctp_filter_profile: Optional[str] = None,
            send_deny_packet: Optional[str] = None,
            service_negate: Optional[str] = None,
            services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
            srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
            srcaddr6_negate: Optional[str] = None,
            srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
            srcaddr_negate: Optional[str] = None,
            srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
            srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
            ssh_filter_profile: Optional[str] = None,
            ssl_ssh_profile: Optional[str] = None,
            status: Optional[str] = None,
            url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
            url_category_unitary: Optional[str] = None,
            users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            videofilter_profile: Optional[str] = None,
            virtual_patch_profile: Optional[str] = None,
            voip_profile: Optional[str] = None,
            webfilter_profile: Optional[str] = None) -> Securitypolicy
    func GetSecuritypolicy(ctx *Context, name string, id IDInput, state *SecuritypolicyState, opts ...ResourceOption) (*Securitypolicy, error)
    public static Securitypolicy Get(string name, Input<string> id, SecuritypolicyState? state, CustomResourceOptions? opts = null)
    public static Securitypolicy get(String name, Output<String> id, SecuritypolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    Policy action (accept/deny). Valid values: accept, deny.
    AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyApplication>
    Application ID list. The structure of application block is documented below.
    AvProfile string
    Name of an existing Antivirus profile.
    CasbProfile string
    Name of an existing CASB profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiameterFilterProfile string
    Name of an existing Diameter filter profile.
    DlpProfile string
    Name of an existing DLP profile.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    EnforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    FileFilterProfile string
    Name of an existing file-filter profile.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    IcapProfile string
    Name of an existing ICAP profile.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    InternetService6CustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroup>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    InternetService6Customs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Custom>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    InternetService6Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Group>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    InternetService6Names List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Name>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    InternetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    InternetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetService6SrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroup>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    InternetService6SrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustom>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    InternetService6SrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroup>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    InternetService6SrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcName>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    InternetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    IpsVoipFilter string
    Name of an existing VoIP (ips) profile.
    LearningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    Nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    Policyid int
    Policy ID.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    SctpFilterProfile string
    Name of an existing SCTP filter profile.
    SendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyService>
    Service and service group names. The structure of service block is documented below.
    Srcaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUrlCategory>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    UrlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    Users List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VideofilterProfile string
    Name of an existing VideoFilter profile.
    VirtualPatchProfile string
    Name of an existing virtual-patch profile.
    VoipProfile string
    Name of an existing VoIP (voipd) profile.
    WebfilterProfile string
    Name of an existing Web filter profile.
    Action string
    Policy action (accept/deny). Valid values: accept, deny.
    AppCategories []SecuritypolicyAppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []SecuritypolicyAppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []SecuritypolicyApplicationArgs
    Application ID list. The structure of application block is documented below.
    AvProfile string
    Name of an existing Antivirus profile.
    CasbProfile string
    Name of an existing CASB profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiameterFilterProfile string
    Name of an existing Diameter filter profile.
    DlpProfile string
    Name of an existing DLP profile.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s []SecuritypolicyDstaddr4Args
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddr6s []SecuritypolicyDstaddr6Args
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs []SecuritypolicyDstaddrArgs
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    Dstintfs []SecuritypolicyDstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    EnforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    FileFilterProfile string
    Name of an existing file-filter profile.
    FssoGroups []SecuritypolicyFssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups []SecuritypolicyGroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    IcapProfile string
    Name of an existing ICAP profile.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    InternetService6CustomGroups []SecuritypolicyInternetService6CustomGroupArgs
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    InternetService6Customs []SecuritypolicyInternetService6CustomArgs
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    InternetService6Groups []SecuritypolicyInternetService6GroupArgs
    Internet Service group name. The structure of internet_service6_group block is documented below.
    InternetService6Names []SecuritypolicyInternetService6NameArgs
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    InternetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    InternetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetService6SrcCustomGroups []SecuritypolicyInternetService6SrcCustomGroupArgs
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    InternetService6SrcCustoms []SecuritypolicyInternetService6SrcCustomArgs
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    InternetService6SrcGroups []SecuritypolicyInternetService6SrcGroupArgs
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    InternetService6SrcNames []SecuritypolicyInternetService6SrcNameArgs
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    InternetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceCustomGroups []SecuritypolicyInternetServiceCustomGroupArgs
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms []SecuritypolicyInternetServiceCustomArgs
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups []SecuritypolicyInternetServiceGroupArgs
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds []SecuritypolicyInternetServiceIdArgs
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames []SecuritypolicyInternetServiceNameArgs
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups []SecuritypolicyInternetServiceSrcCustomGroupArgs
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms []SecuritypolicyInternetServiceSrcCustomArgs
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups []SecuritypolicyInternetServiceSrcGroupArgs
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds []SecuritypolicyInternetServiceSrcIdArgs
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames []SecuritypolicyInternetServiceSrcNameArgs
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    IpsVoipFilter string
    Name of an existing VoIP (ips) profile.
    LearningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    Nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    Policyid int
    Policy ID.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    SctpFilterProfile string
    Name of an existing SCTP filter profile.
    SendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []SecuritypolicyServiceArgs
    Service and service group names. The structure of service block is documented below.
    Srcaddr4s []SecuritypolicySrcaddr4Args
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddr6s []SecuritypolicySrcaddr6Args
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs []SecuritypolicySrcaddrArgs
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    Srcintfs []SecuritypolicySrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    UrlCategories []SecuritypolicyUrlCategoryArgs
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    UrlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    Users []SecuritypolicyUserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VideofilterProfile string
    Name of an existing VideoFilter profile.
    VirtualPatchProfile string
    Name of an existing virtual-patch profile.
    VoipProfile string
    Name of an existing VoIP (voipd) profile.
    WebfilterProfile string
    Name of an existing Web filter profile.
    action String
