fortios.user.Nacpolicy
Explore with Pulumi AI
Configure NAC policy matching pattern to identify matching NAC devices. Applies to FortiOS Version >= 6.4.0
.
Create Nacpolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Nacpolicy(name: string, args?: NacpolicyArgs, opts?: CustomResourceOptions);
@overload
def Nacpolicy(resource_name: str,
args: Optional[NacpolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Nacpolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
category: Optional[str] = None,
description: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
ems_tag: Optional[str] = None,
family: Optional[str] = None,
firewall_address: Optional[str] = None,
fortivoice_tag: Optional[str] = None,
get_all_tables: Optional[str] = None,
host: Optional[str] = None,
hw_vendor: Optional[str] = None,
hw_version: Optional[str] = None,
mac: Optional[str] = None,
match_period: Optional[int] = None,
match_type: Optional[str] = None,
name: Optional[str] = None,
os: Optional[str] = None,
severities: Optional[Sequence[NacpolicySeverityArgs]] = None,
src: Optional[str] = None,
ssid_policy: Optional[str] = None,
status: Optional[str] = None,
sw_version: Optional[str] = None,
switch_auto_auth: Optional[str] = None,
switch_fortilink: Optional[str] = None,
switch_groups: Optional[Sequence[NacpolicySwitchGroupArgs]] = None,
switch_mac_policy: Optional[str] = None,
switch_port_policy: Optional[str] = None,
switch_scopes: Optional[Sequence[NacpolicySwitchScopeArgs]] = None,
type: Optional[str] = None,
user: Optional[str] = None,
user_group: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewNacpolicy(ctx *Context, name string, args *NacpolicyArgs, opts ...ResourceOption) (*Nacpolicy, error)
public Nacpolicy(string name, NacpolicyArgs? args = null, CustomResourceOptions? opts = null)
public Nacpolicy(String name, NacpolicyArgs args)
public Nacpolicy(String name, NacpolicyArgs args, CustomResourceOptions options)
type: fortios:user:Nacpolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NacpolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NacpolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NacpolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NacpolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NacpolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var nacpolicyResource = new Fortios.User.Nacpolicy("nacpolicyResource", new()
{
Category = "string",
Description = "string",
DynamicSortSubtable = "string",
EmsTag = "string",
Family = "string",
FirewallAddress = "string",
FortivoiceTag = "string",
GetAllTables = "string",
Host = "string",
HwVendor = "string",
HwVersion = "string",
Mac = "string",
MatchPeriod = 0,
MatchType = "string",
Name = "string",
Os = "string",
Severities = new[]
{
new Fortios.User.Inputs.NacpolicySeverityArgs
{
SeverityNum = 0,
},
},
Src = "string",
SsidPolicy = "string",
Status = "string",
SwVersion = "string",
SwitchAutoAuth = "string",
SwitchFortilink = "string",
SwitchGroups = new[]
{
new Fortios.User.Inputs.NacpolicySwitchGroupArgs
{
Name = "string",
},
},
SwitchMacPolicy = "string",
SwitchPortPolicy = "string",
SwitchScopes = new[]
{
new Fortios.User.Inputs.NacpolicySwitchScopeArgs
{
SwitchId = "string",
},
},
Type = "string",
User = "string",
UserGroup = "string",
Vdomparam = "string",
});
example, err := user.NewNacpolicy(ctx, "nacpolicyResource", &user.NacpolicyArgs{
Category: pulumi.String("string"),
Description: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EmsTag: pulumi.String("string"),
Family: pulumi.String("string"),
FirewallAddress: pulumi.String("string"),
FortivoiceTag: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
Host: pulumi.String("string"),
HwVendor: pulumi.String("string"),
HwVersion: pulumi.String("string"),
Mac: pulumi.String("string"),
MatchPeriod: pulumi.Int(0),
MatchType: pulumi.String("string"),
Name: pulumi.String("string"),
Os: pulumi.String("string"),
Severities: user.NacpolicySeverityArray{
&user.NacpolicySeverityArgs{
SeverityNum: pulumi.Int(0),
},
},
Src: pulumi.String("string"),
SsidPolicy: pulumi.String("string"),
Status: pulumi.String("string"),
SwVersion: pulumi.String("string"),
SwitchAutoAuth: pulumi.String("string"),
SwitchFortilink: pulumi.String("string"),
SwitchGroups: user.NacpolicySwitchGroupArray{
&user.NacpolicySwitchGroupArgs{
Name: pulumi.String("string"),
},
},
SwitchMacPolicy: pulumi.String("string"),
SwitchPortPolicy: pulumi.String("string"),
SwitchScopes: user.NacpolicySwitchScopeArray{
&user.NacpolicySwitchScopeArgs{
SwitchId: pulumi.String("string"),
},
},
Type: pulumi.String("string"),
User: pulumi.String("string"),
UserGroup: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
})
var nacpolicyResource = new Nacpolicy("nacpolicyResource", NacpolicyArgs.builder()
.category("string")
.description("string")
.dynamicSortSubtable("string")
.emsTag("string")
.family("string")
.firewallAddress("string")
.fortivoiceTag("string")
.getAllTables("string")
.host("string")
.hwVendor("string")
.hwVersion("string")
.mac("string")
.matchPeriod(0)
.matchType("string")
.name("string")
.os("string")
.severities(NacpolicySeverityArgs.builder()
.severityNum(0)
.build())
.src("string")
.ssidPolicy("string")
.status("string")
.swVersion("string")
.switchAutoAuth("string")
.switchFortilink("string")
.switchGroups(NacpolicySwitchGroupArgs.builder()
.name("string")
.build())
.switchMacPolicy("string")
.switchPortPolicy("string")
.switchScopes(NacpolicySwitchScopeArgs.builder()
.switchId("string")
.build())
.type("string")
.user("string")
.userGroup("string")
.vdomparam("string")
.build());
nacpolicy_resource = fortios.user.Nacpolicy("nacpolicyResource",
category="string",
description="string",
dynamic_sort_subtable="string",
ems_tag="string",
family="string",
firewall_address="string",
fortivoice_tag="string",
get_all_tables="string",
host="string",
hw_vendor="string",
hw_version="string",
mac="string",
match_period=0,
match_type="string",
name="string",
os="string",
severities=[{
"severity_num": 0,
}],
src="string",
ssid_policy="string",
status="string",
sw_version="string",
switch_auto_auth="string",
switch_fortilink="string",
switch_groups=[{
"name": "string",
}],
switch_mac_policy="string",
switch_port_policy="string",
switch_scopes=[{
"switch_id": "string",
}],
type="string",
user="string",
user_group="string",
vdomparam="string")
const nacpolicyResource = new fortios.user.Nacpolicy("nacpolicyResource", {
category: "string",
description: "string",
dynamicSortSubtable: "string",
emsTag: "string",
family: "string",
firewallAddress: "string",
fortivoiceTag: "string",
getAllTables: "string",
host: "string",
hwVendor: "string",
hwVersion: "string",
mac: "string",
matchPeriod: 0,
matchType: "string",
name: "string",
os: "string",
severities: [{
severityNum: 0,
}],
src: "string",
ssidPolicy: "string",
status: "string",
swVersion: "string",
switchAutoAuth: "string",
switchFortilink: "string",
switchGroups: [{
name: "string",
}],
switchMacPolicy: "string",
switchPortPolicy: "string",
switchScopes: [{
switchId: "string",
}],
type: "string",
user: "string",
userGroup: "string",
vdomparam: "string",
});
type: fortios:user:Nacpolicy
properties:
category: string
description: string
dynamicSortSubtable: string
emsTag: string
family: string
firewallAddress: string
fortivoiceTag: string
getAllTables: string
host: string
hwVendor: string
hwVersion: string
mac: string
matchPeriod: 0
matchType: string
name: string
os: string
severities:
- severityNum: 0
src: string
ssidPolicy: string
status: string
swVersion: string
switchAutoAuth: string
switchFortilink: string
switchGroups:
- name: string
switchMacPolicy: string
switchPortPolicy: string
switchScopes:
- switchId: string
type: string
user: string
userGroup: string
vdomparam: string
Nacpolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Nacpolicy resource accepts the following input properties:
- Category string
- Category of NAC policy.
- Description string
- Description for the NAC policy matching pattern.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ems
Tag string - NAC policy matching EMS tag.
- Family string
- NAC policy matching family.
- Firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- Fortivoice
Tag string - NAC policy matching FortiVoice tag.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Host string
- NAC policy matching host.
- Hw
Vendor string - NAC policy matching hardware vendor.
- Hw
Version string - NAC policy matching hardware version.
- Mac string
- NAC policy matching MAC address.
- Match
Period int - Number of days the matched devices will be retained (0 - always retain)
- Match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - Name string
- NAC policy name.
- Os string
- NAC policy matching operating system.
- Severities
List<Pulumiverse.
Fortios. User. Inputs. Nacpolicy Severity> - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - Src string
- NAC policy matching source.
- Ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- Status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - Sw
Version string - NAC policy matching software version.
- Switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - Switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- Switch
Groups List<Pulumiverse.Fortios. User. Inputs. Nacpolicy Switch Group> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - Switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- Switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- Switch
Scopes List<Pulumiverse.Fortios. User. Inputs. Nacpolicy Switch Scope> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - Type string
- NAC policy matching type.
- User string
- NAC policy matching user.
- User
Group string - NAC policy matching user group.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Category string
- Category of NAC policy.
- Description string
- Description for the NAC policy matching pattern.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ems
Tag string - NAC policy matching EMS tag.
- Family string
- NAC policy matching family.
- Firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- Fortivoice
Tag string - NAC policy matching FortiVoice tag.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Host string
- NAC policy matching host.
- Hw
Vendor string - NAC policy matching hardware vendor.
- Hw
Version string - NAC policy matching hardware version.
- Mac string
- NAC policy matching MAC address.
- Match
Period int - Number of days the matched devices will be retained (0 - always retain)
- Match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - Name string
- NAC policy name.
- Os string
- NAC policy matching operating system.
- Severities
[]Nacpolicy
Severity Args - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - Src string
- NAC policy matching source.
- Ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- Status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - Sw
Version string - NAC policy matching software version.
- Switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - Switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- Switch
Groups []NacpolicySwitch Group Args - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - Switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- Switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- Switch
Scopes []NacpolicySwitch Scope Args - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - Type string
- NAC policy matching type.
- User string
- NAC policy matching user.
- User
Group string - NAC policy matching user group.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category String
- Category of NAC policy.
- description String
- Description for the NAC policy matching pattern.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag String - NAC policy matching EMS tag.
- family String
- NAC policy matching family.
- firewall
Address String - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag String - NAC policy matching FortiVoice tag.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host String
- NAC policy matching host.
- hw
Vendor String - NAC policy matching hardware vendor.
- hw
Version String - NAC policy matching hardware version.
- mac String
- NAC policy matching MAC address.
- match
Period Integer - Number of days the matched devices will be retained (0 - always retain)
- match
Type String - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name String
- NAC policy name.
- os String
- NAC policy matching operating system.
- severities
List<Nacpolicy
Severity> - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src String
- NAC policy matching source.
- ssid
Policy String - SSID policy to be applied on the matched NAC policy.
- status String
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version String - NAC policy matching software version.
- switch
Auto StringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink String - FortiLink interface for which this NAC policy belongs to.
- switch
Groups List<NacpolicySwitch Group> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac StringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port StringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes List<NacpolicySwitch Scope> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type String
- NAC policy matching type.
- user String
- NAC policy matching user.
- user
Group String - NAC policy matching user group.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category string
- Category of NAC policy.
- description string
- Description for the NAC policy matching pattern.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag string - NAC policy matching EMS tag.
- family string
- NAC policy matching family.
- firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag string - NAC policy matching FortiVoice tag.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host string
- NAC policy matching host.
- hw
Vendor string - NAC policy matching hardware vendor.
- hw
Version string - NAC policy matching hardware version.
- mac string
- NAC policy matching MAC address.
- match
Period number - Number of days the matched devices will be retained (0 - always retain)
- match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name string
- NAC policy name.
- os string
- NAC policy matching operating system.
- severities
Nacpolicy
Severity[] - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src string
- NAC policy matching source.
- ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version string - NAC policy matching software version.
- switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- switch
Groups NacpolicySwitch Group[] - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes NacpolicySwitch Scope[] - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type string
- NAC policy matching type.
- user string
- NAC policy matching user.
- user
Group string - NAC policy matching user group.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category str
- Category of NAC policy.
- description str
- Description for the NAC policy matching pattern.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems_
tag str - NAC policy matching EMS tag.
- family str
- NAC policy matching family.
- firewall_
address str - Dynamic firewall address to associate MAC which match this policy.
- fortivoice_
tag str - NAC policy matching FortiVoice tag.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host str
- NAC policy matching host.
- hw_
vendor str - NAC policy matching hardware vendor.
- hw_
version str - NAC policy matching hardware version.
- mac str
- NAC policy matching MAC address.
- match_
period int - Number of days the matched devices will be retained (0 - always retain)
- match_
type str - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name str
- NAC policy name.
- os str
- NAC policy matching operating system.
- severities
Sequence[Nacpolicy
Severity Args] - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src str
- NAC policy matching source.
- ssid_
policy str - SSID policy to be applied on the matched NAC policy.
- status str
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw_
version str - NAC policy matching software version.
- switch_
auto_ strauth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch_
fortilink str - FortiLink interface for which this NAC policy belongs to.
- switch_
groups Sequence[NacpolicySwitch Group Args] - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch_
mac_ strpolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch_
port_ strpolicy - switch-port-policy to be applied on the matched NAC policy.
- switch_
scopes Sequence[NacpolicySwitch Scope Args] - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type str
- NAC policy matching type.
- user str
- NAC policy matching user.
- user_
group str - NAC policy matching user group.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category String
- Category of NAC policy.
- description String
- Description for the NAC policy matching pattern.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag String - NAC policy matching EMS tag.
- family String
- NAC policy matching family.
- firewall
Address String - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag String - NAC policy matching FortiVoice tag.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host String
- NAC policy matching host.
- hw
Vendor String - NAC policy matching hardware vendor.
- hw
Version String - NAC policy matching hardware version.
- mac String
- NAC policy matching MAC address.
- match
Period Number - Number of days the matched devices will be retained (0 - always retain)
- match
Type String - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name String
- NAC policy name.
- os String
- NAC policy matching operating system.
- severities List<Property Map>
- NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src String
- NAC policy matching source.
- ssid
Policy String - SSID policy to be applied on the matched NAC policy.
- status String
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version String - NAC policy matching software version.
- switch
Auto StringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink String - FortiLink interface for which this NAC policy belongs to.
- switch
Groups List<Property Map> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac StringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port StringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes List<Property Map> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type String
- NAC policy matching type.
- user String
- NAC policy matching user.
- user
Group String - NAC policy matching user group.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Nacpolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Nacpolicy Resource
Get an existing Nacpolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NacpolicyState, opts?: CustomResourceOptions): Nacpolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
category: Optional[str] = None,
description: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
ems_tag: Optional[str] = None,
family: Optional[str] = None,
firewall_address: Optional[str] = None,
fortivoice_tag: Optional[str] = None,
get_all_tables: Optional[str] = None,
host: Optional[str] = None,
hw_vendor: Optional[str] = None,
hw_version: Optional[str] = None,
mac: Optional[str] = None,
match_period: Optional[int] = None,
match_type: Optional[str] = None,
name: Optional[str] = None,
os: Optional[str] = None,
severities: Optional[Sequence[NacpolicySeverityArgs]] = None,
src: Optional[str] = None,
ssid_policy: Optional[str] = None,
status: Optional[str] = None,
sw_version: Optional[str] = None,
switch_auto_auth: Optional[str] = None,
switch_fortilink: Optional[str] = None,
switch_groups: Optional[Sequence[NacpolicySwitchGroupArgs]] = None,
switch_mac_policy: Optional[str] = None,
switch_port_policy: Optional[str] = None,
switch_scopes: Optional[Sequence[NacpolicySwitchScopeArgs]] = None,
type: Optional[str] = None,
user: Optional[str] = None,
user_group: Optional[str] = None,
vdomparam: Optional[str] = None) -> Nacpolicy
func GetNacpolicy(ctx *Context, name string, id IDInput, state *NacpolicyState, opts ...ResourceOption) (*Nacpolicy, error)
public static Nacpolicy Get(string name, Input<string> id, NacpolicyState? state, CustomResourceOptions? opts = null)
public static Nacpolicy get(String name, Output<String> id, NacpolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Category string
- Category of NAC policy.
- Description string
- Description for the NAC policy matching pattern.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ems
Tag string - NAC policy matching EMS tag.
- Family string
- NAC policy matching family.
- Firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- Fortivoice
Tag string - NAC policy matching FortiVoice tag.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Host string
- NAC policy matching host.
- Hw
Vendor string - NAC policy matching hardware vendor.
- Hw
Version string - NAC policy matching hardware version.
- Mac string
- NAC policy matching MAC address.
- Match
Period int - Number of days the matched devices will be retained (0 - always retain)
- Match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - Name string
- NAC policy name.
- Os string
- NAC policy matching operating system.
- Severities
List<Pulumiverse.
Fortios. User. Inputs. Nacpolicy Severity> - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - Src string
- NAC policy matching source.
- Ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- Status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - Sw
Version string - NAC policy matching software version.
- Switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - Switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- Switch
Groups List<Pulumiverse.Fortios. User. Inputs. Nacpolicy Switch Group> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - Switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- Switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- Switch
Scopes List<Pulumiverse.Fortios. User. Inputs. Nacpolicy Switch Scope> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - Type string
- NAC policy matching type.
- User string
- NAC policy matching user.
- User
Group string - NAC policy matching user group.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Category string
- Category of NAC policy.
- Description string
- Description for the NAC policy matching pattern.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ems
Tag string - NAC policy matching EMS tag.
- Family string
- NAC policy matching family.
- Firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- Fortivoice
Tag string - NAC policy matching FortiVoice tag.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Host string
- NAC policy matching host.
- Hw
Vendor string - NAC policy matching hardware vendor.
- Hw
Version string - NAC policy matching hardware version.
- Mac string
- NAC policy matching MAC address.
- Match
Period int - Number of days the matched devices will be retained (0 - always retain)
- Match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - Name string
- NAC policy name.
- Os string
- NAC policy matching operating system.
- Severities
[]Nacpolicy
Severity Args - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - Src string
- NAC policy matching source.
- Ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- Status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - Sw
Version string - NAC policy matching software version.
- Switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - Switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- Switch
Groups []NacpolicySwitch Group Args - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - Switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- Switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- Switch
Scopes []NacpolicySwitch Scope Args - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - Type string
- NAC policy matching type.
- User string
- NAC policy matching user.
- User
Group string - NAC policy matching user group.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category String
- Category of NAC policy.
- description String
- Description for the NAC policy matching pattern.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag String - NAC policy matching EMS tag.
- family String
- NAC policy matching family.
- firewall
Address String - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag String - NAC policy matching FortiVoice tag.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host String
- NAC policy matching host.
- hw
Vendor String - NAC policy matching hardware vendor.
- hw
Version String - NAC policy matching hardware version.
- mac String
- NAC policy matching MAC address.
- match
Period Integer - Number of days the matched devices will be retained (0 - always retain)
- match
Type String - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name String
- NAC policy name.
- os String
- NAC policy matching operating system.
- severities
List<Nacpolicy
Severity> - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src String
- NAC policy matching source.
- ssid
Policy String - SSID policy to be applied on the matched NAC policy.
- status String
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version String - NAC policy matching software version.
- switch
Auto StringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink String - FortiLink interface for which this NAC policy belongs to.
- switch
Groups List<NacpolicySwitch Group> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac StringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port StringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes List<NacpolicySwitch Scope> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type String
- NAC policy matching type.
- user String
- NAC policy matching user.
- user
Group String - NAC policy matching user group.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category string
- Category of NAC policy.
- description string
- Description for the NAC policy matching pattern.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag string - NAC policy matching EMS tag.
- family string
- NAC policy matching family.
- firewall
Address string - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag string - NAC policy matching FortiVoice tag.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host string
- NAC policy matching host.
- hw
Vendor string - NAC policy matching hardware vendor.
- hw
Version string - NAC policy matching hardware version.
- mac string
- NAC policy matching MAC address.
- match
Period number - Number of days the matched devices will be retained (0 - always retain)
- match
Type string - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name string
- NAC policy name.
- os string
- NAC policy matching operating system.
- severities
Nacpolicy
Severity[] - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src string
- NAC policy matching source.
- ssid
Policy string - SSID policy to be applied on the matched NAC policy.
- status string
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version string - NAC policy matching software version.
- switch
Auto stringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink string - FortiLink interface for which this NAC policy belongs to.
- switch
Groups NacpolicySwitch Group[] - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac stringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port stringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes NacpolicySwitch Scope[] - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type string
- NAC policy matching type.
- user string
- NAC policy matching user.
- user
Group string - NAC policy matching user group.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category str
- Category of NAC policy.
- description str
- Description for the NAC policy matching pattern.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems_
tag str - NAC policy matching EMS tag.
- family str
- NAC policy matching family.
- firewall_
address str - Dynamic firewall address to associate MAC which match this policy.
- fortivoice_
tag str - NAC policy matching FortiVoice tag.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host str
- NAC policy matching host.
- hw_
vendor str - NAC policy matching hardware vendor.
- hw_
version str - NAC policy matching hardware version.
- mac str
- NAC policy matching MAC address.
- match_
period int - Number of days the matched devices will be retained (0 - always retain)
- match_
type str - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name str
- NAC policy name.
- os str
- NAC policy matching operating system.
- severities
Sequence[Nacpolicy
Severity Args] - NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src str
- NAC policy matching source.
- ssid_
policy str - SSID policy to be applied on the matched NAC policy.
- status str
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw_
version str - NAC policy matching software version.
- switch_
auto_ strauth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch_
fortilink str - FortiLink interface for which this NAC policy belongs to.
- switch_
groups Sequence[NacpolicySwitch Group Args] - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch_
mac_ strpolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch_
port_ strpolicy - switch-port-policy to be applied on the matched NAC policy.
- switch_
scopes Sequence[NacpolicySwitch Scope Args] - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type str
- NAC policy matching type.
- user str
- NAC policy matching user.
- user_
group str - NAC policy matching user group.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- category String
- Category of NAC policy.
- description String
- Description for the NAC policy matching pattern.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ems
Tag String - NAC policy matching EMS tag.
- family String
- NAC policy matching family.
- firewall
Address String - Dynamic firewall address to associate MAC which match this policy.
- fortivoice
Tag String - NAC policy matching FortiVoice tag.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- host String
- NAC policy matching host.
- hw
Vendor String - NAC policy matching hardware vendor.
- hw
Version String - NAC policy matching hardware version.
- mac String
- NAC policy matching MAC address.
- match
Period Number - Number of days the matched devices will be retained (0 - always retain)
- match
Type String - Match and retain the devices based on the type. Valid values:
dynamic
,override
. - name String
- NAC policy name.
- os String
- NAC policy matching operating system.
- severities List<Property Map>
- NAC policy matching devices vulnerability severity lists. The structure of
severity
block is documented below. - src String
- NAC policy matching source.
- ssid
Policy String - SSID policy to be applied on the matched NAC policy.
- status String
- Enable/disable NAC policy. Valid values:
enable
,disable
. - sw
Version String - NAC policy matching software version.
- switch
Auto StringAuth - NAC device auto authorization when discovered and nac-policy matched. Valid values:
global
,disable
,enable
. - switch
Fortilink String - FortiLink interface for which this NAC policy belongs to.
- switch
Groups List<Property Map> - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of
switch_group
block is documented below. - switch
Mac StringPolicy - switch-mac-policy to be applied on the matched NAC policy.
- switch
Port StringPolicy - switch-port-policy to be applied on the matched NAC policy.
- switch
Scopes List<Property Map> - List of managed FortiSwitches on which NAC policy can be applied. The structure of
switch_scope
block is documented below. - type String
- NAC policy matching type.
- user String
- NAC policy matching user.
- user
Group String - NAC policy matching user group.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
NacpolicySeverity, NacpolicySeverityArgs
- Severity
Num int - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
- Severity
Num int - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
- severity
Num Integer - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
- severity
Num number - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
- severity_
num int - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
- severity
Num Number - Enter multiple severity levels, where 0 = Info, 1 = Low, ..., 4 = Critical
NacpolicySwitchGroup, NacpolicySwitchGroupArgs
- Name string
- Managed FortiSwitch group name from available options.
- Name string
- Managed FortiSwitch group name from available options.
- name String
- Managed FortiSwitch group name from available options.
- name string
- Managed FortiSwitch group name from available options.
- name str
- Managed FortiSwitch group name from available options.
- name String
- Managed FortiSwitch group name from available options.
NacpolicySwitchScope, NacpolicySwitchScopeArgs
- Switch
Id string - Managed FortiSwitch name from available options.
- Switch
Id string - Managed FortiSwitch name from available options.
- switch
Id String - Managed FortiSwitch name from available options.
- switch
Id string - Managed FortiSwitch name from available options.
- switch_
id str - Managed FortiSwitch name from available options.
- switch
Id String - Managed FortiSwitch name from available options.
Import
User NacPolicy can be imported using any of these accepted formats:
$ pulumi import fortios:user/nacpolicy:Nacpolicy labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:user/nacpolicy:Nacpolicy labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.