fortios.fmg.FirewallSecurityPolicy
Explore with Pulumi AI
This resource supports Create/Read/Update/Delete firewall security policy on FortiManager which could be installed to the FortiGate later
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const test1 = new fortios.fmg.FirewallSecurityPolicy("test1", {
action: "accept",
avProfiles: ["g-default"],
capturePacket: "enable",
comments: "policy test",
dnsfilterProfiles: ["default"],
dstaddrs: ["all"],
dstintfs: ["any"],
fixedport: "enable",
groups: ["Guest-group"],
ippool: "disable",
logtraffic: "all",
logtrafficStart: "enable",
nat: "enable",
packageName: "dvm-test",
profileType: "single",
schedules: ["always"],
services: ["ALL"],
srcaddrs: ["all"],
srcintfs: ["any"],
trafficShapers: ["high-priority"],
users: ["guest"],
utmStatus: "enable",
});
import pulumi
import pulumiverse_fortios as fortios
test1 = fortios.fmg.FirewallSecurityPolicy("test1",
action="accept",
av_profiles=["g-default"],
capture_packet="enable",
comments="policy test",
dnsfilter_profiles=["default"],
dstaddrs=["all"],
dstintfs=["any"],
fixedport="enable",
groups=["Guest-group"],
ippool="disable",
logtraffic="all",
logtraffic_start="enable",
nat="enable",
package_name="dvm-test",
profile_type="single",
schedules=["always"],
services=["ALL"],
srcaddrs=["all"],
srcintfs=["any"],
traffic_shapers=["high-priority"],
users=["guest"],
utm_status="enable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/fmg"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fmg.NewFirewallSecurityPolicy(ctx, "test1", &fmg.FirewallSecurityPolicyArgs{
Action: pulumi.String("accept"),
AvProfiles: pulumi.StringArray{
pulumi.String("g-default"),
},
CapturePacket: pulumi.String("enable"),
Comments: pulumi.String("policy test"),
DnsfilterProfiles: pulumi.StringArray{
pulumi.String("default"),
},
Dstaddrs: pulumi.StringArray{
pulumi.String("all"),
},
Dstintfs: pulumi.StringArray{
pulumi.String("any"),
},
Fixedport: pulumi.String("enable"),
Groups: pulumi.StringArray{
pulumi.String("Guest-group"),
},
Ippool: pulumi.String("disable"),
Logtraffic: pulumi.String("all"),
LogtrafficStart: pulumi.String("enable"),
Nat: pulumi.String("enable"),
PackageName: pulumi.String("dvm-test"),
ProfileType: pulumi.String("single"),
Schedules: pulumi.StringArray{
pulumi.String("always"),
},
Services: pulumi.StringArray{
pulumi.String("ALL"),
},
Srcaddrs: pulumi.StringArray{
pulumi.String("all"),
},
Srcintfs: pulumi.StringArray{
pulumi.String("any"),
},
TrafficShapers: pulumi.StringArray{
pulumi.String("high-priority"),
},
Users: pulumi.StringArray{
pulumi.String("guest"),
},
UtmStatus: pulumi.String("enable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var test1 = new Fortios.Fmg.FirewallSecurityPolicy("test1", new()
{
Action = "accept",
AvProfiles = new[]
{
"g-default",
},
CapturePacket = "enable",
Comments = "policy test",
DnsfilterProfiles = new[]
{
"default",
},
Dstaddrs = new[]
{
"all",
},
Dstintfs = new[]
{
"any",
},
Fixedport = "enable",
Groups = new[]
{
"Guest-group",
},
Ippool = "disable",
Logtraffic = "all",
LogtrafficStart = "enable",
Nat = "enable",
PackageName = "dvm-test",
ProfileType = "single",
Schedules = new[]
{
"always",
},
Services = new[]
{
"ALL",
},
Srcaddrs = new[]
{
"all",
},
Srcintfs = new[]
{
"any",
},
TrafficShapers = new[]
{
"high-priority",
},
Users = new[]
{
"guest",
},
UtmStatus = "enable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.fmg.FirewallSecurityPolicy;
import com.pulumi.fortios.fmg.FirewallSecurityPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test1 = new FirewallSecurityPolicy("test1", FirewallSecurityPolicyArgs.builder()
.action("accept")
.avProfiles("g-default")
.capturePacket("enable")
.comments("policy test")
.dnsfilterProfiles("default")
.dstaddrs("all")
.dstintfs("any")
.fixedport("enable")
.groups("Guest-group")
.ippool("disable")
.logtraffic("all")
.logtrafficStart("enable")
.nat("enable")
.packageName("dvm-test")
.profileType("single")
.schedules("always")
.services("ALL")
.srcaddrs("all")
.srcintfs("any")
.trafficShapers("high-priority")
.users("guest")
.utmStatus("enable")
.build());
}
}
resources:
test1:
type: fortios:fmg:FirewallSecurityPolicy
properties:
action: accept
avProfiles:
- g-default
capturePacket: enable
comments: policy test
dnsfilterProfiles:
- default
dstaddrs:
- all
dstintfs:
- any
fixedport: enable
groups:
- Guest-group
ippool: disable
logtraffic: all
logtrafficStart: enable
nat: enable
packageName: dvm-test
profileType: single
schedules:
- always
services:
- ALL
srcaddrs:
- all
srcintfs:
- any
trafficShapers:
- high-priority
users:
- guest
utmStatus: enable
Create FirewallSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallSecurityPolicy(name: string, args: FirewallSecurityPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallSecurityPolicy(resource_name: str,
args: FirewallSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
dstaddrs: Optional[Sequence[str]] = None,
srcintfs: Optional[Sequence[str]] = None,
srcaddrs: Optional[Sequence[str]] = None,
services: Optional[Sequence[str]] = None,
schedules: Optional[Sequence[str]] = None,
dstintfs: Optional[Sequence[str]] = None,