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories List<SecuritypolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<SecuritypolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<SecuritypolicyApplication>
    Application ID list. The structure of application block is documented below.
    avProfile String
    Name of an existing Antivirus profile.
    casbProfile String
    Name of an existing CASB profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diameterFilterProfile String
    Name of an existing Diameter filter profile.
    dlpProfile String
    Name of an existing DLP profile.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<SecuritypolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate String
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s List<SecuritypolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<SecuritypolicyDstaddr>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs List<SecuritypolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    enforceDefaultAppPort String
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile String
    Name of an existing file-filter profile.
    fssoGroups List<SecuritypolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<SecuritypolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile String
    Name of an existing ICAP profile.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 String
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups List<SecuritypolicyInternetService6CustomGroup>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs List<SecuritypolicyInternetService6Custom>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups List<SecuritypolicyInternetService6Group>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names List<SecuritypolicyInternetService6Name>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate String
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src String
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups List<SecuritypolicyInternetService6SrcCustomGroup>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms List<SecuritypolicyInternetService6SrcCustom>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups List<SecuritypolicyInternetService6SrcGroup>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames List<SecuritypolicyInternetService6SrcName>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate String
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups List<SecuritypolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<SecuritypolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<SecuritypolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<SecuritypolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<SecuritypolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<SecuritypolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<SecuritypolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<SecuritypolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<SecuritypolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<SecuritypolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    ipsVoipFilter String
    Name of an existing VoIP (ips) profile.
    learningMode String
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat46 String
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 String
    Enable/disable NAT64. Valid values: enable, disable.
    policyid Integer
    Policy ID.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    sctpFilterProfile String
    Name of an existing SCTP filter profile.
    sendDenyPacket String
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<SecuritypolicyService>
    Service and service group names. The structure of service block is documented below.
    srcaddr4s List<SecuritypolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate String
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s List<SecuritypolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<SecuritypolicySrcaddr>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs List<SecuritypolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories List<SecuritypolicyUrlCategory>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary String
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users List<SecuritypolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile String
    Name of an existing VideoFilter profile.
    virtualPatchProfile String
    Name of an existing virtual-patch profile.
    voipProfile String
    Name of an existing VoIP (voipd) profile.
    webfilterProfile String
    Name of an existing Web filter profile.
    action string
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories SecuritypolicyAppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups SecuritypolicyAppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications SecuritypolicyApplication[]
    Application ID list. The structure of application block is documented below.
    avProfile string
    Name of an existing Antivirus profile.
    casbProfile string
    Name of an existing CASB profile.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    diameterFilterProfile string
    Name of an existing Diameter filter profile.
    dlpProfile string
    Name of an existing DLP profile.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dstaddr4s SecuritypolicyDstaddr4[]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate string
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s SecuritypolicyDstaddr6[]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate string
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs SecuritypolicyDstaddr[]
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs SecuritypolicyDstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    enforceDefaultAppPort string
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile string
    Name of an existing file-filter profile.
    fssoGroups SecuritypolicyFssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups SecuritypolicyGroup[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile string
    Name of an existing ICAP profile.
    internetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 string
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups SecuritypolicyInternetService6CustomGroup[]
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs SecuritypolicyInternetService6Custom[]
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups SecuritypolicyInternetService6Group[]
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names SecuritypolicyInternetService6Name[]
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate string
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src string
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups SecuritypolicyInternetService6SrcCustomGroup[]
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms SecuritypolicyInternetService6SrcCustom[]
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups SecuritypolicyInternetService6SrcGroup[]
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames SecuritypolicyInternetService6SrcName[]
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate string
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups SecuritypolicyInternetServiceCustomGroup[]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms SecuritypolicyInternetServiceCustom[]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups SecuritypolicyInternetServiceGroup[]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds SecuritypolicyInternetServiceId[]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames SecuritypolicyInternetServiceName[]
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups SecuritypolicyInternetServiceSrcCustomGroup[]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms SecuritypolicyInternetServiceSrcCustom[]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups SecuritypolicyInternetServiceSrcGroup[]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds SecuritypolicyInternetServiceSrcId[]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames SecuritypolicyInternetServiceSrcName[]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    ipsVoipFilter string
    Name of an existing VoIP (ips) profile.
    learningMode string
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat46 string
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 string
    Enable/disable NAT64. Valid values: enable, disable.
    policyid number
    Policy ID.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule string
    Schedule name.
    sctpFilterProfile string
    Name of an existing SCTP filter profile.
    sendDenyPacket string
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services SecuritypolicyService[]
    Service and service group names. The structure of service block is documented below.
    srcaddr4s SecuritypolicySrcaddr4[]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate string
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s SecuritypolicySrcaddr6[]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate string
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs SecuritypolicySrcaddr[]
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs SecuritypolicySrcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories SecuritypolicyUrlCategory[]
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary string
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users SecuritypolicyUser[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile string
    Name of an existing VideoFilter profile.
    virtualPatchProfile string
    Name of an existing virtual-patch profile.
    voipProfile string
    Name of an existing VoIP (voipd) profile.
    webfilterProfile string
    Name of an existing Web filter profile.
    action str
    Policy action (accept/deny). Valid values: accept, deny.
    app_categories Sequence[SecuritypolicyAppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[SecuritypolicyAppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[SecuritypolicyApplicationArgs]
    Application ID list. The structure of application block is documented below.
