1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Policy6
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.Policy6

Explore with Pulumi AI

Configure IPv6 policies. Applies to FortiOS Version <= 6.4.0.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";

const trname = new fortios.firewall.Policy6("trname", {
    action: "deny",
    diffservForward: "disable",
    diffservReverse: "disable",
    diffservcodeForward: "000000",
    diffservcodeRev: "000000",
    dsri: "disable",
    dstaddrs: [{
        name: "all",
    }],
    dstaddrNegate: "disable",
    dstintfs: [{
        name: "port3",
    }],
    firewallSessionDirty: "check-all",
    fixedport: "disable",
    inbound: "disable",
    ippool: "disable",
    logtraffic: "disable",
    logtrafficStart: "disable",
    nat: "disable",
    natinbound: "disable",
    natoutbound: "disable",
    outbound: "disable",
    policyid: 1,
    profileProtocolOptions: "default",
    profileType: "single",
    rsso: "disable",
    schedule: "always",
    sendDenyPacket: "disable",
    services: [{
        name: "ALL",
    }],
    serviceNegate: "disable",
    srcaddrs: [{
        name: "all",
    }],
    srcaddrNegate: "disable",
    srcintfs: [{
        name: "port4",
    }],
    sslMirror: "disable",
    status: "enable",
    tcpMssReceiver: 0,
    tcpMssSender: 0,
    tcpSessionWithoutSyn: "disable",
    timeoutSendRst: "disable",
    tos: "0x00",
    tosMask: "0x00",
    tosNegate: "disable",
    utmStatus: "disable",
});
Copy
import pulumi
import pulumiverse_fortios as fortios

trname = fortios.firewall.Policy6("trname",
    action="deny",
    diffserv_forward="disable",
    diffserv_reverse="disable",
    diffservcode_forward="000000",
    diffservcode_rev="000000",
    dsri="disable",
    dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
        name="all",
    )],
    dstaddr_negate="disable",
    dstintfs=[fortios.firewall.Policy6DstintfArgs(
        name="port3",
    )],
    firewall_session_dirty="check-all",
    fixedport="disable",
    inbound="disable",
    ippool="disable",
    logtraffic="disable",
    logtraffic_start="disable",
    nat="disable",
    natinbound="disable",
    natoutbound="disable",
    outbound="disable",
    policyid=1,
    profile_protocol_options="default",
    profile_type="single",
    rsso="disable",
    schedule="always",
    send_deny_packet="disable",
    services=[fortios.firewall.Policy6ServiceArgs(
        name="ALL",
    )],
    service_negate="disable",
    srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
        name="all",
    )],
    srcaddr_negate="disable",
    srcintfs=[fortios.firewall.Policy6SrcintfArgs(
        name="port4",
    )],
    ssl_mirror="disable",
    status="enable",
    tcp_mss_receiver=0,
    tcp_mss_sender=0,
    tcp_session_without_syn="disable",
    timeout_send_rst="disable",
    tos="0x00",
    tos_mask="0x00",
    tos_negate="disable",
    utm_status="disable")
Copy
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firewall.NewPolicy6(ctx, "trname", &firewall.Policy6Args{
			Action:              pulumi.String("deny"),
			DiffservForward:     pulumi.String("disable"),
			DiffservReverse:     pulumi.String("disable"),
			DiffservcodeForward: pulumi.String("000000"),
			DiffservcodeRev:     pulumi.String("000000"),
			Dsri:                pulumi.String("disable"),
			Dstaddrs: firewall.Policy6DstaddrArray{
				&firewall.Policy6DstaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			DstaddrNegate: pulumi.String("disable"),
			Dstintfs: firewall.Policy6DstintfArray{
				&firewall.Policy6DstintfArgs{
					Name: pulumi.String("port3"),
				},
			},
			FirewallSessionDirty:   pulumi.String("check-all"),
			Fixedport:              pulumi.String("disable"),
			Inbound:                pulumi.String("disable"),
			Ippool:                 pulumi.String("disable"),
			Logtraffic:             pulumi.String("disable"),
			LogtrafficStart:        pulumi.String("disable"),
			Nat:                    pulumi.String("disable"),
			Natinbound:             pulumi.String("disable"),
			Natoutbound:            pulumi.String("disable"),
			Outbound:               pulumi.String("disable"),
			Policyid:               pulumi.Int(1),
			ProfileProtocolOptions: pulumi.String("default"),
			ProfileType:            pulumi.String("single"),
			Rsso:                   pulumi.String("disable"),
			Schedule:               pulumi.String("always"),
			SendDenyPacket:         pulumi.String("disable"),
			Services: firewall.Policy6ServiceArray{
				&firewall.Policy6ServiceArgs{
					Name: pulumi.String("ALL"),
				},
			},
			ServiceNegate: pulumi.String("disable"),
			Srcaddrs: firewall.Policy6SrcaddrArray{
				&firewall.Policy6SrcaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			SrcaddrNegate: pulumi.String("disable"),
			Srcintfs: firewall.Policy6SrcintfArray{
				&firewall.Policy6SrcintfArgs{
					Name: pulumi.String("port4"),
				},
			},
			SslMirror:            pulumi.String("disable"),
			Status:               pulumi.String("enable"),
			TcpMssReceiver:       pulumi.Int(0),
			TcpMssSender:         pulumi.Int(0),
			TcpSessionWithoutSyn: pulumi.String("disable"),
			TimeoutSendRst:       pulumi.String("disable"),
			Tos:                  pulumi.String("0x00"),
			TosMask:              pulumi.String("0x00"),
			TosNegate:            pulumi.String("disable"),
			UtmStatus:            pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Firewall.Policy6("trname", new()
    {
        Action = "deny",
        DiffservForward = "disable",
        DiffservReverse = "disable",
        DiffservcodeForward = "000000",
        DiffservcodeRev = "000000",
        Dsri = "disable",
        Dstaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstaddrArgs
            {
                Name = "all",
            },
        },
        DstaddrNegate = "disable",
        Dstintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstintfArgs
            {
                Name = "port3",
            },
        },
        FirewallSessionDirty = "check-all",
        Fixedport = "disable",
        Inbound = "disable",
        Ippool = "disable",
        Logtraffic = "disable",
        LogtrafficStart = "disable",
        Nat = "disable",
        Natinbound = "disable",
        Natoutbound = "disable",
        Outbound = "disable",
        Policyid = 1,
        ProfileProtocolOptions = "default",
        ProfileType = "single",
        Rsso = "disable",
        Schedule = "always",
        SendDenyPacket = "disable",
        Services = new[]
        {
            new Fortios.Firewall.Inputs.Policy6ServiceArgs
            {
                Name = "ALL",
            },
        },
        ServiceNegate = "disable",
        Srcaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
            {
                Name = "all",
            },
        },
        SrcaddrNegate = "disable",
        Srcintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcintfArgs
            {
                Name = "port4",
            },
        },
        SslMirror = "disable",
        Status = "enable",
        TcpMssReceiver = 0,
        TcpMssSender = 0,
        TcpSessionWithoutSyn = "disable",
        TimeoutSendRst = "disable",
        Tos = "0x00",
        TosMask = "0x00",
        TosNegate = "disable",
        UtmStatus = "disable",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Policy6;
import com.pulumi.fortios.firewall.Policy6Args;
import com.pulumi.fortios.firewall.inputs.Policy6DstaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6DstintfArgs;
import com.pulumi.fortios.firewall.inputs.Policy6ServiceArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new Policy6("trname", Policy6Args.builder()
            .action("deny")
            .diffservForward("disable")
            .diffservReverse("disable")
            .diffservcodeForward("000000")
            .diffservcodeRev("000000")
            .dsri("disable")
            .dstaddrs(Policy6DstaddrArgs.builder()
                .name("all")
                .build())
            .dstaddrNegate("disable")
            .dstintfs(Policy6DstintfArgs.builder()
                .name("port3")
                .build())
            .firewallSessionDirty("check-all")
            .fixedport("disable")
            .inbound("disable")
            .ippool("disable")
            .logtraffic("disable")
            .logtrafficStart("disable")
            .nat("disable")
            .natinbound("disable")
            .natoutbound("disable")
            .outbound("disable")
            .policyid(1)
            .profileProtocolOptions("default")
            .profileType("single")
            .rsso("disable")
            .schedule("always")
            .sendDenyPacket("disable")
            .services(Policy6ServiceArgs.builder()
                .name("ALL")
                .build())
            .serviceNegate("disable")
            .srcaddrs(Policy6SrcaddrArgs.builder()
                .name("all")
                .build())
            .srcaddrNegate("disable")
            .srcintfs(Policy6SrcintfArgs.builder()
                .name("port4")
                .build())
            .sslMirror("disable")
            .status("enable")
            .tcpMssReceiver(0)
            .tcpMssSender(0)
            .tcpSessionWithoutSyn("disable")
            .timeoutSendRst("disable")
            .tos("0x00")
            .tosMask("0x00")
            .tosNegate("disable")
            .utmStatus("disable")
            .build());

    }
}
Copy
resources:
  trname:
    type: fortios:firewall:Policy6
    properties:
      action: deny
      diffservForward: disable
      diffservReverse: disable
      diffservcodeForward: '000000'
      diffservcodeRev: '000000'
      dsri: disable
      dstaddrs:
        - name: all
      dstaddrNegate: disable
      dstintfs:
        - name: port3
      firewallSessionDirty: check-all
      fixedport: disable
      inbound: disable
      ippool: disable
      logtraffic: disable
      logtrafficStart: disable
      nat: disable
      natinbound: disable
      natoutbound: disable
      outbound: disable
      policyid: 1
      profileProtocolOptions: default
      profileType: single
      rsso: disable
      schedule: always
      sendDenyPacket: disable
      services:
        - name: ALL
      serviceNegate: disable
      srcaddrs:
        - name: all
      srcaddrNegate: disable
      srcintfs:
        - name: port4
      sslMirror: disable
      status: enable
      tcpMssReceiver: 0
      tcpMssSender: 0
      tcpSessionWithoutSyn: disable
      timeoutSendRst: disable
      tos: 0x00
      tosMask: 0x00
      tosNegate: disable
      utmStatus: disable
Copy

Create Policy6 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy6(name: string, args: Policy6Args, opts?: CustomResourceOptions);
@overload
def Policy6(resource_name: str,
            args: Policy6Args,
            opts: Optional[ResourceOptions] = None)