ips_sensors: Optional[Sequence[str]] = None,
package_name: Optional[str] = None,
comments: Optional[str] = None,
fixedport: Optional[str] = None,
fsso: Optional[str] = None,
groups: Optional[Sequence[str]] = None,
inbound: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service_ids: Optional[Sequence[str]] = None,
internet_service_names: Optional[Sequence[str]] = None,
internet_service_src: Optional[str] = None,
internet_service_src_ids: Optional[Sequence[str]] = None,
internet_service_src_names: Optional[Sequence[str]] = None,
ippool: Optional[str] = None,
action: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
dnsfilter_profiles: Optional[Sequence[str]] = None,
per_ip_shapers: Optional[Sequence[str]] = None,
poolnames: Optional[Sequence[str]] = None,
profile_groups: Optional[Sequence[str]] = None,
profile_protocol_options: Optional[Sequence[str]] = None,
profile_type: Optional[str] = None,
rsso: Optional[str] = None,
capture_packet: Optional[str] = None,
av_profiles: Optional[Sequence[str]] = None,
application_lists: Optional[Sequence[str]] = None,
adom: Optional[str] = None,
traffic_shaper_reverses: Optional[Sequence[str]] = None,
traffic_shapers: Optional[Sequence[str]] = None,
users: Optional[Sequence[str]] = None,
utm_status: Optional[str] = None,
vpn_tunnels: Optional[Sequence[str]] = None,
waf_profiles: Optional[Sequence[str]] = None,
webfilter_profiles: Optional[Sequence[str]] = None)
func NewFirewallSecurityPolicy(ctx *Context, name string, args FirewallSecurityPolicyArgs, opts ...ResourceOption) (*FirewallSecurityPolicy, error)
public FirewallSecurityPolicy(string name, FirewallSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallSecurityPolicy(String name, FirewallSecurityPolicyArgs args)
public FirewallSecurityPolicy(String name, FirewallSecurityPolicyArgs args, CustomResourceOptions options)
type: fortios:fmg:FirewallSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallSecurityPolicyResource = new Fortios.Fmg.FirewallSecurityPolicy("firewallSecurityPolicyResource", new()
{
Dstaddrs = new[]
{
"string",
},
Srcintfs = new[]
{
"string",
},
Srcaddrs = new[]
{
"string",
},
Services = new[]
{
"string",
},
Schedules = new[]
{
"string",
},
Dstintfs = new[]
{
"string",
},
IpsSensors = new[]
{
"string",
},
PackageName = "string",
Comments = "string",
Fixedport = "string",
Fsso = "string",
Groups = new[]
{
"string",
},
Inbound = "string",
InternetService = "string",
InternetServiceIds = new[]
{
"string",
},
InternetServiceNames = new[]
{
"string",
},
InternetServiceSrc = "string",
InternetServiceSrcIds = new[]
{
"string",
},
InternetServiceSrcNames = new[]
{
"string",
},
Ippool = "string",
Action = "string",
Logtraffic = "string",
LogtrafficStart = "string",
Name = "string",
Nat = "string",
DnsfilterProfiles = new[]
{
"string",
},
PerIpShapers = new[]
{
"string",
},
Poolnames = new[]
{
"string",
},
ProfileGroups = new[]
{
"string",
},
ProfileProtocolOptions = new[]
{
"string",
},
ProfileType = "string",
Rsso = "string",
CapturePacket = "string",
AvProfiles = new[]
{
"string",
},
ApplicationLists = new[]
{
"string",
},
Adom = "string",
TrafficShaperReverses = new[]
{
"string",
},
TrafficShapers = new[]
{
"string",
},
Users = new[]
{
"string",
},
UtmStatus = "string",
VpnTunnels = new[]
{
"string",
},
WafProfiles = new[]
{
"string",
},
WebfilterProfiles = new[]
{
"string",
},
});
example, err := fmg.NewFirewallSecurityPolicy(ctx, "firewallSecurityPolicyResource", &fmg.FirewallSecurityPolicyArgs{
Dstaddrs: pulumi.StringArray{
pulumi.String("string"),
},
Srcintfs: pulumi.StringArray{
pulumi.String("string"),
},
Srcaddrs: pulumi.StringArray{
pulumi.String("string"),
},
Services: pulumi.StringArray{
pulumi.String("string"),
},
Schedules: pulumi.StringArray{
pulumi.String("string"),
},
Dstintfs: pulumi.StringArray{
pulumi.String("string"),
},
IpsSensors: pulumi.StringArray{
pulumi.String("string"),
},
PackageName: pulumi.String("string"),
Comments: pulumi.String("string"),
Fixedport: pulumi.String("string"),
Fsso: pulumi.String("string"),
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Inbound: pulumi.String("string"),
InternetService: pulumi.String("string"),
InternetServiceIds: pulumi.StringArray{
pulumi.String("string"),
},
InternetServiceNames: pulumi.StringArray{
pulumi.String("string"),
},
InternetServiceSrc: pulumi.String("string"),
InternetServiceSrcIds: pulumi.StringArray{
pulumi.String("string"),
},
InternetServiceSrcNames: pulumi.StringArray{
pulumi.String("string"),
},
Ippool: pulumi.String("string"),
Action: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
Name: pulumi.String("string"),
Nat: pulumi.String("string"),
DnsfilterProfiles: pulumi.StringArray{
pulumi.String("string"),
},
PerIpShapers: pulumi.StringArray{
pulumi.String("string"),
},
Poolnames: pulumi.StringArray{
pulumi.String("string"),
},
ProfileGroups: pulumi.StringArray{
pulumi.String("string"),
},
ProfileProtocolOptions: pulumi.StringArray{
pulumi.String("string"),
},
ProfileType: pulumi.String("string"),
Rsso: pulumi.String("string"),
CapturePacket: pulumi.String("string"),
AvProfiles: pulumi.StringArray{
pulumi.String("string"),