    av_profile str
    Name of an existing Antivirus profile.
    casb_profile str
    Name of an existing CASB profile.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    diameter_filter_profile str
    Name of an existing Diameter filter profile.
    dlp_profile str
    Name of an existing DLP profile.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dstaddr4s Sequence[SecuritypolicyDstaddr4Args]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6_negate str
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s Sequence[SecuritypolicyDstaddr6Args]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddr_negate str
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs Sequence[SecuritypolicyDstaddrArgs]
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs Sequence[SecuritypolicyDstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    enforce_default_app_port str
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    file_filter_profile str
    Name of an existing file-filter profile.
    fsso_groups Sequence[SecuritypolicyFssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups Sequence[SecuritypolicyGroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icap_profile str
    Name of an existing ICAP profile.
    internet_service str
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internet_service6 str
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internet_service6_custom_groups Sequence[SecuritypolicyInternetService6CustomGroupArgs]
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internet_service6_customs Sequence[SecuritypolicyInternetService6CustomArgs]
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internet_service6_groups Sequence[SecuritypolicyInternetService6GroupArgs]
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internet_service6_names Sequence[SecuritypolicyInternetService6NameArgs]
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internet_service6_negate str
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internet_service6_src str
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service6_src_custom_groups Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internet_service6_src_customs Sequence[SecuritypolicyInternetService6SrcCustomArgs]
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internet_service6_src_groups Sequence[SecuritypolicyInternetService6SrcGroupArgs]
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internet_service6_src_names Sequence[SecuritypolicyInternetService6SrcNameArgs]
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internet_service6_src_negate str
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_custom_groups Sequence[SecuritypolicyInternetServiceCustomGroupArgs]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internet_service_customs Sequence[SecuritypolicyInternetServiceCustomArgs]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internet_service_groups Sequence[SecuritypolicyInternetServiceGroupArgs]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internet_service_ids Sequence[SecuritypolicyInternetServiceIdArgs]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internet_service_names Sequence[SecuritypolicyInternetServiceNameArgs]
    Internet Service name. The structure of internet_service_name block is documented below.
    internet_service_negate str
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_src str
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service_src_custom_groups Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internet_service_src_customs Sequence[SecuritypolicyInternetServiceSrcCustomArgs]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internet_service_src_groups Sequence[SecuritypolicyInternetServiceSrcGroupArgs]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internet_service_src_ids Sequence[SecuritypolicyInternetServiceSrcIdArgs]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internet_service_src_names Sequence[SecuritypolicyInternetServiceSrcNameArgs]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internet_service_src_negate str
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    ips_voip_filter str
    Name of an existing VoIP (ips) profile.
    learning_mode str
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat46 str
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 str
    Enable/disable NAT64. Valid values: enable, disable.
    policyid int
    Policy ID.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule str
    Schedule name.
    sctp_filter_profile str
    Name of an existing SCTP filter profile.
    send_deny_packet str
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[SecuritypolicyServiceArgs]
    Service and service group names. The structure of service block is documented below.
    srcaddr4s Sequence[SecuritypolicySrcaddr4Args]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6_negate str
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s Sequence[SecuritypolicySrcaddr6Args]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddr_negate str
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs Sequence[SecuritypolicySrcaddrArgs]
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs Sequence[SecuritypolicySrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    url_categories Sequence[SecuritypolicyUrlCategoryArgs]
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    url_category_unitary str
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users Sequence[SecuritypolicyUserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilter_profile str
    Name of an existing VideoFilter profile.
    virtual_patch_profile str
    Name of an existing virtual-patch profile.
    voip_profile str
    Name of an existing VoIP (voipd) profile.
    webfilter_profile str
    Name of an existing Web filter profile.
    action String
    Policy action (accept/deny). Valid values: accept, deny.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    avProfile String
    Name of an existing Antivirus profile.
    casbProfile String
    Name of an existing CASB profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diameterFilterProfile String
    Name of an existing Diameter filter profile.
    dlpProfile String
    Name of an existing DLP profile.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6Negate String
    When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddr6s List<Property Map>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    enforceDefaultAppPort String
    Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
    fileFilterProfile String
    Name of an existing file-filter profile.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    icapProfile String
    Name of an existing ICAP profile.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetService6 String
    Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
    internetService6CustomGroups List<Property Map>
    Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
    internetService6Customs List<Property Map>
    Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
    internetService6Groups List<Property Map>
    Internet Service group name. The structure of internet_service6_group block is documented below.
    internetService6Names List<Property Map>
    IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
    internetService6Negate String
    When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
    internetService6Src String
    Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetService6SrcCustomGroups List<Property Map>
    Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
    internetService6SrcCustoms List<Property Map>
    Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
    internetService6SrcGroups List<Property Map>
    Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
    internetService6SrcNames List<Property Map>
    IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
    internetService6SrcNegate String
    When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceCustomGroups List<Property Map>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<Property Map>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<Property Map>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<Property Map>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<Property Map>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<Property Map>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<Property Map>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<Property Map>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<Property Map>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<Property Map>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    ipsVoipFilter String
    Name of an existing VoIP (ips) profile.
    learningMode String
    Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat46 String
    Enable/disable NAT46. Valid values: enable, disable.
    nat64 String
    Enable/disable NAT64. Valid values: enable, disable.
    policyid Number
    Policy ID.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    sctpFilterProfile String
    Name of an existing SCTP filter profile.
    sendDenyPacket String
    Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    srcaddr4s List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6Negate String
    When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddr6s List<Property Map>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    urlCategories List<Property Map>
    URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
    urlCategoryUnitary String
    URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    videofilterProfile String
    Name of an existing VideoFilter profile.
    virtualPatchProfile String
    Name of an existing virtual-patch profile.
    voipProfile String
    Name of an existing VoIP (voipd) profile.
    webfilterProfile String
    Name of an existing Web filter profile.