@overload
def Policy6(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
            dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
            schedule: Optional[str] = None,
            srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
            srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
            natoutbound: Optional[str] = None,
            ssl_ssh_profile: Optional[str] = None,
            app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
            app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
            application_list: Optional[str] = None,
            applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
            auto_asic_offload: Optional[str] = None,
            av_profile: Optional[str] = None,
            cifs_profile: Optional[str] = None,
            comments: Optional[str] = None,
            custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
            decrypted_traffic_mirror: Optional[str] = None,
            devices: Optional[Sequence[Policy6DeviceArgs]] = None,
            diffserv_forward: Optional[str] = None,
            diffserv_reverse: Optional[str] = None,
            diffservcode_forward: Optional[str] = None,
            diffservcode_rev: Optional[str] = None,
            dlp_sensor: Optional[str] = None,
            dnsfilter_profile: Optional[str] = None,
            dsri: Optional[str] = None,
            dstaddr_negate: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            emailfilter_profile: Optional[str] = None,
            firewall_session_dirty: Optional[str] = None,
            outbound: Optional[str] = None,
            fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
            get_all_tables: Optional[str] = None,
            global_label: Optional[str] = None,
            groups: Optional[Sequence[Policy6GroupArgs]] = None,
            http_policy_redirect: Optional[str] = None,
            icap_profile: Optional[str] = None,
            inbound: Optional[str] = None,
            inspection_mode: Optional[str] = None,
            ippool: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            label: Optional[str] = None,
            logtraffic: Optional[str] = None,
            logtraffic_start: Optional[str] = None,
            name: Optional[str] = None,
            nat: Optional[str] = None,
            natinbound: Optional[str] = None,
            action: Optional[str] = None,
            fixedport: Optional[str] = None,
            anti_replay: Optional[str] = None,
            voip_profile: Optional[str] = None,
            poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
            profile_group: Optional[str] = None,
            profile_protocol_options: Optional[str] = None,
            profile_type: Optional[str] = None,
            replacemsg_override_group: Optional[str] = None,
            rsso: Optional[str] = None,
            send_deny_packet: Optional[str] = None,
            service_negate: Optional[str] = None,
            services: Optional[Sequence[Policy6ServiceArgs]] = None,
            session_ttl: Optional[int] = None,
            spamfilter_profile: Optional[str] = None,
            srcaddr_negate: Optional[str] = None,
            ssh_filter_profile: Optional[str] = None,
            ssh_policy_redirect: Optional[str] = None,
            ssl_mirror: Optional[str] = None,
            ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
            per_ip_shaper: Optional[str] = None,
            status: Optional[str] = None,
            tcp_mss_receiver: Optional[int] = None,
            tcp_mss_sender: Optional[int] = None,
            tcp_session_without_syn: Optional[str] = None,
            timeout_send_rst: Optional[str] = None,
            tos: Optional[str] = None,
            tos_mask: Optional[str] = None,
            tos_negate: Optional[str] = None,
            traffic_shaper: Optional[str] = None,
            traffic_shaper_reverse: Optional[str] = None,
            url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
            users: Optional[Sequence[Policy6UserArgs]] = None,
            utm_status: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vlan_cos_fwd: Optional[int] = None,
            vlan_cos_rev: Optional[int] = None,
            vlan_filter: Optional[str] = None,
            policyid: Optional[int] = None,
            vpntunnel: Optional[str] = None,
            waf_profile: Optional[str] = None,
            webcache: Optional[str] = None,
            webcache_https: Optional[str] = None,
            webfilter_profile: Optional[str] = None,
            webproxy_forward_server: Optional[str] = None,
            webproxy_profile: Optional[str] = None)
func NewPolicy6(ctx *Context, name string, args Policy6Args, opts ...ResourceOption) (*Policy6, error)
public Policy6(string name, Policy6Args args, CustomResourceOptions? opts = null)
public Policy6(String name, Policy6Args args)
public Policy6(String name, Policy6Args args, CustomResourceOptions options)
type: fortios:firewall:Policy6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. Policy6Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. Policy6Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. Policy6Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. Policy6Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. Policy6Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var policy6Resource = new Fortios.Firewall.Policy6("policy6Resource", new()
{
    Dstaddrs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DstaddrArgs
        {
            Name = "string",
        },
    },
    Dstintfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DstintfArgs
        {
            Name = "string",
        },
    },
    Schedule = "string",
    Srcaddrs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
        {
            Name = "string",
        },
    },
    Srcintfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SrcintfArgs
        {
            Name = "string",
        },
    },
    Natoutbound = "string",
    SslSshProfile = "string",
    AppCategories = new[]
    {
        new Fortios.Firewall.Inputs.Policy6AppCategoryArgs
        {
            Id = 0,
        },
    },
    AppGroups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6AppGroupArgs
        {
            Name = "string",
        },
    },
    ApplicationList = "string",
    Applications = new[]
    {
        new Fortios.Firewall.Inputs.Policy6ApplicationArgs
        {
            Id = 0,
        },
    },
    AutoAsicOffload = "string",
    AvProfile = "string",
    CifsProfile = "string",
    Comments = "string",
    CustomLogFields = new[]
    {
        new Fortios.Firewall.Inputs.Policy6CustomLogFieldArgs
        {
            FieldId = "string",
        },
    },
    DecryptedTrafficMirror = "string",
    Devices = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DeviceArgs
        {
            Name = "string",
        },
    },
    DiffservForward = "string",
    DiffservReverse = "string",
    DiffservcodeForward = "string",
    DiffservcodeRev = "string",
    DlpSensor = "string",
    DnsfilterProfile = "string",
    Dsri = "string",
    DstaddrNegate = "string",
    DynamicSortSubtable = "string",
    EmailfilterProfile = "string",
    FirewallSessionDirty = "string",
    Outbound = "string",
    FssoGroups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6FssoGroupArgs
        {
            Name = "string",
        },
    },
    GetAllTables = "string",
    GlobalLabel = "string",
    Groups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6GroupArgs
        {
            Name = "string",
        },
    },
    HttpPolicyRedirect = "string",
    IcapProfile = "string",
    Inbound = "string",
    InspectionMode = "string",
    Ippool = "string",
    IpsSensor = "string",
    Label = "string",
    Logtraffic = "string",
    LogtrafficStart = "string",
    Name = "string",
    Nat = "string",
    Natinbound = "string",
    Action = "string",
    Fixedport = "string",
    AntiReplay = "string",
    VoipProfile = "string",
    Poolnames = new[]
    {
        new Fortios.Firewall.Inputs.Policy6PoolnameArgs
        {
            Name = "string",
        },
    },
    ProfileGroup = "string",
    ProfileProtocolOptions = "string",
    ProfileType = "string",
    ReplacemsgOverrideGroup = "string",
    Rsso = "string",
    SendDenyPacket = "string",
    ServiceNegate = "string",
    Services = new[]
    {
        new Fortios.Firewall.Inputs.Policy6ServiceArgs
        {
            Name = "string",
        },
    },
    SessionTtl = 0,
    SpamfilterProfile = "string",
    SrcaddrNegate = "string",
    SshFilterProfile = "string",
    SshPolicyRedirect = "string",
    SslMirror = "string",
    SslMirrorIntfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SslMirrorIntfArgs
        {
            Name = "string",
        },
    },
    PerIpShaper = "string",
    Status = "string",
    TcpMssReceiver = 0,
    TcpMssSender = 0,
    TcpSessionWithoutSyn = "string",
    TimeoutSendRst = "string",
    Tos = "string",
    TosMask = "string",
    TosNegate = "string",
    TrafficShaper = "string",
    TrafficShaperReverse = "string",
    UrlCategories = new[]
    {
        new Fortios.Firewall.Inputs.Policy6UrlCategoryArgs
        {
            Id = 0,
        },
    },
    Users = new[]
    {
        new Fortios.Firewall.Inputs.Policy6UserArgs
        {
            Name = "string",
        },
    },
    UtmStatus = "string",
    Uuid = "string",
    Vdomparam = "string",
    VlanCosFwd = 0,
    VlanCosRev = 0,
    VlanFilter = "string",
    Policyid = 0,
    Vpntunnel = "string",
    WafProfile = "string",
    Webcache = "string",
    WebcacheHttps = "string",
    WebfilterProfile = "string",
    WebproxyForwardServer = "string",
    WebproxyProfile = "string",
});
Copy
example, err := firewall.NewPolicy6(ctx, "policy6Resource", &firewall.Policy6Args{
	Dstaddrs: firewall.Policy6DstaddrArray{
		&firewall.Policy6DstaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Dstintfs: firewall.Policy6DstintfArray{
		&firewall.Policy6DstintfArgs{
			Name: pulumi.String("string"),
		},
	},
	Schedule: pulumi.String("string"),
	Srcaddrs: firewall.Policy6SrcaddrArray{
		&firewall.Policy6SrcaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Srcintfs: firewall.Policy6SrcintfArray{
		&firewall.Policy6SrcintfArgs{
			Name: pulumi.String("string"),
		},
	},
	Natoutbound:   pulumi.String("string"),
	SslSshProfile: pulumi.String("string"),
	AppCategories: firewall.Policy6AppCategoryArray{
		&firewall.Policy6AppCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	AppGroups: firewall.Policy6AppGroupArray{
		&firewall.Policy6AppGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	ApplicationList: pulumi.String("string"),
	Applications: firewall.Policy6ApplicationArray{
		&firewall.Policy6ApplicationArgs{
			Id: pulumi.Int(0),
		},
	},
	AutoAsicOffload: pulumi.String("string"),
	AvProfile:       pulumi.String("string"),
	CifsProfile:     pulumi.String("string"),
	Comments:        pulumi.String("string"),
	CustomLogFields: firewall.Policy6CustomLogFieldArray{
		&firewall.Policy6CustomLogFieldArgs{
			FieldId: pulumi.String("string"),
		},
	},
	DecryptedTrafficMirror: pulumi.String("string"),
	Devices: firewall.Policy6DeviceArray{
		&firewall.Policy6DeviceArgs{
			Name: pulumi.String("string"),
		},
	},
	DiffservForward:      pulumi.String("string"),
	DiffservReverse:      pulumi.String("string"),
	DiffservcodeForward:  pulumi.String("string"),
	DiffservcodeRev:      pulumi.String("string"),
	DlpSensor:            pulumi.String("string"),
	DnsfilterProfile:     pulumi.String("string"),
	Dsri:                 pulumi.String("string"),
	DstaddrNegate:        pulumi.String("string"),
	DynamicSortSubtable:  pulumi.String("string"),
	EmailfilterProfile:   pulumi.String("string"),
	FirewallSessionDirty: pulumi.String("string"),
	Outbound:             pulumi.String("string"),
	FssoGroups: firewall.Policy6FssoGroupArray{
		&firewall.Policy6FssoGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	GetAllTables: pulumi.String("string"),
	GlobalLabel:  pulumi.String("string"),
	Groups: firewall.Policy6GroupArray{
		&firewall.Policy6GroupArgs{
			Name: pulumi.String("string"),
		},
	},
	HttpPolicyRedirect: pulumi.String("string"),
	IcapProfile:        pulumi.String("string"),
	Inbound:            pulumi.String("string"),
	InspectionMode:     pulumi.String("string"),
	Ippool:             pulumi.String("string"),
	IpsSensor:          pulumi.String("string"),
	Label:              pulumi.String("string"),
	Logtraffic:         pulumi.String("string"),
	LogtrafficStart:    pulumi.String("string"),
	Name:               pulumi.String("string"),
	Nat:                pulumi.String("string"),
	Natinbound:         pulumi.String("string"),
	Action:             pulumi.String("string"),
	Fixedport:          pulumi.String("string"),
	AntiReplay:         pulumi.String("string"),
	VoipProfile:        pulumi.String("string"),
	Poolnames: firewall.Policy6PoolnameArray{
		&firewall.Policy6PoolnameArgs{
			Name: pulumi.String("string"),
		},
	},
	ProfileGroup:            pulumi.String("string"),
	ProfileProtocolOptions:  pulumi.String("string"),
	ProfileType:             pulumi.String("string"),
	ReplacemsgOverrideGroup: pulumi.String("string"),
	Rsso:                    pulumi.String("string"),
	SendDenyPacket:          pulumi.String("string"),
	ServiceNegate:           pulumi.String("string"),
	Services: firewall.Policy6ServiceArray{
		&firewall.Policy6ServiceArgs{
			Name: pulumi.String("string"),
		},
	},
	SessionTtl:        pulumi.Int(0),
	SpamfilterProfile: pulumi.String("string"),
	SrcaddrNegate:     pulumi.String("string"),