},
ApplicationLists: pulumi.StringArray{
pulumi.String("string"),
},
Adom: pulumi.String("string"),
TrafficShaperReverses: pulumi.StringArray{
pulumi.String("string"),
},
TrafficShapers: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.StringArray{
pulumi.String("string"),
},
UtmStatus: pulumi.String("string"),
VpnTunnels: pulumi.StringArray{
pulumi.String("string"),
},
WafProfiles: pulumi.StringArray{
pulumi.String("string"),
},
WebfilterProfiles: pulumi.StringArray{
pulumi.String("string"),
},
})
var firewallSecurityPolicyResource = new FirewallSecurityPolicy("firewallSecurityPolicyResource", FirewallSecurityPolicyArgs.builder()
.dstaddrs("string")
.srcintfs("string")
.srcaddrs("string")
.services("string")
.schedules("string")
.dstintfs("string")
.ipsSensors("string")
.packageName("string")
.comments("string")
.fixedport("string")
.fsso("string")
.groups("string")
.inbound("string")
.internetService("string")
.internetServiceIds("string")
.internetServiceNames("string")
.internetServiceSrc("string")
.internetServiceSrcIds("string")
.internetServiceSrcNames("string")
.ippool("string")
.action("string")
.logtraffic("string")
.logtrafficStart("string")
.name("string")
.nat("string")
.dnsfilterProfiles("string")
.perIpShapers("string")
.poolnames("string")
.profileGroups("string")
.profileProtocolOptions("string")
.profileType("string")
.rsso("string")
.capturePacket("string")
.avProfiles("string")
.applicationLists("string")
.adom("string")
.trafficShaperReverses("string")
.trafficShapers("string")
.users("string")
.utmStatus("string")
.vpnTunnels("string")
.wafProfiles("string")
.webfilterProfiles("string")
.build());
firewall_security_policy_resource = fortios.fmg.FirewallSecurityPolicy("firewallSecurityPolicyResource",
dstaddrs=["string"],
srcintfs=["string"],
srcaddrs=["string"],
services=["string"],
schedules=["string"],
dstintfs=["string"],
ips_sensors=["string"],
package_name="string",
comments="string",
fixedport="string",
fsso="string",
groups=["string"],
inbound="string",
internet_service="string",
internet_service_ids=["string"],
internet_service_names=["string"],
internet_service_src="string",
internet_service_src_ids=["string"],
internet_service_src_names=["string"],
ippool="string",
action="string",
logtraffic="string",
logtraffic_start="string",
name="string",
nat="string",
dnsfilter_profiles=["string"],
per_ip_shapers=["string"],
poolnames=["string"],
profile_groups=["string"],
profile_protocol_options=["string"],
profile_type="string",
rsso="string",
capture_packet="string",
av_profiles=["string"],
application_lists=["string"],
adom="string",
traffic_shaper_reverses=["string"],
traffic_shapers=["string"],
users=["string"],
utm_status="string",
vpn_tunnels=["string"],
waf_profiles=["string"],
webfilter_profiles=["string"])
const firewallSecurityPolicyResource = new fortios.fmg.FirewallSecurityPolicy("firewallSecurityPolicyResource", {
dstaddrs: ["string"],
srcintfs: ["string"],
srcaddrs: ["string"],
services: ["string"],
schedules: ["string"],
dstintfs: ["string"],
ipsSensors: ["string"],
packageName: "string",
comments: "string",
fixedport: "string",
fsso: "string",
groups: ["string"],
inbound: "string",
internetService: "string",
internetServiceIds: ["string"],
internetServiceNames: ["string"],
internetServiceSrc: "string",
internetServiceSrcIds: ["string"],
internetServiceSrcNames: ["string"],
ippool: "string",
action: "string",
logtraffic: "string",
logtrafficStart: "string",
name: "string",
nat: "string",
dnsfilterProfiles: ["string"],
perIpShapers: ["string"],
poolnames: ["string"],
profileGroups: ["string"],
profileProtocolOptions: ["string"],
profileType: "string",
rsso: "string",
capturePacket: "string",
avProfiles: ["string"],
applicationLists: ["string"],
adom: "string",
trafficShaperReverses: ["string"],
trafficShapers: ["string"],
users: ["string"],
utmStatus: "string",
vpnTunnels: ["string"],
wafProfiles: ["string"],
webfilterProfiles: ["string"],
});
type: fortios:fmg:FirewallSecurityPolicy
properties:
action: string
adom: string
applicationLists:
- string
avProfiles:
- string
capturePacket: string
comments: string
dnsfilterProfiles:
- string
dstaddrs:
- string
dstintfs:
- string
fixedport: string
fsso: string
groups:
- string
inbound: string
internetService: string
internetServiceIds:
- string
internetServiceNames:
- string
internetServiceSrc: string
internetServiceSrcIds:
- string
internetServiceSrcNames:
- string
ippool: string
ipsSensors:
- string
logtraffic: string
logtrafficStart: string
name: string
nat: string
packageName: string
perIpShapers:
- string
poolnames:
- string
profileGroups:
- string
profileProtocolOptions:
- string
profileType: string
rsso: string
schedules:
- string
services:
- string
srcaddrs:
- string
srcintfs:
- string
trafficShaperReverses:
- string
trafficShapers:
- string
users:
- string
utmStatus: string
vpnTunnels:
- string
wafProfiles:
- string
webfilterProfiles:
- string
FirewallSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallSecurityPolicy resource accepts the following input properties:
- Dstaddrs List<string>
- Destination address and adress group names.
- Dstintfs List<string>
- Outgoing interface.
- Schedules List<string>
- Schedule name.
- Services List<string>
- Service and service group names.
- Srcaddrs List<string>
- Source address and adress group names.
- Srcintfs List<string>
- Incoming interface.
- Action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- Adom string
- ADOM name. default is 'root'.
- Application
Lists List<string> - Name of an existing Application list.
- Av
Profiles List<string> - Name of an existing Antivirus profile.
- Capture
Packet string - Enable/disable capture packets.
- Comments string
- Comments.
- Dnsfilter
Profiles List<string> - Name of an existing DNS filter profile.
- Fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- Fsso string
- Enable/disable Fortinet Single Sign-On.
- Groups List<string>
- Names of user groups that can authenticate with this policy.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- Internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- Internet
Service List<string>Ids - Destination Internet Service ID.
- Internet
Service List<string>Names - Destination Internet Service Name.
- Internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- Internet
Service List<string>Src Ids - Source Internet Service ID.
- Internet
Service List<string>Src Names - Source Internet Service Name.
- Ippool string
- Enable/disable to use IP Pools for source NAT.
- Ips
Sensors List<string> - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- Logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT.
- Package
Name string - The package name which the policy will be added to.
- Per
Ip List<string>Shapers - Per-IP traffic shaper.
- Poolnames List<string>
- IP Pool names.
- Profile
Groups List<string> - Name of profile group.
- Profile
Protocol List<string>Options - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- Rsso string
- Enable/disable RADIUS Single Sign-On.
- Traffic
Shaper List<string>Reverses - Reverse traffic shaper.
- Traffic
Shapers List<string> - Traffic shaper.
- Users List<string>
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- Vpn
Tunnels List<string> - Waf
Profiles List<string> - Name of an existing Web application firewall profile.
- Webfilter
Profiles List<string> - Name of an existing Web filter profile.
- Dstaddrs []string
- Destination address and adress group names.
- Dstintfs []string
- Outgoing interface.
- Schedules []string
- Schedule name.
- Services []string
- Service and service group names.
- Srcaddrs []string
- Source address and adress group names.
- Srcintfs []string
- Incoming interface.
- Action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- Adom string
- ADOM name. default is 'root'.
- Application
Lists []string - Name of an existing Application list.
- Av
Profiles []string - Name of an existing Antivirus profile.
- Capture
Packet string - Enable/disable capture packets.
- Comments string
- Comments.
- Dnsfilter
Profiles []string - Name of an existing DNS filter profile.
- Fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- Fsso string
- Enable/disable Fortinet Single Sign-On.
- Groups []string
- Names of user groups that can authenticate with this policy.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- Internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- Internet
Service []stringIds - Destination Internet Service ID.
- Internet
Service []stringNames - Destination Internet Service Name.
- Internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- Internet
Service []stringSrc Ids - Source Internet Service ID.
- Internet
Service []stringSrc Names - Source Internet Service Name.
- Ippool string
- Enable/disable to use IP Pools for source NAT.
- Ips
Sensors []string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- Logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT.
- Package
Name string - The package name which the policy will be added to.
- Per
Ip []stringShapers - Per-IP traffic shaper.
- Poolnames []string
- IP Pool names.
- Profile
Groups []string - Name of profile group.
- Profile
Protocol []stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- Rsso string
- Enable/disable RADIUS Single Sign-On.
- Traffic
Shaper []stringReverses - Reverse traffic shaper.
- Traffic
Shapers []string - Traffic shaper.
- Users []string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- Vpn
Tunnels []string - Waf
Profiles []string - Name of an existing Web application firewall profile.
- Webfilter
Profiles []string - Name of an existing Web filter profile.
- dstaddrs List<String>
- Destination address and adress group names.
- dstintfs List<String>
- Outgoing interface.
- schedules List<String>
- Schedule name.
- services List<String>
- Service and service group names.
- srcaddrs List<String>
- Source address and adress group names.
- srcintfs List<String>
- Incoming interface.
- action String
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom String
- ADOM name. default is 'root'.
- application
Lists List<String> - Name of an existing Application list.
- av
Profiles List<String> - Name of an existing Antivirus profile.
- capture
Packet String - Enable/disable capture packets.
- comments String
- Comments.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- fixedport String
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso String
- Enable/disable Fortinet Single Sign-On.
- groups List<String>
- Names of user groups that can authenticate with this policy.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service String - Enable/disable use of Destination Internet Services for this policy.
- internet
Service List<String>Ids - Destination Internet Service ID.
- internet
Service List<String>Names - Destination Internet Service Name.
- internet
Service StringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service List<String>Src Ids - Source Internet Service ID.
- internet
Service List<String>Src Names - Source Internet Service Name.
- ippool String
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors List<String> - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start String - Record logs when a session starts and ends. Enum: [disable, enable]
- name String
- Policy name.
- nat String
- Enable/disable source NAT.
- package
Name String - The package name which the policy will be added to.
- per
Ip List<String>Shapers - Per-IP traffic shaper.
- poolnames List<String>
- IP Pool names.
- profile
Groups List<String> - Name of profile group.
- profile
Protocol List<String>Options - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso String
- Enable/disable RADIUS Single Sign-On.
- traffic
Shaper List<String>Reverses - Reverse traffic shaper.
- traffic
Shapers List<String> - Traffic shaper.
- users List<String>
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels List<String> - waf
Profiles List<String> - Name of an existing Web application firewall profile.
- webfilter
Profiles List<String> - Name of an existing Web filter profile.
- dstaddrs string[]
- Destination address and adress group names.
- dstintfs string[]
- Outgoing interface.
- schedules string[]
- Schedule name.
- services string[]
- Service and service group names.
- srcaddrs string[]
- Source address and adress group names.
- srcintfs string[]
- Incoming interface.
- action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom string
- ADOM name. default is 'root'.
- application
Lists string[] - Name of an existing Application list.
- av
Profiles string[] - Name of an existing Antivirus profile.
- capture
Packet string - Enable/disable capture packets.
- comments string
- Comments.
- dnsfilter
Profiles string[] - Name of an existing DNS filter profile.
- fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso string
- Enable/disable Fortinet Single Sign-On.
- groups string[]
- Names of user groups that can authenticate with this policy.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- internet
Service string[]Ids - Destination Internet Service ID.
- internet
Service string[]Names - Destination Internet Service Name.
- internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service string[]Src Ids - Source Internet Service ID.
- internet
Service string[]Src Names - Source Internet Service Name.
- ippool string
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors string[] - Name of an existing IPS sensor.
- logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- name string
- Policy name.
- nat string
- Enable/disable source NAT.
- package
Name string - The package name which the policy will be added to.
- per
Ip string[]Shapers - Per-IP traffic shaper.
- poolnames string[]
- IP Pool names.
- profile
Groups string[] - Name of profile group.
- profile
Protocol string[]Options - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso string
- Enable/disable RADIUS Single Sign-On.
- traffic
Shaper string[]Reverses - Reverse traffic shaper.
- traffic
Shapers string[] - Traffic shaper.
- users string[]
- Names of individual users that can authenticate with this policy.
- utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels string[] - waf
Profiles string[] - Name of an existing Web application firewall profile.
- webfilter
Profiles string[] - Name of an existing Web filter profile.
- dstaddrs Sequence[str]
- Destination address and adress group names.
- dstintfs Sequence[str]
- Outgoing interface.
- schedules Sequence[str]
- Schedule name.
- services Sequence[str]
- Service and service group names.
- srcaddrs Sequence[str]
- Source address and adress group names.
- srcintfs Sequence[str]
- Incoming interface.
- action str
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom str
- ADOM name. default is 'root'.
- application_
lists Sequence[str] - Name of an existing Application list.
- av_
profiles Sequence[str] - Name of an existing Antivirus profile.
- capture_
packet str - Enable/disable capture packets.
- comments str
- Comments.
- dnsfilter_
profiles Sequence[str] - Name of an existing DNS filter profile.
- fixedport str
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso str
- Enable/disable Fortinet Single Sign-On.
- groups Sequence[str]
- Names of user groups that can authenticate with this policy.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet_
service str - Enable/disable use of Destination Internet Services for this policy.
- internet_
service_ Sequence[str]ids - Destination Internet Service ID.
- internet_
service_ Sequence[str]names - Destination Internet Service Name.
- internet_
service_ strsrc - Enable/disable use of Source Internet Services for this policy.
- internet_
service_ Sequence[str]src_ ids - Source Internet Service ID.
- internet_
service_ Sequence[str]src_ names - Source Internet Service Name.
- ippool str
- Enable/disable to use IP Pools for source NAT.
- ips_
sensors Sequence[str] - Name of an existing IPS sensor.
- logtraffic str
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic_
start str - Record logs when a session starts and ends. Enum: [disable, enable]
- name str
- Policy name.
- nat str
- Enable/disable source NAT.
- package_
name str - The package name which the policy will be added to.
- per_
ip_ Sequence[str]shapers - Per-IP traffic shaper.
- poolnames Sequence[str]
- IP Pool names.
- profile_
groups Sequence[str] - Name of profile group.
- profile_
protocol_ Sequence[str]options - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso str
- Enable/disable RADIUS Single Sign-On.
- traffic_
shaper_ Sequence[str]reverses - Reverse traffic shaper.
- traffic_
shapers Sequence[str] - Traffic shaper.
- users Sequence[str]
- Names of individual users that can authenticate with this policy.
- utm_
status str - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn_
tunnels Sequence[str] - waf_
profiles Sequence[str] - Name of an existing Web application firewall profile.
- webfilter_
profiles Sequence[str] - Name of an existing Web filter profile.
- dstaddrs List<String>
- Destination address and adress group names.
- dstintfs List<String>
- Outgoing interface.
- schedules List<String>
- Schedule name.
- services List<String>
- Service and service group names.
- srcaddrs List<String>
- Source address and adress group names.
- srcintfs List<String>
- Incoming interface.
- action String
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom String
- ADOM name. default is 'root'.
- application
Lists List<String> - Name of an existing Application list.
- av
Profiles List<String> - Name of an existing Antivirus profile.
- capture
Packet String - Enable/disable capture packets.
- comments String
- Comments.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- fixedport String
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso String
- Enable/disable Fortinet Single Sign-On.
- groups List<String>
- Names of user groups that can authenticate with this policy.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service String - Enable/disable use of Destination Internet Services for this policy.
- internet
Service List<String>Ids - Destination Internet Service ID.
- internet
Service List<String>Names - Destination Internet Service Name.
- internet
Service StringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service List<String>Src Ids - Source Internet Service ID.
- internet
Service List<String>Src Names - Source Internet Service Name.
- ippool String
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors List<String> - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start String - Record logs when a session starts and ends. Enum: [disable, enable]
- name String
- Policy name.
- nat String
- Enable/disable source NAT.
- package
Name String - The package name which the policy will be added to.
- per
Ip List<String>Shapers - Per-IP traffic shaper.
- poolnames List<String>
- IP Pool names.
- profile
Groups List<String> - Name of profile group.
- profile
Protocol List<String>Options - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso String
- Enable/disable RADIUS Single Sign-On.
- traffic
Shaper List<String>Reverses - Reverse traffic shaper.
- traffic
Shapers List<String> - Traffic shaper.
- users List<String>
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels List<String> - waf
Profiles List<String> - Name of an existing Web application firewall profile.
- webfilter
Profiles List<String> - Name of an existing Web filter profile.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallSecurityPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FirewallSecurityPolicy Resource
Get an existing FirewallSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallSecurityPolicyState, opts?: CustomResourceOptions): FirewallSecurityPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
adom: Optional[str] = None,
application_lists: Optional[Sequence[str]] = None,
av_profiles: Optional[Sequence[str]] = None,
capture_packet: Optional[str] = None,
comments: Optional[str] = None,
dnsfilter_profiles: Optional[Sequence[str]] = None,
dstaddrs: Optional[Sequence[str]] = None,
dstintfs: Optional[Sequence[str]] = None,
fixedport: Optional[str] = None,
fsso: Optional[str] = None,
groups: Optional[Sequence[str]] = None,
inbound: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service_ids: Optional[Sequence[str]] = None,
internet_service_names: Optional[Sequence[str]] = None,
internet_service_src: Optional[str] = None,
internet_service_src_ids: Optional[Sequence[str]] = None,
internet_service_src_names: Optional[Sequence[str]] = None,
ippool: Optional[str] = None,
ips_sensors: Optional[Sequence[str]] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
package_name: Optional[str] = None,
per_ip_shapers: Optional[Sequence[str]] = None,
poolnames: Optional[Sequence[str]] = None,
profile_groups: Optional[Sequence[str]] = None,
profile_protocol_options: Optional[Sequence[str]] = None,
profile_type: Optional[str] = None,
rsso: Optional[str] = None,
schedules: Optional[Sequence[str]] = None,
services: Optional[Sequence[str]] = None,
srcaddrs: Optional[Sequence[str]] = None,
srcintfs: Optional[Sequence[str]] = None,
traffic_shaper_reverses: Optional[Sequence[str]] = None,
traffic_shapers: Optional[Sequence[str]] = None,
users: Optional[Sequence[str]] = None,
utm_status: Optional[str] = None,
vpn_tunnels: Optional[Sequence[str]] = None,
waf_profiles: Optional[Sequence[str]] = None,
webfilter_profiles: Optional[Sequence[str]] = None) -> FirewallSecurityPolicy
func GetFirewallSecurityPolicy(ctx *Context, name string, id IDInput, state *FirewallSecurityPolicyState, opts ...ResourceOption) (*FirewallSecurityPolicy, error)
public static FirewallSecurityPolicy Get(string name, Input<string> id, FirewallSecurityPolicyState? state, CustomResourceOptions? opts = null)
public static FirewallSecurityPolicy get(String name, Output<String> id, FirewallSecurityPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- Adom string
- ADOM name. default is 'root'.
- Application
Lists List<string> - Name of an existing Application list.
- Av
Profiles List<string> - Name of an existing Antivirus profile.
- Capture
Packet string - Enable/disable capture packets.
- Comments string
- Comments.
- Dnsfilter
Profiles List<string> - Name of an existing DNS filter profile.
- Dstaddrs List<string>
- Destination address and adress group names.
- Dstintfs List<string>
- Outgoing interface.
- Fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- Fsso string
- Enable/disable Fortinet Single Sign-On.
- Groups List<string>
- Names of user groups that can authenticate with this policy.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- Internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- Internet
Service List<string>Ids - Destination Internet Service ID.
- Internet
Service List<string>Names - Destination Internet Service Name.
- Internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- Internet
Service List<string>Src Ids - Source Internet Service ID.
- Internet
Service List<string>Src Names - Source Internet Service Name.
- Ippool string
- Enable/disable to use IP Pools for source NAT.
- Ips
Sensors List<string> - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- Logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT.
- Package
Name string - The package name which the policy will be added to.
- Per
Ip List<string>Shapers - Per-IP traffic shaper.
- Poolnames List<string>
- IP Pool names.
- Profile
Groups List<string> - Name of profile group.
- Profile
Protocol List<string>Options - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- Rsso string
- Enable/disable RADIUS Single Sign-On.
- Schedules List<string>
- Schedule name.
- Services List<string>
- Service and service group names.
- Srcaddrs List<string>
- Source address and adress group names.
- Srcintfs List<string>
- Incoming interface.
- Traffic
Shaper List<string>Reverses - Reverse traffic shaper.
- Traffic
Shapers List<string> - Traffic shaper.
- Users List<string>
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- Vpn
Tunnels List<string> - Waf
Profiles List<string> - Name of an existing Web application firewall profile.
- Webfilter
Profiles List<string> - Name of an existing Web filter profile.
- Action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- Adom string
- ADOM name. default is 'root'.
- Application
Lists []string - Name of an existing Application list.
- Av
Profiles []string - Name of an existing Antivirus profile.
- Capture
Packet string - Enable/disable capture packets.
- Comments string
- Comments.
- Dnsfilter
Profiles []string - Name of an existing DNS filter profile.
- Dstaddrs []string
- Destination address and adress group names.
- Dstintfs []string
- Outgoing interface.
- Fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- Fsso string
- Enable/disable Fortinet Single Sign-On.
- Groups []string
- Names of user groups that can authenticate with this policy.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- Internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- Internet
Service []stringIds - Destination Internet Service ID.
- Internet
Service []stringNames - Destination Internet Service Name.
- Internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- Internet
Service []stringSrc Ids - Source Internet Service ID.
- Internet
Service []stringSrc Names - Source Internet Service Name.
- Ippool string
- Enable/disable to use IP Pools for source NAT.
- Ips
Sensors []string - Name of an existing IPS sensor.
- Logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- Logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT.
- Package
Name string - The package name which the policy will be added to.
- Per
Ip []stringShapers - Per-IP traffic shaper.
- Poolnames []string
- IP Pool names.
- Profile
Groups []string - Name of profile group.
- Profile
Protocol []stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- Rsso string
- Enable/disable RADIUS Single Sign-On.
- Schedules []string
- Schedule name.
- Services []string
- Service and service group names.
- Srcaddrs []string
- Source address and adress group names.
- Srcintfs []string
- Incoming interface.
- Traffic
Shaper []stringReverses - Reverse traffic shaper.
- Traffic
Shapers []string - Traffic shaper.
- Users []string
- Names of individual users that can authenticate with this policy.
- Utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- Vpn
Tunnels []string - Waf
Profiles []string - Name of an existing Web application firewall profile.
- Webfilter
Profiles []string - Name of an existing Web filter profile.
- action String
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom String
- ADOM name. default is 'root'.
- application
Lists List<String> - Name of an existing Application list.
- av
Profiles List<String> - Name of an existing Antivirus profile.
- capture
Packet String - Enable/disable capture packets.
- comments String
- Comments.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddrs List<String>
- Destination address and adress group names.
- dstintfs List<String>
- Outgoing interface.
- fixedport String
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso String
- Enable/disable Fortinet Single Sign-On.
- groups List<String>
- Names of user groups that can authenticate with this policy.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service String - Enable/disable use of Destination Internet Services for this policy.
- internet
Service List<String>Ids - Destination Internet Service ID.
- internet
Service List<String>Names - Destination Internet Service Name.
- internet
Service StringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service List<String>Src Ids - Source Internet Service ID.
- internet
Service List<String>Src Names - Source Internet Service Name.
- ippool String
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors List<String> - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start String - Record logs when a session starts and ends. Enum: [disable, enable]
- name String
- Policy name.
- nat String
- Enable/disable source NAT.
- package
Name String - The package name which the policy will be added to.
- per
Ip List<String>Shapers - Per-IP traffic shaper.
- poolnames List<String>
- IP Pool names.
- profile
Groups List<String> - Name of profile group.
- profile
Protocol List<String>Options - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso String
- Enable/disable RADIUS Single Sign-On.
- schedules List<String>
- Schedule name.
- services List<String>
- Service and service group names.
- srcaddrs List<String>
- Source address and adress group names.
- srcintfs List<String>
- Incoming interface.
- traffic
Shaper List<String>Reverses - Reverse traffic shaper.
- traffic
Shapers List<String> - Traffic shaper.
- users List<String>
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels List<String> - waf
Profiles List<String> - Name of an existing Web application firewall profile.
- webfilter
Profiles List<String> - Name of an existing Web filter profile.
- action string
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom string
- ADOM name. default is 'root'.
- application
Lists string[] - Name of an existing Application list.
- av
Profiles string[] - Name of an existing Antivirus profile.
- capture
Packet string - Enable/disable capture packets.
- comments string
- Comments.
- dnsfilter
Profiles string[] - Name of an existing DNS filter profile.
- dstaddrs string[]
- Destination address and adress group names.
- dstintfs string[]
- Outgoing interface.
- fixedport string
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso string
- Enable/disable Fortinet Single Sign-On.
- groups string[]
- Names of user groups that can authenticate with this policy.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service string - Enable/disable use of Destination Internet Services for this policy.
- internet
Service string[]Ids - Destination Internet Service ID.
- internet
Service string[]Names - Destination Internet Service Name.
- internet
Service stringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service string[]Src Ids - Source Internet Service ID.
- internet
Service string[]Src Names - Source Internet Service Name.
- ippool string
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors string[] - Name of an existing IPS sensor.
- logtraffic string
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start string - Record logs when a session starts and ends. Enum: [disable, enable]
- name string
- Policy name.
- nat string
- Enable/disable source NAT.
- package
Name string - The package name which the policy will be added to.
- per
Ip string[]Shapers - Per-IP traffic shaper.
- poolnames string[]
- IP Pool names.
- profile
Groups string[] - Name of profile group.
- profile
Protocol string[]Options - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso string
- Enable/disable RADIUS Single Sign-On.
- schedules string[]
- Schedule name.
- services string[]
- Service and service group names.
- srcaddrs string[]
- Source address and adress group names.
- srcintfs string[]
- Incoming interface.
- traffic
Shaper string[]Reverses - Reverse traffic shaper.
- traffic
Shapers string[] - Traffic shaper.
- users string[]
- Names of individual users that can authenticate with this policy.
- utm
Status string - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels string[] - waf
Profiles string[] - Name of an existing Web application firewall profile.
- webfilter
Profiles string[] - Name of an existing Web filter profile.
- action str
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom str
- ADOM name. default is 'root'.
- application_
lists Sequence[str] - Name of an existing Application list.
- av_
profiles Sequence[str] - Name of an existing Antivirus profile.
- capture_
packet str - Enable/disable capture packets.
- comments str
- Comments.
- dnsfilter_
profiles Sequence[str] - Name of an existing DNS filter profile.
- dstaddrs Sequence[str]
- Destination address and adress group names.
- dstintfs Sequence[str]
- Outgoing interface.
- fixedport str
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso str
- Enable/disable Fortinet Single Sign-On.
- groups Sequence[str]
- Names of user groups that can authenticate with this policy.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet_
service str - Enable/disable use of Destination Internet Services for this policy.
- internet_
service_ Sequence[str]ids - Destination Internet Service ID.
- internet_
service_ Sequence[str]names - Destination Internet Service Name.
- internet_
service_ strsrc - Enable/disable use of Source Internet Services for this policy.
- internet_
service_ Sequence[str]src_ ids - Source Internet Service ID.
- internet_
service_ Sequence[str]src_ names - Source Internet Service Name.
- ippool str
- Enable/disable to use IP Pools for source NAT.
- ips_
sensors Sequence[str] - Name of an existing IPS sensor.
- logtraffic str
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic_
start str - Record logs when a session starts and ends. Enum: [disable, enable]
- name str
- Policy name.
- nat str
- Enable/disable source NAT.
- package_
name str - The package name which the policy will be added to.
- per_
ip_ Sequence[str]shapers - Per-IP traffic shaper.
- poolnames Sequence[str]
- IP Pool names.
- profile_
groups Sequence[str] - Name of profile group.
- profile_
protocol_ Sequence[str]options - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso str
- Enable/disable RADIUS Single Sign-On.
- schedules Sequence[str]
- Schedule name.
- services Sequence[str]
- Service and service group names.
- srcaddrs Sequence[str]
- Source address and adress group names.
- srcintfs Sequence[str]
- Incoming interface.
- traffic_
shaper_ Sequence[str]reverses - Reverse traffic shaper.
- traffic_
shapers Sequence[str] - Traffic shaper.
- users Sequence[str]
- Names of individual users that can authenticate with this policy.
- utm_
status str - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn_
tunnels Sequence[str] - waf_
profiles Sequence[str] - Name of an existing Web application firewall profile.
- webfilter_
profiles Sequence[str] - Name of an existing Web filter profile.
- action String
- Policy action, default is deny. Enum: [allow, deny, ipsec].
- adom String
- ADOM name. default is 'root'.
- application
Lists List<String> - Name of an existing Application list.
- av
Profiles List<String> - Name of an existing Antivirus profile.
- capture
Packet String - Enable/disable capture packets.
- comments String
- Comments.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddrs List<String>
- Destination address and adress group names.
- dstintfs List<String>
- Outgoing interface.
- fixedport String
- Enable/disable to prevent source NAT from changing a session's source port.
- fsso String
- Enable/disable Fortinet Single Sign-On.
- groups List<String>
- Names of user groups that can authenticate with this policy.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Enum: [disable, enable]
- internet
Service String - Enable/disable use of Destination Internet Services for this policy.
- internet
Service List<String>Ids - Destination Internet Service ID.
- internet
Service List<String>Names - Destination Internet Service Name.
- internet
Service StringSrc - Enable/disable use of Source Internet Services for this policy.
- internet
Service List<String>Src Ids - Source Internet Service ID.
- internet
Service List<String>Src Names - Source Internet Service Name.
- ippool String
- Enable/disable to use IP Pools for source NAT.
- ips
Sensors List<String> - Name of an existing IPS sensor.
- logtraffic String
- Enable or disable logging. Enum: [disable, all, utm]
- logtraffic
Start String - Record logs when a session starts and ends. Enum: [disable, enable]
- name String
- Policy name.
- nat String
- Enable/disable source NAT.
- package
Name String - The package name which the policy will be added to.
- per
Ip List<String>Shapers - Per-IP traffic shaper.
- poolnames List<String>
- IP Pool names.
- profile
Groups List<String> - Name of profile group.
- profile
Protocol List<String>Options - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Enum: [single, group]
- rsso String
- Enable/disable RADIUS Single Sign-On.
- schedules List<String>
- Schedule name.
- services List<String>
- Service and service group names.
- srcaddrs List<String>
- Source address and adress group names.
- srcintfs List<String>
- Incoming interface.
- traffic
Shaper List<String>Reverses - Reverse traffic shaper.
- traffic
Shapers List<String> - Traffic shaper.
- users List<String>
- Names of individual users that can authenticate with this policy.
- utm
Status String - Enable/disable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
- vpn
Tunnels List<String> - waf
Profiles List<String> - Name of an existing Web application firewall profile.
- webfilter
Profiles List<String> - Name of an existing Web filter profile.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.