    Supporting Types

    SecuritypolicyAppCategory, SecuritypolicyAppCategoryArgs

    Id int
    Category IDs.
    Id int
    Category IDs.
    id Integer
    Category IDs.
    id number
    Category IDs.
    id int
    Category IDs.
    id Number
    Category IDs.

    SecuritypolicyAppGroup, SecuritypolicyAppGroupArgs

    Name string
    Application group names.
    Name string
    Application group names.
    name String
    Application group names.
    name string
    Application group names.
    name str
    Application group names.
    name String
    Application group names.

    SecuritypolicyApplication, SecuritypolicyApplicationArgs

    Id int
    Application IDs.
    Id int
    Application IDs.
    id Integer
    Application IDs.
    id number
    Application IDs.
    id int
    Application IDs.
    id Number
    Application IDs.

    SecuritypolicyDstaddr, SecuritypolicyDstaddrArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    SecuritypolicyDstaddr4, SecuritypolicyDstaddr4Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyDstaddr6, SecuritypolicyDstaddr6Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyDstintf, SecuritypolicyDstintfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    SecuritypolicyFssoGroup, SecuritypolicyFssoGroupArgs

    Name string
    Names of FSSO groups.
    Name string
    Names of FSSO groups.
    name String
    Names of FSSO groups.
    name string
    Names of FSSO groups.
    name str
    Names of FSSO groups.
    name String
    Names of FSSO groups.