	SshFilterProfile:  pulumi.String("string"),
	SshPolicyRedirect: pulumi.String("string"),
	SslMirror:         pulumi.String("string"),
	SslMirrorIntfs: firewall.Policy6SslMirrorIntfArray{
		&firewall.Policy6SslMirrorIntfArgs{
			Name: pulumi.String("string"),
		},
	},
	PerIpShaper:          pulumi.String("string"),
	Status:               pulumi.String("string"),
	TcpMssReceiver:       pulumi.Int(0),
	TcpMssSender:         pulumi.Int(0),
	TcpSessionWithoutSyn: pulumi.String("string"),
	TimeoutSendRst:       pulumi.String("string"),
	Tos:                  pulumi.String("string"),
	TosMask:              pulumi.String("string"),
	TosNegate:            pulumi.String("string"),
	TrafficShaper:        pulumi.String("string"),
	TrafficShaperReverse: pulumi.String("string"),
	UrlCategories: firewall.Policy6UrlCategoryArray{
		&firewall.Policy6UrlCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	Users: firewall.Policy6UserArray{
		&firewall.Policy6UserArgs{
			Name: pulumi.String("string"),
		},
	},
	UtmStatus:             pulumi.String("string"),
	Uuid:                  pulumi.String("string"),
	Vdomparam:             pulumi.String("string"),
	VlanCosFwd:            pulumi.Int(0),
	VlanCosRev:            pulumi.Int(0),
	VlanFilter:            pulumi.String("string"),
	Policyid:              pulumi.Int(0),
	Vpntunnel:             pulumi.String("string"),
	WafProfile:            pulumi.String("string"),
	Webcache:              pulumi.String("string"),
	WebcacheHttps:         pulumi.String("string"),
	WebfilterProfile:      pulumi.String("string"),
	WebproxyForwardServer: pulumi.String("string"),
	WebproxyProfile:       pulumi.String("string"),
})
Copy
var policy6Resource = new com.pulumi.fortios.firewall.Policy6("policy6Resource", com.pulumi.fortios.firewall.Policy6Args.builder()
    .dstaddrs(Policy6DstaddrArgs.builder()
        .name("string")
        .build())
    .dstintfs(Policy6DstintfArgs.builder()
        .name("string")
        .build())
    .schedule("string")
    .srcaddrs(Policy6SrcaddrArgs.builder()
        .name("string")
        .build())
    .srcintfs(Policy6SrcintfArgs.builder()
        .name("string")
        .build())
    .natoutbound("string")
    .sslSshProfile("string")
    .appCategories(Policy6AppCategoryArgs.builder()
        .id(0)
        .build())
    .appGroups(Policy6AppGroupArgs.builder()
        .name("string")
        .build())
    .applicationList("string")
    .applications(Policy6ApplicationArgs.builder()
        .id(0)
        .build())
    .autoAsicOffload("string")
    .avProfile("string")
    .cifsProfile("string")
    .comments("string")
    .customLogFields(Policy6CustomLogFieldArgs.builder()
        .fieldId("string")
        .build())
    .decryptedTrafficMirror("string")
    .devices(Policy6DeviceArgs.builder()
        .name("string")
        .build())
    .diffservForward("string")
    .diffservReverse("string")
    .diffservcodeForward("string")
    .diffservcodeRev("string")
    .dlpSensor("string")
    .dnsfilterProfile("string")
    .dsri("string")
    .dstaddrNegate("string")
    .dynamicSortSubtable("string")
    .emailfilterProfile("string")
    .firewallSessionDirty("string")
    .outbound("string")
    .fssoGroups(Policy6FssoGroupArgs.builder()
        .name("string")
        .build())
    .getAllTables("string")
    .globalLabel("string")
    .groups(Policy6GroupArgs.builder()
        .name("string")
        .build())
    .httpPolicyRedirect("string")
    .icapProfile("string")
    .inbound("string")
    .inspectionMode("string")
    .ippool("string")
    .ipsSensor("string")
    .label("string")
    .logtraffic("string")
    .logtrafficStart("string")
    .name("string")
    .nat("string")
    .natinbound("string")
    .action("string")
    .fixedport("string")
    .antiReplay("string")
    .voipProfile("string")
    .poolnames(Policy6PoolnameArgs.builder()
        .name("string")
        .build())
    .profileGroup("string")
    .profileProtocolOptions("string")
    .profileType("string")
    .replacemsgOverrideGroup("string")
    .rsso("string")
    .sendDenyPacket("string")
    .serviceNegate("string")
    .services(Policy6ServiceArgs.builder()
        .name("string")
        .build())
    .sessionTtl(0)
    .spamfilterProfile("string")
    .srcaddrNegate("string")
    .sshFilterProfile("string")
    .sshPolicyRedirect("string")
    .sslMirror("string")
    .sslMirrorIntfs(Policy6SslMirrorIntfArgs.builder()
        .name("string")
        .build())
    .perIpShaper("string")
    .status("string")
    .tcpMssReceiver(0)
    .tcpMssSender(0)
    .tcpSessionWithoutSyn("string")
    .timeoutSendRst("string")
    .tos("string")
    .tosMask("string")
    .tosNegate("string")
    .trafficShaper("string")
    .trafficShaperReverse("string")
    .urlCategories(Policy6UrlCategoryArgs.builder()
        .id(0)
        .build())
    .users(Policy6UserArgs.builder()
        .name("string")
        .build())
    .utmStatus("string")
    .uuid("string")
    .vdomparam("string")
    .vlanCosFwd(0)
    .vlanCosRev(0)
    .vlanFilter("string")
    .policyid(0)
    .vpntunnel("string")
    .wafProfile("string")
    .webcache("string")
    .webcacheHttps("string")
    .webfilterProfile("string")
    .webproxyForwardServer("string")
    .webproxyProfile("string")
    .build());
Copy
policy6_resource = fortios.firewall.Policy6("policy6Resource",
    dstaddrs=[{
        "name": "string",
    }],
    dstintfs=[{
        "name": "string",
    }],
    schedule="string",
    srcaddrs=[{
        "name": "string",
    }],
    srcintfs=[{
        "name": "string",
    }],
    natoutbound="string",
    ssl_ssh_profile="string",
    app_categories=[{
        "id": 0,
    }],
    app_groups=[{
        "name": "string",
    }],
    application_list="string",
    applications=[{
        "id": 0,
    }],
    auto_asic_offload="string",
    av_profile="string",
    cifs_profile="string",
    comments="string",
    custom_log_fields=[{
        "field_id": "string",
    }],
    decrypted_traffic_mirror="string",
    devices=[{
        "name": "string",
    }],
    diffserv_forward="string",
    diffserv_reverse="string",
    diffservcode_forward="string",
    diffservcode_rev="string",
    dlp_sensor="string",
    dnsfilter_profile="string",
    dsri="string",
    dstaddr_negate="string",
    dynamic_sort_subtable="string",
    emailfilter_profile="string",
    firewall_session_dirty="string",
    outbound="string",
    fsso_groups=[{
        "name": "string",
    }],
    get_all_tables="string",
    global_label="string",
    groups=[{
        "name": "string",
    }],
    http_policy_redirect="string",
    icap_profile="string",
    inbound="string",
    inspection_mode="string",
    ippool="string",
    ips_sensor="string",
    label="string",
    logtraffic="string",
    logtraffic_start="string",
    name="string",
    nat="string",
    natinbound="string",
    action="string",
    fixedport="string",
    anti_replay="string",
    voip_profile="string",
    poolnames=[{
        "name": "string",
    }],
    profile_group="string",
    profile_protocol_options="string",
    profile_type="string",
    replacemsg_override_group="string",
    rsso="string",
    send_deny_packet="string",
    service_negate="string",
    services=[{
        "name": "string",
    }],
    session_ttl=0,
    spamfilter_profile="string",
    srcaddr_negate="string",
    ssh_filter_profile="string",
    ssh_policy_redirect="string",
    ssl_mirror="string",
    ssl_mirror_intfs=[{
        "name": "string",
    }],
    per_ip_shaper="string",
    status="string",
    tcp_mss_receiver=0,
    tcp_mss_sender=0,
    tcp_session_without_syn="string",
    timeout_send_rst="string",
    tos="string",
    tos_mask="string",
    tos_negate="string",
    traffic_shaper="string",
    traffic_shaper_reverse="string",
    url_categories=[{
        "id": 0,
    }],
    users=[{
        "name": "string",
    }],
    utm_status="string",
    uuid="string",
    vdomparam="string",
    vlan_cos_fwd=0,
    vlan_cos_rev=0,
    vlan_filter="string",
    policyid=0,
    vpntunnel="string",
    waf_profile="string",
    webcache="string",
    webcache_https="string",
    webfilter_profile="string",
    webproxy_forward_server="string",
    webproxy_profile="string")
Copy
const policy6Resource = new fortios.firewall.Policy6("policy6Resource", {
    dstaddrs: [{
        name: "string",
    }],
    dstintfs: [{
        name: "string",
    }],
    schedule: "string",
    srcaddrs: [{
        name: "string",
    }],
    srcintfs: [{
        name: "string",
    }],
    natoutbound: "string",
    sslSshProfile: "string",
    appCategories: [{
        id: 0,
    }],
    appGroups: [{
        name: "string",
    }],
    applicationList: "string",
    applications: [{
        id: 0,
    }],
    autoAsicOffload: "string",
    avProfile: "string",
    cifsProfile: "string",
    comments: "string",
    customLogFields: [{
        fieldId: "string",
    }],
    decryptedTrafficMirror: "string",
    devices: [{
        name: "string",
    }],
    diffservForward: "string",
    diffservReverse: "string",
    diffservcodeForward: "string",
    diffservcodeRev: "string",
    dlpSensor: "string",
    dnsfilterProfile: "string",
    dsri: "string",
    dstaddrNegate: "string",
    dynamicSortSubtable: "string",
    emailfilterProfile: "string",
    firewallSessionDirty: "string",
    outbound: "string",
    fssoGroups: [{
        name: "string",
    }],
    getAllTables: "string",
    globalLabel: "string",
    groups: [{
        name: "string",
    }],
    httpPolicyRedirect: "string",
    icapProfile: "string",
    inbound: "string",
    inspectionMode: "string",
    ippool: "string",
    ipsSensor: "string",
    label: "string",
    logtraffic: "string",
    logtrafficStart: "string",
    name: "string",
    nat: "string",
    natinbound: "string",
    action: "string",
    fixedport: "string",
    antiReplay: "string",
    voipProfile: "string",
    poolnames: [{
        name: "string",
    }],
    profileGroup: "string",
    profileProtocolOptions: "string",
    profileType: "string",
    replacemsgOverrideGroup: "string",
    rsso: "string",
    sendDenyPacket: "string",
    serviceNegate: "string",
    services: [{
        name: "string",
    }],
    sessionTtl: 0,
    spamfilterProfile: "string",
    srcaddrNegate: "string",
    sshFilterProfile: "string",
    sshPolicyRedirect: "string",
    sslMirror: "string",
    sslMirrorIntfs: [{
        name: "string",
    }],
    perIpShaper: "string",
    status: "string",
    tcpMssReceiver: 0,
    tcpMssSender: 0,
    tcpSessionWithoutSyn: "string",
    timeoutSendRst: "string",
    tos: "string",
    tosMask: "string",
    tosNegate: "string",
    trafficShaper: "string",
    trafficShaperReverse: "string",
    urlCategories: [{
        id: 0,
    }],
    users: [{
        name: "string",
    }],
    utmStatus: "string",
    uuid: "string",
    vdomparam: "string",
    vlanCosFwd: 0,
    vlanCosRev: 0,
    vlanFilter: "string",
    policyid: 0,
    vpntunnel: "string",
    wafProfile: "string",
    webcache: "string",
    webcacheHttps: "string",
    webfilterProfile: "string",
    webproxyForwardServer: "string",
    webproxyProfile: "string",
});
Copy
type: fortios:firewall:Policy6
properties:
    action: string
    antiReplay: string
    appCategories:
        - id: 0
    appGroups:
        - name: string
    applicationList: string
    applications:
        - id: 0
    autoAsicOffload: string
    avProfile: string
    cifsProfile: string
    comments: string
    customLogFields:
        - fieldId: string
    decryptedTrafficMirror: string
    devices:
        - name: string
    diffservForward: string
    diffservReverse: string
    diffservcodeForward: string
    diffservcodeRev: string
    dlpSensor: string
    dnsfilterProfile: string
    dsri: string
    dstaddrNegate: string
    dstaddrs:
        - name: string
    dstintfs:
        - name: string
    dynamicSortSubtable: string
    emailfilterProfile: string
    firewallSessionDirty: string
    fixedport: string
    fssoGroups:
        - name: string
    getAllTables: string
    globalLabel: string
    groups:
        - name: string
    httpPolicyRedirect: string
    icapProfile: string
    inbound: string
    inspectionMode: string
    ippool: string
    ipsSensor: string
    label: string
    logtraffic: string
    logtrafficStart: string
    name: string
    nat: string
    natinbound: string
    natoutbound: string
    outbound: string
    perIpShaper: string
    policyid: 0
    poolnames:
        - name: string
    profileGroup: string
    profileProtocolOptions: string
    profileType: string
    replacemsgOverrideGroup: string
    rsso: string
    schedule: string
    sendDenyPacket: string
    serviceNegate: string
    services:
        - name: string
    sessionTtl: 0
    spamfilterProfile: string
    srcaddrNegate: string
    srcaddrs:
        - name: string
    srcintfs:
        - name: string
    sshFilterProfile: string
    sshPolicyRedirect: string
    sslMirror: string
    sslMirrorIntfs:
        - name: string
    sslSshProfile: string
    status: string
    tcpMssReceiver: 0
    tcpMssSender: 0
    tcpSessionWithoutSyn: string
    timeoutSendRst: string
    tos: string
    tosMask: string
    tosNegate: string
    trafficShaper: string
    trafficShaperReverse: string
    urlCategories:
        - id: 0
    users:
        - name: string
    utmStatus: string
    uuid: string
    vdomparam: string
    vlanCosFwd: 0
    vlanCosRev: 0
    vlanFilter: string
    voipProfile: string
    vpntunnel: string
    wafProfile: string
    webcache: string
    webcacheHttps: string
    webfilterProfile: string
    webproxyForwardServer: string
    webproxyProfile: string
Copy

Policy6 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy6 resource accepts the following input properties:

Dstaddrs This property is required. List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstaddr>
Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs This property is required. List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstintf>
Outgoing (egress) interface. The structure of dstintf block is documented below.
Schedule This property is required. string
Schedule name.
Srcaddrs This property is required. List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcaddr>
Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs This property is required. List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcintf>
Incoming (ingress) interface. The structure of srcintf block is documented below.
Action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
AntiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppCategory>
Application category ID list. The structure of app_category block is documented below.
AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppGroup>
Application group names. The structure of app_group block is documented below.
ApplicationList string
Name of an existing Application list.
Applications List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Application>
Application ID list. The structure of application block is documented below.
AutoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
AvProfile string
Name of an existing Antivirus profile.
CifsProfile string
Name of an existing CIFS profile.
Comments string
Comment.
CustomLogFields List<Pulumiverse.Fortios.Firewall.Inputs.Policy6CustomLogField>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string
Decrypted traffic mirror.
Devices List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Device>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
DiffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
DiffservcodeForward string
Change packet's DiffServ to this value.
DiffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
DlpSensor string
Name of an existing DLP sensor.
DnsfilterProfile string
Name of an existing DNS filter profile.
Dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
DstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
DynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string
Name of an existing email filter profile.
FirewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
Fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6FssoGroup>
Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GlobalLabel string
Label for the policy that appears when the GUI is in Global View mode.
Groups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Group>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
IcapProfile string
Name of an existing ICAP profile.
Inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
InspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
Ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
IpsSensor string
Name of an existing IPS sensor.
Label string
Label for the policy that appears when the GUI is in Section View mode.
Logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
Name string
Policy name.
Nat string
Enable/disable source NAT. Valid values: enable, disable.
Natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
Natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
Outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
PerIpShaper string
Per-IP traffic shaper.
Policyid Changes to this property will trigger replacement. int
Policy ID.
Poolnames List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Poolname>
IP Pool names. The structure of poolname block is documented below.
ProfileGroup string
Name of profile group.
ProfileProtocolOptions string
Name of an existing Protocol options profile.
ProfileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
ReplacemsgOverrideGroup string
Override the default replacement message group for this policy.
Rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
SendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
ServiceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Service>
Service and service group names. The structure of service block is documented below.
SessionTtl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
SpamfilterProfile string
Name of an existing Spam filter profile.
SrcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
SshFilterProfile string
Name of an existing SSH filter profile.
SshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
SslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
SslMirrorIntfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6SslMirrorIntf>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string
Name of an existing SSL SSH profile.
Status string
Enable or disable this policy. Valid values: enable, disable.
TcpMssReceiver int
Receiver TCP maximum segment size (MSS).
TcpMssSender int
Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
TimeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
Tos string
ToS (Type of Service) value used for comparison.
TosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string
Enable negated TOS match. Valid values: enable, disable.
TrafficShaper string
Reverse traffic shaper.
TrafficShaperReverse string
Reverse traffic shaper.
UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6UrlCategory>
URL category ID list. The structure of url_category block is documented below.
Users List<Pulumiverse.Fortios.Firewall.Inputs.Policy6User>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VlanCosFwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanCosRev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanFilter string
Set VLAN filters.
VoipProfile string
Name of an existing VoIP profile.
Vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string
Name of an existing Web application firewall profile.
Webcache string
Enable/disable web cache. Valid values: enable, disable.
WebcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
WebfilterProfile string
Name of an existing Web filter profile.
WebproxyForwardServer string
Web proxy forward server name.
WebproxyProfile string
Webproxy profile name.
Dstaddrs This property is required. []Policy6DstaddrArgs
Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs This property is required. []Policy6DstintfArgs
Outgoing (egress) interface. The structure of dstintf block is documented below.
Schedule This property is required. string
Schedule name.
Srcaddrs This property is required. []Policy6SrcaddrArgs
Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs This property is required. []Policy6SrcintfArgs
Incoming (ingress) interface. The structure of srcintf block is documented below.
Action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
AntiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
AppCategories []Policy6AppCategoryArgs
Application category ID list. The structure of app_category block is documented below.
AppGroups []Policy6AppGroupArgs
Application group names. The structure of app_group block is documented below.
ApplicationList string
Name of an existing Application list.
Applications []Policy6ApplicationArgs
Application ID list. The structure of application block is documented below.
AutoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
AvProfile string
Name of an existing Antivirus profile.
CifsProfile string
Name of an existing CIFS profile.
Comments string
Comment.
CustomLogFields []Policy6CustomLogFieldArgs
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string
Decrypted traffic mirror.
Devices []Policy6DeviceArgs
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
DiffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
DiffservcodeForward string
Change packet's DiffServ to this value.
DiffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
DlpSensor string
Name of an existing DLP sensor.
DnsfilterProfile string
Name of an existing DNS filter profile.
Dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
DstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
DynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string
Name of an existing email filter profile.
FirewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
Fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
FssoGroups []Policy6FssoGroupArgs
Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GlobalLabel string
Label for the policy that appears when the GUI is in Global View mode.
Groups []Policy6GroupArgs
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
IcapProfile string
Name of an existing ICAP profile.
Inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
InspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
Ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
IpsSensor string
Name of an existing IPS sensor.
Label string
Label for the policy that appears when the GUI is in Section View mode.
Logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
Name string
Policy name.
Nat string
Enable/disable source NAT. Valid values: enable, disable.
Natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
Natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
Outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
PerIpShaper string
Per-IP traffic shaper.
Policyid Changes to this property will trigger replacement. int
Policy ID.
Poolnames []Policy6PoolnameArgs
IP Pool names. The structure of poolname block is documented below.
ProfileGroup string
Name of profile group.
ProfileProtocolOptions string
Name of an existing Protocol options profile.
ProfileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
ReplacemsgOverrideGroup string
Override the default replacement message group for this policy.
Rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
SendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
ServiceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services []Policy6ServiceArgs
Service and service group names. The structure of service block is documented below.
SessionTtl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
SpamfilterProfile string
Name of an existing Spam filter profile.
SrcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
SshFilterProfile string
Name of an existing SSH filter profile.
SshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
SslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
SslMirrorIntfs []Policy6SslMirrorIntfArgs
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string
Name of an existing SSL SSH profile.
Status string
Enable or disable this policy. Valid values: enable, disable.
TcpMssReceiver int
Receiver TCP maximum segment size (MSS).
TcpMssSender int
Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
TimeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
Tos string
ToS (Type of Service) value used for comparison.
TosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string
Enable negated TOS match. Valid values: enable, disable.
TrafficShaper string
Reverse traffic shaper.
TrafficShaperReverse string
Reverse traffic shaper.
UrlCategories []Policy6UrlCategoryArgs
URL category ID list. The structure of url_category block is documented below.
Users []Policy6UserArgs
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VlanCosFwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanCosRev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanFilter string
Set VLAN filters.
VoipProfile string
Name of an existing VoIP profile.
Vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string
Name of an existing Web application firewall profile.
Webcache string
Enable/disable web cache. Valid values: enable, disable.
WebcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
WebfilterProfile string
Name of an existing Web filter profile.
WebproxyForwardServer string
Web proxy forward server name.
WebproxyProfile string
Webproxy profile name.
dstaddrs This property is required. List<Policy6Dstaddr>
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs This property is required. List<Policy6Dstintf>
Outgoing (egress) interface. The structure of dstintf block is documented below.
schedule This property is required. String
Schedule name.
srcaddrs This property is required. List<Policy6Srcaddr>
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs This property is required. List<Policy6Srcintf>
Incoming (ingress) interface. The structure of srcintf block is documented below.
action String
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay String
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories List<Policy6AppCategory>
Application category ID list. The structure of app_category block is documented below.
appGroups List<Policy6AppGroup>
Application group names. The structure of app_group block is documented below.
applicationList String
Name of an existing Application list.
applications List<Policy6Application>
Application ID list. The structure of application block is documented below.
autoAsicOffload String
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile String
Name of an existing Antivirus profile.
cifsProfile String
Name of an existing CIFS profile.
comments String
Comment.
customLogFields List<Policy6CustomLogField>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String
Decrypted traffic mirror.
devices List<Policy6Device>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward String
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse String
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward String
Change packet's DiffServ to this value.
diffservcodeRev String
Change packet's reverse (reply) DiffServ to this value.
dlpSensor String
Name of an existing DLP sensor.
dnsfilterProfile String
Name of an existing DNS filter profile.
dsri String
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate String
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dynamicSortSubtable String
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String
Name of an existing email filter profile.
firewallSessionDirty String
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport String
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups List<Policy6FssoGroup>
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel String
Label for the policy that appears when the GUI is in Global View mode.
groups List<Policy6Group>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile String
Name of an existing ICAP profile.
inbound String
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode String
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool String
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor String
Name of an existing IPS sensor.
label String
Label for the policy that appears when the GUI is in Section View mode.
logtraffic String
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String
Record logs when a session starts. Valid values: enable, disable.
name String
Policy name.
nat String
Enable/disable source NAT. Valid values: enable, disable.
natinbound String
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound String
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound String
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper String
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. Integer
Policy ID.
poolnames List<Policy6Poolname>
IP Pool names. The structure of poolname block is documented below.
profileGroup String
Name of profile group.
profileProtocolOptions String
Name of an existing Protocol options profile.
profileType String
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup String
Override the default replacement message group for this policy.
rsso String
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
sendDenyPacket String
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate String
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Policy6Service>
Service and service group names. The structure of service block is documented below.
sessionTtl Integer
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile String
Name of an existing Spam filter profile.
srcaddrNegate String
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
sshFilterProfile String
Name of an existing SSH filter profile.
sshPolicyRedirect String
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror String
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs List<Policy6SslMirrorIntf>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String
Name of an existing SSL SSH profile.
status String
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver Integer
Receiver TCP maximum segment size (MSS).
tcpMssSender Integer
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst String
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos String
ToS (Type of Service) value used for comparison.
tosMask String
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String
Enable negated TOS match. Valid values: enable, disable.
trafficShaper String
Reverse traffic shaper.
trafficShaperReverse String
Reverse traffic shaper.
urlCategories List<Policy6UrlCategory>
URL category ID list. The structure of url_category block is documented below.
users List<Policy6User>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. String
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd Integer
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev Integer
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter String
Set VLAN filters.
voipProfile String
Name of an existing VoIP profile.
vpntunnel String
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String
Name of an existing Web application firewall profile.
webcache String
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps String
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile String
Name of an existing Web filter profile.
webproxyForwardServer String
Web proxy forward server name.
webproxyProfile String
Webproxy profile name.
dstaddrs This property is required. Policy6Dstaddr[]
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs This property is required. Policy6Dstintf[]
Outgoing (egress) interface. The structure of dstintf block is documented below.
schedule This property is required. string
Schedule name.
srcaddrs This property is required. Policy6Srcaddr[]
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs This property is required. Policy6Srcintf[]
Incoming (ingress) interface. The structure of srcintf block is documented below.
action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories Policy6AppCategory[]
Application category ID list. The structure of app_category block is documented below.
appGroups Policy6AppGroup[]
Application group names. The structure of app_group block is documented below.
applicationList string
Name of an existing Application list.
applications Policy6Application[]
Application ID list. The structure of application block is documented below.
autoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile string
Name of an existing Antivirus profile.
cifsProfile string
Name of an existing CIFS profile.
comments string
Comment.
customLogFields Policy6CustomLogField[]
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror string
Decrypted traffic mirror.
devices Policy6Device[]
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward string
Change packet's DiffServ to this value.
diffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
dlpSensor string
Name of an existing DLP sensor.
dnsfilterProfile string
Name of an existing DNS filter profile.
dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile string
Name of an existing email filter profile.
firewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups Policy6FssoGroup[]
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel string
Label for the policy that appears when the GUI is in Global View mode.
groups Policy6Group[]
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile string
Name of an existing ICAP profile.
inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor string
Name of an existing IPS sensor.
label string
Label for the policy that appears when the GUI is in Section View mode.
logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
name string
Policy name.
nat string
Enable/disable source NAT. Valid values: enable, disable.
natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper string
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. number
Policy ID.
poolnames Policy6Poolname[]
IP Pool names. The structure of poolname block is documented below.
profileGroup string
Name of profile group.
profileProtocolOptions string
Name of an existing Protocol options profile.
profileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup string
Override the default replacement message group for this policy.
rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
sendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Policy6Service[]
Service and service group names. The structure of service block is documented below.
sessionTtl number
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile string
Name of an existing Spam filter profile.
srcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
sshFilterProfile string
Name of an existing SSH filter profile.
sshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs Policy6SslMirrorIntf[]
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile string
Name of an existing SSL SSH profile.
status string
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver number
Receiver TCP maximum segment size (MSS).
tcpMssSender number
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos string
ToS (Type of Service) value used for comparison.
tosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate string
Enable negated TOS match. Valid values: enable, disable.
trafficShaper string
Reverse traffic shaper.
trafficShaperReverse string
Reverse traffic shaper.
urlCategories Policy6UrlCategory[]
URL category ID list. The structure of url_category block is documented below.
users Policy6User[]
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd number
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev number
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter string
Set VLAN filters.
voipProfile string
Name of an existing VoIP profile.
vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile string
Name of an existing Web application firewall profile.
webcache string
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile string
Name of an existing Web filter profile.
webproxyForwardServer string
Web proxy forward server name.
webproxyProfile string
Webproxy profile name.
dstaddrs This property is required. Sequence[Policy6DstaddrArgs]
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs This property is required. Sequence[Policy6DstintfArgs]
Outgoing (egress) interface. The structure of dstintf block is documented below.
schedule This property is required. str
Schedule name.
srcaddrs This property is required. Sequence[Policy6SrcaddrArgs]
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs This property is required. Sequence[Policy6SrcintfArgs]
Incoming (ingress) interface. The structure of srcintf block is documented below.
action str
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
anti_replay str
Enable/disable anti-replay check. Valid values: enable, disable.
app_categories Sequence[Policy6AppCategoryArgs]
Application category ID list. The structure of app_category block is documented below.
app_groups Sequence[Policy6AppGroupArgs]
Application group names. The structure of app_group block is documented below.
application_list str
Name of an existing Application list.
applications Sequence[Policy6ApplicationArgs]
Application ID list. The structure of application block is documented below.
auto_asic_offload str
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
av_profile str
Name of an existing Antivirus profile.
cifs_profile str
Name of an existing CIFS profile.
comments str
Comment.
custom_log_fields Sequence[Policy6CustomLogFieldArgs]
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decrypted_traffic_mirror str
Decrypted traffic mirror.
devices Sequence[Policy6DeviceArgs]
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffserv_forward str
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffserv_reverse str
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcode_forward str
Change packet's DiffServ to this value.
diffservcode_rev str
Change packet's reverse (reply) DiffServ to this value.
dlp_sensor str
Name of an existing DLP sensor.
dnsfilter_profile str
Name of an existing DNS filter profile.
dsri str
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddr_negate str
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dynamic_sort_subtable str
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilter_profile str
Name of an existing email filter profile.
firewall_session_dirty str
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport str
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fsso_groups Sequence[Policy6FssoGroupArgs]
Names of FSSO groups. The structure of fsso_groups block is documented below.
get_all_tables str
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
global_label str
Label for the policy that appears when the GUI is in Global View mode.
groups Sequence[Policy6GroupArgs]
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
http_policy_redirect str
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icap_profile str
Name of an existing ICAP profile.
inbound str
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspection_mode str
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool str
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ips_sensor str
Name of an existing IPS sensor.
label str
Label for the policy that appears when the GUI is in Section View mode.
logtraffic str
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtraffic_start str
Record logs when a session starts. Valid values: enable, disable.
name str
Policy name.
nat str
Enable/disable source NAT. Valid values: enable, disable.
natinbound str
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound str
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound str
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
per_ip_shaper str
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. int
Policy ID.
poolnames Sequence[Policy6PoolnameArgs]
IP Pool names. The structure of poolname block is documented below.
profile_group str
Name of profile group.
profile_protocol_options str
Name of an existing Protocol options profile.
profile_type str
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsg_override_group str
Override the default replacement message group for this policy.
rsso str
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
send_deny_packet str
Enable/disable return of deny-packet. Valid values: enable, disable.
service_negate str
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Sequence[Policy6ServiceArgs]
Service and service group names. The structure of service block is documented below.
session_ttl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilter_profile str
Name of an existing Spam filter profile.
srcaddr_negate str
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
ssh_filter_profile str
Name of an existing SSH filter profile.
ssh_policy_redirect str
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
ssl_mirror str
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
ssl_mirror_intfs Sequence[Policy6SslMirrorIntfArgs]
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
ssl_ssh_profile str
Name of an existing SSL SSH profile.
status str
Enable or disable this policy. Valid values: enable, disable.
tcp_mss_receiver int
Receiver TCP maximum segment size (MSS).
tcp_mss_sender int
Sender TCP maximum segment size (MSS).
tcp_session_without_syn str
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeout_send_rst str
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos str
ToS (Type of Service) value used for comparison.
tos_mask str
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tos_negate str
Enable negated TOS match. Valid values: enable, disable.
traffic_shaper str
Reverse traffic shaper.
traffic_shaper_reverse str
Reverse traffic shaper.
url_categories Sequence[Policy6UrlCategoryArgs]
URL category ID list. The structure of url_category block is documented below.
users Sequence[Policy6UserArgs]
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utm_status str
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid str
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. str
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlan_cos_fwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlan_cos_rev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlan_filter str
Set VLAN filters.
voip_profile str
Name of an existing VoIP profile.
vpntunnel str
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
waf_profile str
Name of an existing Web application firewall profile.
webcache str
Enable/disable web cache. Valid values: enable, disable.
webcache_https str
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilter_profile str
Name of an existing Web filter profile.
webproxy_forward_server str
Web proxy forward server name.
webproxy_profile str
Webproxy profile name.
dstaddrs This property is required. List<Property Map>
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs This property is required. List<Property Map>
Outgoing (egress) interface. The structure of dstintf block is documented below.
schedule This property is required. String
Schedule name.
srcaddrs This property is required. List<Property Map>
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs This property is required. List<Property Map>
Incoming (ingress) interface. The structure of srcintf block is documented below.
action String
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay String
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories List<Property Map>
Application category ID list. The structure of app_category block is documented below.
appGroups List<Property Map>
Application group names. The structure of app_group block is documented below.
applicationList String
Name of an existing Application list.
applications List<Property Map>
Application ID list. The structure of application block is documented below.
autoAsicOffload String
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile String
Name of an existing Antivirus profile.
cifsProfile String
Name of an existing CIFS profile.
comments String
Comment.
customLogFields List<Property Map>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String
Decrypted traffic mirror.
devices List<Property Map>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward String
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse String
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward String
Change packet's DiffServ to this value.
diffservcodeRev String
Change packet's reverse (reply) DiffServ to this value.
dlpSensor String
Name of an existing DLP sensor.
dnsfilterProfile String
Name of an existing DNS filter profile.
dsri String
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate String
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dynamicSortSubtable String
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String
Name of an existing email filter profile.
firewallSessionDirty String
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport String
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups List<Property Map>
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel String
Label for the policy that appears when the GUI is in Global View mode.
groups List<Property Map>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile String
Name of an existing ICAP profile.
inbound String
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode String
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool String
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor String
Name of an existing IPS sensor.
label String
Label for the policy that appears when the GUI is in Section View mode.
logtraffic String
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String
Record logs when a session starts. Valid values: enable, disable.
name String
Policy name.
nat String
Enable/disable source NAT. Valid values: enable, disable.
natinbound String
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound String
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound String
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper String
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. Number
Policy ID.
poolnames List<Property Map>
IP Pool names. The structure of poolname block is documented below.
profileGroup String
Name of profile group.
profileProtocolOptions String
Name of an existing Protocol options profile.
profileType String
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup String
Override the default replacement message group for this policy.
rsso String
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
sendDenyPacket String
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate String
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Property Map>
Service and service group names. The structure of service block is documented below.
sessionTtl Number
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile String
Name of an existing Spam filter profile.
srcaddrNegate String
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
sshFilterProfile String
Name of an existing SSH filter profile.
sshPolicyRedirect String
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror String
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs List<Property Map>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String
Name of an existing SSL SSH profile.
status String
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver Number
Receiver TCP maximum segment size (MSS).
tcpMssSender Number
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst String
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos String
ToS (Type of Service) value used for comparison.
tosMask String
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String
Enable negated TOS match. Valid values: enable, disable.
trafficShaper String
Reverse traffic shaper.
trafficShaperReverse String
Reverse traffic shaper.
urlCategories List<Property Map>
URL category ID list. The structure of url_category block is documented below.
users List<Property Map>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. String
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd Number
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev Number
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter String
Set VLAN filters.
voipProfile String
Name of an existing VoIP profile.
vpntunnel String
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String
Name of an existing Web application firewall profile.
webcache String
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps String
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile String
Name of an existing Web filter profile.
webproxyForwardServer String
Web proxy forward server name.
webproxyProfile String
Webproxy profile name.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy6 resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Policy6 Resource

Get an existing Policy6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: Policy6State, opts?: CustomResourceOptions): Policy6
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        anti_replay: Optional[str] = None,
        app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
        app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
        application_list: Optional[str] = None,
        applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
        auto_asic_offload: Optional[str] = None,
        av_profile: Optional[str] = None,
        cifs_profile: Optional[str] = None,
        comments: Optional[str] = None,
        custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
        decrypted_traffic_mirror: Optional[str] = None,
        devices: Optional[Sequence[Policy6DeviceArgs]] = None,
        diffserv_forward: Optional[str] = None,
        diffserv_reverse: Optional[str] = None,
        diffservcode_forward: Optional[str] = None,
        diffservcode_rev: Optional[str] = None,
        dlp_sensor: Optional[str] = None,
        dnsfilter_profile: Optional[str] = None,
        dsri: Optional[str] = None,
        dstaddr_negate: Optional[str] = None,
        dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
        dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        emailfilter_profile: Optional[str] = None,
        firewall_session_dirty: Optional[str] = None,
        fixedport: Optional[str] = None,
        fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
        get_all_tables: Optional[str] = None,
        global_label: Optional[str] = None,
        groups: Optional[Sequence[Policy6GroupArgs]] = None,
        http_policy_redirect: Optional[str] = None,
        icap_profile: Optional[str] = None,
        inbound: Optional[str] = None,
        inspection_mode: Optional[str] = None,
        ippool: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        label: Optional[str] = None,
        logtraffic: Optional[str] = None,
        logtraffic_start: Optional[str] = None,
        name: Optional[str] = None,
        nat: Optional[str] = None,
        natinbound: Optional[str] = None,
        natoutbound: Optional[str] = None,
        outbound: Optional[str] = None,
        per_ip_shaper: Optional[str] = None,
        policyid: Optional[int] = None,
        poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
        profile_group: Optional[str] = None,
        profile_protocol_options: Optional[str] = None,
        profile_type: Optional[str] = None,
        replacemsg_override_group: Optional[str] = None,
        rsso: Optional[str] = None,
        schedule: Optional[str] = None,
        send_deny_packet: Optional[str] = None,
        service_negate: Optional[str] = None,
        services: Optional[Sequence[Policy6ServiceArgs]] = None,
        session_ttl: Optional[int] = None,
        spamfilter_profile: Optional[str] = None,
        srcaddr_negate: Optional[str] = None,
        srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
        srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
        ssh_filter_profile: Optional[str] = None,
        ssh_policy_redirect: Optional[str] = None,
        ssl_mirror: Optional[str] = None,
        ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
        ssl_ssh_profile: Optional[str] = None,
        status: Optional[str] = None,
        tcp_mss_receiver: Optional[int] = None,
        tcp_mss_sender: Optional[int] = None,
        tcp_session_without_syn: Optional[str] = None,
        timeout_send_rst: Optional[str] = None,
        tos: Optional[str] = None,
        tos_mask: Optional[str] = None,
        tos_negate: Optional[str] = None,
        traffic_shaper: Optional[str] = None,
        traffic_shaper_reverse: Optional[str] = None,
        url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
        users: Optional[Sequence[Policy6UserArgs]] = None,
        utm_status: Optional[str] = None,
        uuid: Optional[str] = None,
        vdomparam: Optional[str] = None,
        vlan_cos_fwd: Optional[int] = None,
        vlan_cos_rev: Optional[int] = None,
        vlan_filter: Optional[str] = None,
        voip_profile: Optional[str] = None,
        vpntunnel: Optional[str] = None,
        waf_profile: Optional[str] = None,
        webcache: Optional[str] = None,
        webcache_https: Optional[str] = None,
        webfilter_profile: Optional[str] = None,
        webproxy_forward_server: Optional[str] = None,
        webproxy_profile: Optional[str] = None) -> Policy6
func GetPolicy6(ctx *Context, name string, id IDInput, state *Policy6State, opts ...ResourceOption) (*Policy6, error)
public static Policy6 Get(string name, Input<string> id, Policy6State? state, CustomResourceOptions? opts = null)
public static Policy6 get(String name, Output<String> id, Policy6State state, CustomResourceOptions options)
resources:  _:    type: fortios:firewall:Policy6    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
AntiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppCategory>
Application category ID list. The structure of app_category block is documented below.
AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppGroup>
Application group names. The structure of app_group block is documented below.
ApplicationList string
Name of an existing Application list.
Applications List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Application>
Application ID list. The structure of application block is documented below.
AutoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
AvProfile string
Name of an existing Antivirus profile.
CifsProfile string
Name of an existing CIFS profile.
Comments string
Comment.
CustomLogFields List<Pulumiverse.Fortios.Firewall.Inputs.Policy6CustomLogField>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string
Decrypted traffic mirror.
Devices List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Device>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
DiffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
DiffservcodeForward string
Change packet's DiffServ to this value.
DiffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
DlpSensor string
Name of an existing DLP sensor.
DnsfilterProfile string
Name of an existing DNS filter profile.
Dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
DstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstaddr>
Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstintf>
Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string
Name of an existing email filter profile.
FirewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
Fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6FssoGroup>
Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GlobalLabel string
Label for the policy that appears when the GUI is in Global View mode.
Groups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Group>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
IcapProfile string
Name of an existing ICAP profile.
Inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
InspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
Ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
IpsSensor string
Name of an existing IPS sensor.
Label string
Label for the policy that appears when the GUI is in Section View mode.
Logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
Name string
Policy name.
Nat string
Enable/disable source NAT. Valid values: enable, disable.
Natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
Natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
Outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
PerIpShaper string
Per-IP traffic shaper.
Policyid Changes to this property will trigger replacement. int
Policy ID.
Poolnames List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Poolname>
IP Pool names. The structure of poolname block is documented below.
ProfileGroup string
Name of profile group.
ProfileProtocolOptions string
Name of an existing Protocol options profile.
ProfileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
ReplacemsgOverrideGroup string
Override the default replacement message group for this policy.
Rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
Schedule string
Schedule name.
SendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
ServiceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Service>
Service and service group names. The structure of service block is documented below.
SessionTtl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
SpamfilterProfile string
Name of an existing Spam filter profile.
SrcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcaddr>
Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcintf>
Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string
Name of an existing SSH filter profile.
SshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
SslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
SslMirrorIntfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6SslMirrorIntf>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string
Name of an existing SSL SSH profile.
Status string
Enable or disable this policy. Valid values: enable, disable.
TcpMssReceiver int
Receiver TCP maximum segment size (MSS).
TcpMssSender int
Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
TimeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
Tos string
ToS (Type of Service) value used for comparison.
TosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string
Enable negated TOS match. Valid values: enable, disable.
TrafficShaper string
Reverse traffic shaper.
TrafficShaperReverse string
Reverse traffic shaper.
UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6UrlCategory>
URL category ID list. The structure of url_category block is documented below.
Users List<Pulumiverse.Fortios.Firewall.Inputs.Policy6User>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VlanCosFwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanCosRev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanFilter string
Set VLAN filters.
VoipProfile string
Name of an existing VoIP profile.
Vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string
Name of an existing Web application firewall profile.
Webcache string
Enable/disable web cache. Valid values: enable, disable.
WebcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
WebfilterProfile string
Name of an existing Web filter profile.
WebproxyForwardServer string
Web proxy forward server name.
WebproxyProfile string
Webproxy profile name.
Action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
AntiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
AppCategories []Policy6AppCategoryArgs
Application category ID list. The structure of app_category block is documented below.
AppGroups []Policy6AppGroupArgs
Application group names. The structure of app_group block is documented below.
ApplicationList string
Name of an existing Application list.
Applications []Policy6ApplicationArgs
Application ID list. The structure of application block is documented below.
AutoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
AvProfile string
Name of an existing Antivirus profile.
CifsProfile string
Name of an existing CIFS profile.
Comments string
Comment.
CustomLogFields []Policy6CustomLogFieldArgs
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string
Decrypted traffic mirror.
Devices []Policy6DeviceArgs
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
DiffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
DiffservcodeForward string
Change packet's DiffServ to this value.
DiffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
DlpSensor string
Name of an existing DLP sensor.
DnsfilterProfile string
Name of an existing DNS filter profile.
Dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
DstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs []Policy6DstaddrArgs
Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs []Policy6DstintfArgs
Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string
Name of an existing email filter profile.
FirewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
Fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
FssoGroups []Policy6FssoGroupArgs
Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GlobalLabel string
Label for the policy that appears when the GUI is in Global View mode.
Groups []Policy6GroupArgs
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
IcapProfile string
Name of an existing ICAP profile.
Inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
InspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
Ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
IpsSensor string
Name of an existing IPS sensor.
Label string
Label for the policy that appears when the GUI is in Section View mode.
Logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
Name string
Policy name.
Nat string
Enable/disable source NAT. Valid values: enable, disable.
Natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
Natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
Outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
PerIpShaper string
Per-IP traffic shaper.
Policyid Changes to this property will trigger replacement. int
Policy ID.
Poolnames []Policy6PoolnameArgs
IP Pool names. The structure of poolname block is documented below.
ProfileGroup string
Name of profile group.
ProfileProtocolOptions string
Name of an existing Protocol options profile.
ProfileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
ReplacemsgOverrideGroup string
Override the default replacement message group for this policy.
Rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
Schedule string
Schedule name.
SendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
ServiceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services []Policy6ServiceArgs
Service and service group names. The structure of service block is documented below.
SessionTtl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
SpamfilterProfile string
Name of an existing Spam filter profile.
SrcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs []Policy6SrcaddrArgs
Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs []Policy6SrcintfArgs
Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string
Name of an existing SSH filter profile.
SshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
SslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
SslMirrorIntfs []Policy6SslMirrorIntfArgs
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string
Name of an existing SSL SSH profile.
Status string
Enable or disable this policy. Valid values: enable, disable.
TcpMssReceiver int
Receiver TCP maximum segment size (MSS).
TcpMssSender int
Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
TimeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
Tos string
ToS (Type of Service) value used for comparison.
TosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string
Enable negated TOS match. Valid values: enable, disable.
TrafficShaper string
Reverse traffic shaper.
TrafficShaperReverse string
Reverse traffic shaper.
UrlCategories []Policy6UrlCategoryArgs
URL category ID list. The structure of url_category block is documented below.
Users []Policy6UserArgs
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VlanCosFwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanCosRev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
VlanFilter string
Set VLAN filters.
VoipProfile string
Name of an existing VoIP profile.
Vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string
Name of an existing Web application firewall profile.
Webcache string
Enable/disable web cache. Valid values: enable, disable.
WebcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
WebfilterProfile string
Name of an existing Web filter profile.
WebproxyForwardServer string
Web proxy forward server name.
WebproxyProfile string
Webproxy profile name.
action String
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay String
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories List<Policy6AppCategory>
Application category ID list. The structure of app_category block is documented below.
appGroups List<Policy6AppGroup>
Application group names. The structure of app_group block is documented below.
applicationList String
Name of an existing Application list.
applications List<Policy6Application>
Application ID list. The structure of application block is documented below.
autoAsicOffload String
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile String
Name of an existing Antivirus profile.
cifsProfile String
Name of an existing CIFS profile.
comments String
Comment.
customLogFields List<Policy6CustomLogField>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String
Decrypted traffic mirror.
devices List<Policy6Device>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward String
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse String
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward String
Change packet's DiffServ to this value.
diffservcodeRev String
Change packet's reverse (reply) DiffServ to this value.
dlpSensor String
Name of an existing DLP sensor.
dnsfilterProfile String
Name of an existing DNS filter profile.
dsri String
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate String
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<Policy6Dstaddr>
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs List<Policy6Dstintf>
Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String
Name of an existing email filter profile.
firewallSessionDirty String
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport String
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups List<Policy6FssoGroup>
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel String
Label for the policy that appears when the GUI is in Global View mode.
groups List<Policy6Group>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile String
Name of an existing ICAP profile.
inbound String
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode String
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool String
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor String
Name of an existing IPS sensor.
label String
Label for the policy that appears when the GUI is in Section View mode.
logtraffic String
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String
Record logs when a session starts. Valid values: enable, disable.
name String
Policy name.
nat String
Enable/disable source NAT. Valid values: enable, disable.
natinbound String
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound String
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound String
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper String
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. Integer
Policy ID.
poolnames List<Policy6Poolname>
IP Pool names. The structure of poolname block is documented below.
profileGroup String
Name of profile group.
profileProtocolOptions String
Name of an existing Protocol options profile.
profileType String
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup String
Override the default replacement message group for this policy.
rsso String
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
schedule String
Schedule name.
sendDenyPacket String
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate String
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Policy6Service>
Service and service group names. The structure of service block is documented below.
sessionTtl Integer
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile String
Name of an existing Spam filter profile.
srcaddrNegate String
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<Policy6Srcaddr>
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs List<Policy6Srcintf>
Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String
Name of an existing SSH filter profile.
sshPolicyRedirect String
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror String
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs List<Policy6SslMirrorIntf>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String
Name of an existing SSL SSH profile.
status String
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver Integer
Receiver TCP maximum segment size (MSS).
tcpMssSender Integer
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst String
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos String
ToS (Type of Service) value used for comparison.
tosMask String
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String
Enable negated TOS match. Valid values: enable, disable.
trafficShaper String
Reverse traffic shaper.
trafficShaperReverse String
Reverse traffic shaper.
urlCategories List<Policy6UrlCategory>
URL category ID list. The structure of url_category block is documented below.
users List<Policy6User>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. String
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd Integer
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev Integer
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter String
Set VLAN filters.
voipProfile String
Name of an existing VoIP profile.
vpntunnel String
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String
Name of an existing Web application firewall profile.
webcache String
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps String
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile String
Name of an existing Web filter profile.
webproxyForwardServer String
Web proxy forward server name.
webproxyProfile String
Webproxy profile name.
action string
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay string
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories Policy6AppCategory[]
Application category ID list. The structure of app_category block is documented below.
appGroups Policy6AppGroup[]
Application group names. The structure of app_group block is documented below.
applicationList string
Name of an existing Application list.
applications Policy6Application[]
Application ID list. The structure of application block is documented below.
autoAsicOffload string
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile string
Name of an existing Antivirus profile.
cifsProfile string
Name of an existing CIFS profile.
comments string
Comment.
customLogFields Policy6CustomLogField[]
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror string
Decrypted traffic mirror.
devices Policy6Device[]
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward string
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse string
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward string
Change packet's DiffServ to this value.
diffservcodeRev string
Change packet's reverse (reply) DiffServ to this value.
dlpSensor string
Name of an existing DLP sensor.
dnsfilterProfile string
Name of an existing DNS filter profile.
dsri string
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate string
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs Policy6Dstaddr[]
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs Policy6Dstintf[]
Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable string
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile string
Name of an existing email filter profile.
firewallSessionDirty string
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport string
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups Policy6FssoGroup[]
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables string
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel string
Label for the policy that appears when the GUI is in Global View mode.
groups Policy6Group[]
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect string
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile string
Name of an existing ICAP profile.
inbound string
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode string
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool string
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor string
Name of an existing IPS sensor.
label string
Label for the policy that appears when the GUI is in Section View mode.
logtraffic string
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart string
Record logs when a session starts. Valid values: enable, disable.
name string
Policy name.
nat string
Enable/disable source NAT. Valid values: enable, disable.
natinbound string
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound string
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound string
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper string
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. number
Policy ID.
poolnames Policy6Poolname[]
IP Pool names. The structure of poolname block is documented below.
profileGroup string
Name of profile group.
profileProtocolOptions string
Name of an existing Protocol options profile.
profileType string
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup string
Override the default replacement message group for this policy.
rsso string
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
schedule string
Schedule name.
sendDenyPacket string
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate string
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Policy6Service[]
Service and service group names. The structure of service block is documented below.
sessionTtl number
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile string
Name of an existing Spam filter profile.
srcaddrNegate string
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs Policy6Srcaddr[]
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs Policy6Srcintf[]
Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile string
Name of an existing SSH filter profile.
sshPolicyRedirect string
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror string
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs Policy6SslMirrorIntf[]
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile string
Name of an existing SSL SSH profile.
status string
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver number
Receiver TCP maximum segment size (MSS).
tcpMssSender number
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn string
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst string
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos string
ToS (Type of Service) value used for comparison.
tosMask string
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate string
Enable negated TOS match. Valid values: enable, disable.
trafficShaper string
Reverse traffic shaper.
trafficShaperReverse string
Reverse traffic shaper.
urlCategories Policy6UrlCategory[]
URL category ID list. The structure of url_category block is documented below.
users Policy6User[]
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus string
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. string
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd number
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev number
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter string
Set VLAN filters.
voipProfile string
Name of an existing VoIP profile.
vpntunnel string
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile string
Name of an existing Web application firewall profile.
webcache string
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps string
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile string
Name of an existing Web filter profile.
webproxyForwardServer string
Web proxy forward server name.
webproxyProfile string
Webproxy profile name.
action str
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
anti_replay str
Enable/disable anti-replay check. Valid values: enable, disable.
app_categories Sequence[Policy6AppCategoryArgs]
Application category ID list. The structure of app_category block is documented below.
app_groups Sequence[Policy6AppGroupArgs]
Application group names. The structure of app_group block is documented below.
application_list str
Name of an existing Application list.
applications Sequence[Policy6ApplicationArgs]
Application ID list. The structure of application block is documented below.
auto_asic_offload str
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
av_profile str
Name of an existing Antivirus profile.
cifs_profile str
Name of an existing CIFS profile.
comments str
Comment.
custom_log_fields Sequence[Policy6CustomLogFieldArgs]
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decrypted_traffic_mirror str
Decrypted traffic mirror.
devices Sequence[Policy6DeviceArgs]
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffserv_forward str
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffserv_reverse str
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcode_forward str
Change packet's DiffServ to this value.
diffservcode_rev str
Change packet's reverse (reply) DiffServ to this value.
dlp_sensor str
Name of an existing DLP sensor.
dnsfilter_profile str
Name of an existing DNS filter profile.
dsri str
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddr_negate str
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs Sequence[Policy6DstaddrArgs]
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs Sequence[Policy6DstintfArgs]
Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamic_sort_subtable str
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilter_profile str
Name of an existing email filter profile.
firewall_session_dirty str
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport str
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fsso_groups Sequence[Policy6FssoGroupArgs]
Names of FSSO groups. The structure of fsso_groups block is documented below.
get_all_tables str
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
global_label str
Label for the policy that appears when the GUI is in Global View mode.
groups Sequence[Policy6GroupArgs]
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
http_policy_redirect str
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icap_profile str
Name of an existing ICAP profile.
inbound str
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspection_mode str
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool str
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ips_sensor str
Name of an existing IPS sensor.
label str
Label for the policy that appears when the GUI is in Section View mode.
logtraffic str
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtraffic_start str
Record logs when a session starts. Valid values: enable, disable.
name str
Policy name.
nat str
Enable/disable source NAT. Valid values: enable, disable.
natinbound str
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound str
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound str
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
per_ip_shaper str
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. int
Policy ID.
poolnames Sequence[Policy6PoolnameArgs]
IP Pool names. The structure of poolname block is documented below.
profile_group str
Name of profile group.
profile_protocol_options str
Name of an existing Protocol options profile.
profile_type str
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsg_override_group str
Override the default replacement message group for this policy.
rsso str
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
schedule str
Schedule name.
send_deny_packet str
Enable/disable return of deny-packet. Valid values: enable, disable.
service_negate str
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Sequence[Policy6ServiceArgs]
Service and service group names. The structure of service block is documented below.
session_ttl int
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilter_profile str
Name of an existing Spam filter profile.
srcaddr_negate str
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs Sequence[Policy6SrcaddrArgs]
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs Sequence[Policy6SrcintfArgs]
Incoming (ingress) interface. The structure of srcintf block is documented below.
ssh_filter_profile str
Name of an existing SSH filter profile.
ssh_policy_redirect str
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
ssl_mirror str
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
ssl_mirror_intfs Sequence[Policy6SslMirrorIntfArgs]
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
ssl_ssh_profile str
Name of an existing SSL SSH profile.
status str
Enable or disable this policy. Valid values: enable, disable.
tcp_mss_receiver int
Receiver TCP maximum segment size (MSS).
tcp_mss_sender int
Sender TCP maximum segment size (MSS).
tcp_session_without_syn str
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeout_send_rst str
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos str
ToS (Type of Service) value used for comparison.
tos_mask str
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tos_negate str
Enable negated TOS match. Valid values: enable, disable.
traffic_shaper str
Reverse traffic shaper.
traffic_shaper_reverse str
Reverse traffic shaper.
url_categories Sequence[Policy6UrlCategoryArgs]
URL category ID list. The structure of url_category block is documented below.
users Sequence[Policy6UserArgs]
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utm_status str
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid str
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. str
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlan_cos_fwd int
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlan_cos_rev int
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlan_filter str
Set VLAN filters.
voip_profile str
Name of an existing VoIP profile.
vpntunnel str
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
waf_profile str
Name of an existing Web application firewall profile.
webcache str
Enable/disable web cache. Valid values: enable, disable.
webcache_https str
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilter_profile str
Name of an existing Web filter profile.
webproxy_forward_server str
Web proxy forward server name.
webproxy_profile str
Webproxy profile name.
action String
Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
antiReplay String
Enable/disable anti-replay check. Valid values: enable, disable.
appCategories List<Property Map>
Application category ID list. The structure of app_category block is documented below.
appGroups List<Property Map>
Application group names. The structure of app_group block is documented below.
applicationList String
Name of an existing Application list.
applications List<Property Map>
Application ID list. The structure of application block is documented below.
autoAsicOffload String
Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
avProfile String
Name of an existing Antivirus profile.
cifsProfile String
Name of an existing CIFS profile.
comments String
Comment.
customLogFields List<Property Map>
Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String
Decrypted traffic mirror.
devices List<Property Map>
Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diffservForward String
Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
diffservReverse String
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
diffservcodeForward String
Change packet's DiffServ to this value.
diffservcodeRev String
Change packet's reverse (reply) DiffServ to this value.
dlpSensor String
Name of an existing DLP sensor.
dnsfilterProfile String
Name of an existing DNS filter profile.
dsri String
Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
dstaddrNegate String
When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<Property Map>
Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs List<Property Map>
Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String
Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String
Name of an existing email filter profile.
firewallSessionDirty String
How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
fixedport String
Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
fssoGroups List<Property Map>
Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String
Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
globalLabel String
Label for the policy that appears when the GUI is in Global View mode.
groups List<Property Map>
Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String
Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
icapProfile String
Name of an existing ICAP profile.
inbound String
Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
inspectionMode String
Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
ippool String
Enable to use IP Pools for source NAT. Valid values: enable, disable.
ipsSensor String
Name of an existing IPS sensor.
label String
Label for the policy that appears when the GUI is in Section View mode.
logtraffic String
Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String
Record logs when a session starts. Valid values: enable, disable.
name String
Policy name.
nat String
Enable/disable source NAT. Valid values: enable, disable.
natinbound String
Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
natoutbound String
Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
outbound String
Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
perIpShaper String
Per-IP traffic shaper.
policyid Changes to this property will trigger replacement. Number
Policy ID.
poolnames List<Property Map>
IP Pool names. The structure of poolname block is documented below.
profileGroup String
Name of profile group.
profileProtocolOptions String
Name of an existing Protocol options profile.
profileType String
Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
replacemsgOverrideGroup String
Override the default replacement message group for this policy.
rsso String
Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
schedule String
Schedule name.
sendDenyPacket String
Enable/disable return of deny-packet. Valid values: enable, disable.
serviceNegate String
When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Property Map>
Service and service group names. The structure of service block is documented below.
sessionTtl Number
Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
spamfilterProfile String
Name of an existing Spam filter profile.
srcaddrNegate String
When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<Property Map>
Source address and address group names. The structure of srcaddr block is documented below.
srcintfs List<Property Map>
Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String
Name of an existing SSH filter profile.
sshPolicyRedirect String
Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
sslMirror String
Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
sslMirrorIntfs List<Property Map>
SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String
Name of an existing SSL SSH profile.
status String
Enable or disable this policy. Valid values: enable, disable.
tcpMssReceiver Number
Receiver TCP maximum segment size (MSS).
tcpMssSender Number
Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String
Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
timeoutSendRst String
Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
tos String
ToS (Type of Service) value used for comparison.
tosMask String
Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String
Enable negated TOS match. Valid values: enable, disable.
trafficShaper String
Reverse traffic shaper.
trafficShaperReverse String
Reverse traffic shaper.
urlCategories List<Property Map>
URL category ID list. The structure of url_category block is documented below.
users List<Property Map>
Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String
Enable AV/web/ips protection profile. Valid values: enable, disable.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam Changes to this property will trigger replacement. String
Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
vlanCosFwd Number
VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanCosRev Number
VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
vlanFilter String
Set VLAN filters.
voipProfile String
Name of an existing VoIP profile.
vpntunnel String
Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String
Name of an existing Web application firewall profile.
webcache String
Enable/disable web cache. Valid values: enable, disable.
webcacheHttps String
Enable/disable web cache for HTTPS. Valid values: disable, enable.
webfilterProfile String
Name of an existing Web filter profile.
webproxyForwardServer String
Web proxy forward server name.
webproxyProfile String
Webproxy profile name.

Supporting Types

Policy6AppCategory
, Policy6AppCategoryArgs

Id int
Category IDs.
Id int
Category IDs.
id Integer
Category IDs.
id number
Category IDs.
id int
Category IDs.
id Number
Category IDs.

Policy6AppGroup
, Policy6AppGroupArgs

Name string
Application group names.
Name string
Application group names.
name String
Application group names.
name string
Application group names.
name str
Application group names.
name String
Application group names.

Policy6Application
, Policy6ApplicationArgs

Id int
Application IDs.
Id int
Application IDs.
id Integer
Application IDs.
id number
Application IDs.
id int
Application IDs.
id Number
Application IDs.

Policy6CustomLogField
, Policy6CustomLogFieldArgs

FieldId string
Custom log field.
FieldId string
Custom log field.
fieldId String
Custom log field.
fieldId string
Custom log field.
field_id str
Custom log field.
fieldId String
Custom log field.

Policy6Device
, Policy6DeviceArgs

Name string
Device or group name.
Name string
Device or group name.
name String
Device or group name.
name string
Device or group name.
name str
Device or group name.
name String
Device or group name.

Policy6Dstaddr
, Policy6DstaddrArgs

Name string
Address name.
Name string
Address name.
name String
Address name.
name string
Address name.
name str
Address name.
name String
Address name.

Policy6Dstintf
, Policy6DstintfArgs

Name string
Interface name.
Name string
Interface name.
name String
Interface name.
name string
Interface name.
name str
Interface name.
name String
Interface name.

Policy6FssoGroup
, Policy6FssoGroupArgs

Name string
Names of FSSO groups.
Name string
Names of FSSO groups.
name String
Names of FSSO groups.
name string
Names of FSSO groups.
name str
Names of FSSO groups.
name String
Names of FSSO groups.

Policy6Group
, Policy6GroupArgs

Name string
Group name.
Name string
Group name.
name String
Group name.
name string
Group name.
name str
Group name.
name String
Group name.

Policy6Poolname
, Policy6PoolnameArgs

Name string
IP pool name.
Name string
IP pool name.
name String
IP pool name.
name string
IP pool name.
name str
IP pool name.
name String
IP pool name.

Policy6Service
, Policy6ServiceArgs

Name string
Address name.
Name string
Address name.
name String
Address name.
name string
Address name.
name str
Address name.
name String
Address name.

Policy6Srcaddr
, Policy6SrcaddrArgs

Name string
Address name.
Name string
Address name.
name String
Address name.
name string
Address name.
name str
Address name.
name String
Address name.

Policy6Srcintf
, Policy6SrcintfArgs

Name string
Interface name.
Name string
Interface name.
name String
Interface name.
name string
Interface name.
name str
Interface name.
name String
Interface name.

Policy6SslMirrorIntf
, Policy6SslMirrorIntfArgs

Name string
Interface name.
Name string
Interface name.
name String
Interface name.
name string
Interface name.
name str
Interface name.
name String
Interface name.

Policy6UrlCategory
, Policy6UrlCategoryArgs

Id int
URL category ID.
Id int
URL category ID.
id Integer
URL category ID.
id number
URL category ID.
id int
URL category ID.
id Number
URL category ID.

Policy6User
, Policy6UserArgs

Name string
Names of individual users that can authenticate with this policy.
Name string
Names of individual users that can authenticate with this policy.
name String
Names of individual users that can authenticate with this policy.
name string
Names of individual users that can authenticate with this policy.
name str
Names of individual users that can authenticate with this policy.
name String
Names of individual users that can authenticate with this policy.

Import

Firewall Policy6 can be imported using any of these accepted formats:

$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
Copy

If you do not want to import arguments of block:

$ export “FORTIOS_IMPORT_TABLE”=“false”

$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
Copy

$ unset “FORTIOS_IMPORT_TABLE”

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
fortios pulumiverse/pulumi-fortios
License
Apache-2.0
Notes
This Pulumi package is based on the fortios Terraform Provider.