    SecuritypolicyGroup, SecuritypolicyGroupArgs

    Name string
    User group name.
    Name string
    User group name.
    name String
    User group name.
    name string
    User group name.
    name str
    User group name.
    name String
    User group name.

    SecuritypolicyInternetService6Custom, SecuritypolicyInternetService6CustomArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6CustomGroup, SecuritypolicyInternetService6CustomGroupArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6Group, SecuritypolicyInternetService6GroupArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6Name, SecuritypolicyInternetService6NameArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6SrcCustom, SecuritypolicyInternetService6SrcCustomArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6SrcCustomGroup, SecuritypolicyInternetService6SrcCustomGroupArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6SrcGroup, SecuritypolicyInternetService6SrcGroupArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetService6SrcName, SecuritypolicyInternetService6SrcNameArgs

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicyInternetServiceCustom, SecuritypolicyInternetServiceCustomArgs

    Name string
    Custom Internet Service name.
    Name string
    Custom Internet Service name.
    name String
    Custom Internet Service name.
    name string
    Custom Internet Service name.
    name str
    Custom Internet Service name.
    name String
    Custom Internet Service name.

    SecuritypolicyInternetServiceCustomGroup, SecuritypolicyInternetServiceCustomGroupArgs

    Name string
    Custom Internet Service group name.
    Name string
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.
    name string
    Custom Internet Service group name.
    name str
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.

    SecuritypolicyInternetServiceGroup, SecuritypolicyInternetServiceGroupArgs

    Name string
    Internet Service group name.
    Name string
    Internet Service group name.
    name String
    Internet Service group name.
    name string
    Internet Service group name.
    name str
    Internet Service group name.
    name String
    Internet Service group name.

    SecuritypolicyInternetServiceId, SecuritypolicyInternetServiceIdArgs

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    SecuritypolicyInternetServiceName, SecuritypolicyInternetServiceNameArgs

    Name string
    Internet Service name.
    Name string
    Internet Service name.
    name String
    Internet Service name.
    name string
    Internet Service name.
    name str
    Internet Service name.
    name String
    Internet Service name.

    SecuritypolicyInternetServiceSrcCustom, SecuritypolicyInternetServiceSrcCustomArgs

    Name string
    Custom Internet Service name.
    Name string
    Custom Internet Service name.
    name String
    Custom Internet Service name.
    name string
    Custom Internet Service name.
    name str
    Custom Internet Service name.
    name String
    Custom Internet Service name.

    SecuritypolicyInternetServiceSrcCustomGroup, SecuritypolicyInternetServiceSrcCustomGroupArgs

    Name string
    Custom Internet Service6 group name.
    Name string
    Custom Internet Service6 group name.
    name String
    Custom Internet Service6 group name.
    name string
    Custom Internet Service6 group name.
    name str
    Custom Internet Service6 group name.
    name String
    Custom Internet Service6 group name.

    SecuritypolicyInternetServiceSrcGroup, SecuritypolicyInternetServiceSrcGroupArgs

    Name string
    Internet Service group name.
    Name string
    Internet Service group name.
    name String
    Internet Service group name.
    name string
    Internet Service group name.
    name str
    Internet Service group name.
    name String
    Internet Service group name.

    SecuritypolicyInternetServiceSrcId, SecuritypolicyInternetServiceSrcIdArgs

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    SecuritypolicyInternetServiceSrcName, SecuritypolicyInternetServiceSrcNameArgs

    Name string
    Internet Service name.
    Name string
    Internet Service name.
    name String
    Internet Service name.
    name string
    Internet Service name.
    name str
    Internet Service name.
    name String
    Internet Service name.

    SecuritypolicyService, SecuritypolicyServiceArgs

    Name string
    Service name.
    Name string
    Service name.
    name String
    Service name.
    name string
    Service name.
    name str
    Service name.
    name String
    Service name.

    SecuritypolicySrcaddr, SecuritypolicySrcaddrArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    SecuritypolicySrcaddr4, SecuritypolicySrcaddr4Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicySrcaddr6, SecuritypolicySrcaddr6Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    SecuritypolicySrcintf, SecuritypolicySrcintfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    SecuritypolicyUrlCategory, SecuritypolicyUrlCategoryArgs

    Id int
    URL category ID.
    Id int
    URL category ID.
    id Integer
    URL category ID.
    id number
    URL category ID.
    id int
    URL category ID.
    id Number
    URL category ID.

    SecuritypolicyUser, SecuritypolicyUserArgs

    Name string
    User name.
    Name string
    User name.
    name String
    User name.
    name string
    User name.
    name str
    User name.
    name String
    User name.

    Import

    Firewall SecurityPolicy can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse