1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. firewall/consolidated
  6. Policy
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

fortios.firewall/consolidated.Policy

Explore with Pulumi AI

fortios logo
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

    Configure consolidated IPv4/IPv6 policies. Applies to FortiOS Version <= 6.4.0.

    Create Policy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Policy(name: string, args?: PolicyArgs, opts?: CustomResourceOptions);
    @overload
    def Policy(resource_name: str,
               args: Optional[PolicyArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Policy(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               action: Optional[str] = None,
               app_categories: Optional[Sequence[PolicyAppCategoryArgs]] = None,
               app_groups: Optional[Sequence[PolicyAppGroupArgs]] = None,
               application_list: Optional[str] = None,
               applications: Optional[Sequence[PolicyApplicationArgs]] = None,
               auto_asic_offload: Optional[str] = None,
               av_profile: Optional[str] = None,
               captive_portal_exempt: Optional[str] = None,
               cifs_profile: Optional[str] = None,
               comments: Optional[str] = None,
               diffserv_forward: Optional[str] = None,
               diffserv_reverse: Optional[str] = None,
               diffservcode_forward: Optional[str] = None,
               diffservcode_rev: Optional[str] = None,
               dlp_sensor: Optional[str] = None,
               dnsfilter_profile: Optional[str] = None,
               dstaddr4s: Optional[Sequence[PolicyDstaddr4Args]] = None,
               dstaddr6s: Optional[Sequence[PolicyDstaddr6Args]] = None,
               dstaddr_negate: Optional[str] = None,
               dstintfs: Optional[Sequence[PolicyDstintfArgs]] = None,
               dynamic_sort_subtable: Optional[str] = None,
               emailfilter_profile: Optional[str] = None,
               fixedport: Optional[str] = None,
               fsso_groups: Optional[Sequence[PolicyFssoGroupArgs]] = None,
               get_all_tables: Optional[str] = None,
               groups: Optional[Sequence[PolicyGroupArgs]] = None,
               http_policy_redirect: Optional[str] = None,
               icap_profile: Optional[str] = None,
               inbound: Optional[str] = None,
               inspection_mode: Optional[str] = None,
               internet_service: Optional[str] = None,
               internet_service_custom_groups: Optional[Sequence[PolicyInternetServiceCustomGroupArgs]] = None,
               internet_service_customs: Optional[Sequence[PolicyInternetServiceCustomArgs]] = None,
               internet_service_groups: Optional[Sequence[PolicyInternetServiceGroupArgs]] = None,
               internet_service_ids: Optional[Sequence[PolicyInternetServiceIdArgs]] = None,
               internet_service_names: Optional[Sequence[PolicyInternetServiceNameArgs]] = None,
               internet_service_negate: Optional[str] = None,
               internet_service_src: Optional[str] = None,
               internet_service_src_custom_groups: Optional[Sequence[PolicyInternetServiceSrcCustomGroupArgs]] = None,
               internet_service_src_customs: Optional[Sequence[PolicyInternetServiceSrcCustomArgs]] = None,
               internet_service_src_groups: Optional[Sequence[PolicyInternetServiceSrcGroupArgs]] = None,
               internet_service_src_ids: Optional[Sequence[PolicyInternetServiceSrcIdArgs]] = None,
               internet_service_src_names: Optional[Sequence[PolicyInternetServiceSrcNameArgs]] = None,
               internet_service_src_negate: Optional[str] = None,
               ippool: Optional[str] = None,
               ips_sensor: Optional[str] = None,
               logtraffic: Optional[str] = None,
               logtraffic_start: Optional[str] = None,
               name: Optional[str] = None,
               nat: Optional[str] = None,
               outbound: Optional[str] = None,
               per_ip_shaper: Optional[str] = None,
               policyid: Optional[int] = None,
               poolname4s: Optional[Sequence[PolicyPoolname4Args]] = None,
               poolname6s: Optional[Sequence[PolicyPoolname6Args]] = None,
               profile_group: Optional[str] = None,
               profile_protocol_options: Optional[str] = None,
               profile_type: Optional[str] = None,
               schedule: Optional[str] = None,
               service_negate: Optional[str] = None,
               services: Optional[Sequence[PolicyServiceArgs]] = None,
               session_ttl: Optional[int] = None,
               spamfilter_profile: Optional[str] = None,
               srcaddr4s: Optional[Sequence[PolicySrcaddr4Args]] = None,
               srcaddr6s: Optional[Sequence[PolicySrcaddr6Args]] = None,
               srcaddr_negate: Optional[str] = None,
               srcintfs: Optional[Sequence[PolicySrcintfArgs]] = None,
               ssh_filter_profile: Optional[str] = None,
               ssh_policy_redirect: Optional[str] = None,
               ssl_ssh_profile: Optional[str] = None,
               status: Optional[str] = None,
               tcp_mss_receiver: Optional[int] = None,
               tcp_mss_sender: Optional[int] = None,
               traffic_shaper: Optional[str] = None,
               traffic_shaper_reverse: Optional[str] = None,
               url_categories: Optional[Sequence[PolicyUrlCategoryArgs]] = None,
               users: Optional[Sequence[PolicyUserArgs]] = None,
               utm_status: Optional[str] = None,
               uuid: Optional[str] = None,
               vdomparam: Optional[str] = None,
               voip_profile: Optional[str] = None,
               vpntunnel: Optional[str] = None,
               waf_profile: Optional[str] = None,
               wanopt: Optional[str] = None,
               wanopt_detection: Optional[str] = None,
               wanopt_passive_opt: Optional[str] = None,
               wanopt_peer: Optional[str] = None,
               wanopt_profile: Optional[str] = None,
               webcache: Optional[str] = None,
               webcache_https: Optional[str] = None,
               webfilter_profile: Optional[str] = None,
               webproxy_forward_server: Optional[str] = None,
               webproxy_profile: Optional[str] = None)
    func NewPolicy(ctx *Context, name string, args *PolicyArgs, opts ...ResourceOption) (*Policy, error)
    public Policy(string name, PolicyArgs? args = null, CustomResourceOptions? opts = null)
    public Policy(String name, PolicyArgs args)
    public Policy(String name, PolicyArgs args, CustomResourceOptions options)
    
    type: fortios:firewall/consolidated/policy:Policy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var policyResource = new Fortios.Firewall.Consolidated.Policy("policyResource", new()
    {
        Action = "string",
        AppCategories = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyAppCategoryArgs
            {
                Id = 0,
            },
        },
        AppGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyAppGroupArgs
            {
                Name = "string",
            },
        },
        ApplicationList = "string",
        Applications = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyApplicationArgs
            {
                Id = 0,
            },
        },
        AutoAsicOffload = "string",
        AvProfile = "string",
        CaptivePortalExempt = "string",
        CifsProfile = "string",
        Comments = "string",
        DiffservForward = "string",
        DiffservReverse = "string",
        DiffservcodeForward = "string",
        DiffservcodeRev = "string",
        DlpSensor = "string",
        DnsfilterProfile = "string",
        Dstaddr4s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr4Args
            {
                Name = "string",
            },
        },
        Dstaddr6s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr6Args
            {
                Name = "string",
            },
        },
        DstaddrNegate = "string",
        Dstintfs = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyDstintfArgs
            {
                Name = "string",
            },
        },
        DynamicSortSubtable = "string",
        EmailfilterProfile = "string",
        Fixedport = "string",
        FssoGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyFssoGroupArgs
            {
                Name = "string",
            },
        },
        GetAllTables = "string",
        Groups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyGroupArgs
            {
                Name = "string",
            },
        },
        HttpPolicyRedirect = "string",
        IcapProfile = "string",
        Inbound = "string",
        InspectionMode = "string",
        InternetService = "string",
        InternetServiceCustomGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceCustoms = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustomArgs
            {
                Name = "string",
            },
        },
        InternetServiceGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceIds = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceIdArgs
            {
                Id = 0,
            },
        },
        InternetServiceNames = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceNameArgs
            {
                Name = "string",
            },
        },
        InternetServiceNegate = "string",
        InternetServiceSrc = "string",
        InternetServiceSrcCustomGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustomGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcCustoms = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustomArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcGroups = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcGroupArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcIds = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcIdArgs
            {
                Id = 0,
            },
        },
        InternetServiceSrcNames = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcNameArgs
            {
                Name = "string",
            },
        },
        InternetServiceSrcNegate = "string",
        Ippool = "string",
        IpsSensor = "string",
        Logtraffic = "string",
        LogtrafficStart = "string",
        Name = "string",
        Nat = "string",
        Outbound = "string",
        PerIpShaper = "string",
        Policyid = 0,
        Poolname4s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyPoolname4Args
            {
                Name = "string",
            },
        },
        Poolname6s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyPoolname6Args
            {
                Name = "string",
            },
        },
        ProfileGroup = "string",
        ProfileProtocolOptions = "string",
        ProfileType = "string",
        Schedule = "string",
        ServiceNegate = "string",
        Services = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyServiceArgs
            {
                Name = "string",
            },
        },
        SessionTtl = 0,
        SpamfilterProfile = "string",
        Srcaddr4s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr4Args
            {
                Name = "string",
            },
        },
        Srcaddr6s = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr6Args
            {
                Name = "string",
            },
        },
        SrcaddrNegate = "string",
        Srcintfs = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicySrcintfArgs
            {
                Name = "string",
            },
        },
        SshFilterProfile = "string",
        SshPolicyRedirect = "string",
        SslSshProfile = "string",
        Status = "string",
        TcpMssReceiver = 0,
        TcpMssSender = 0,
        TrafficShaper = "string",
        TrafficShaperReverse = "string",
        UrlCategories = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyUrlCategoryArgs
            {
                Id = 0,
            },
        },
        Users = new[]
        {
            new Fortios.Firewall.Consolidated.Inputs.PolicyUserArgs
            {
                Name = "string",
            },
        },
        UtmStatus = "string",
        Uuid = "string",
        Vdomparam = "string",
        VoipProfile = "string",
        Vpntunnel = "string",
        WafProfile = "string",
        Wanopt = "string",
        WanoptDetection = "string",
        WanoptPassiveOpt = "string",
        WanoptPeer = "string",
        WanoptProfile = "string",
        Webcache = "string",
        WebcacheHttps = "string",
        WebfilterProfile = "string",
        WebproxyForwardServer = "string",
        WebproxyProfile = "string",
    });
    
    example, err := firewall.NewPolicy(ctx, "policyResource", &firewall.PolicyArgs{
    	Action: pulumi.String("string"),
    	AppCategories: consolidated.PolicyAppCategoryArray{
    		&consolidated.PolicyAppCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AppGroups: consolidated.PolicyAppGroupArray{
    		&consolidated.PolicyAppGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	ApplicationList: pulumi.String("string"),
    	Applications: consolidated.PolicyApplicationArray{
    		&consolidated.PolicyApplicationArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AutoAsicOffload:     pulumi.String("string"),
    	AvProfile:           pulumi.String("string"),
    	CaptivePortalExempt: pulumi.String("string"),
    	CifsProfile:         pulumi.String("string"),
    	Comments:            pulumi.String("string"),
    	DiffservForward:     pulumi.String("string"),
    	DiffservReverse:     pulumi.String("string"),
    	DiffservcodeForward: pulumi.String("string"),
    	DiffservcodeRev:     pulumi.String("string"),
    	DlpSensor:           pulumi.String("string"),
    	DnsfilterProfile:    pulumi.String("string"),
    	Dstaddr4s: consolidated.PolicyDstaddr4Array{
    		&consolidated.PolicyDstaddr4Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	Dstaddr6s: consolidated.PolicyDstaddr6Array{
    		&consolidated.PolicyDstaddr6Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	DstaddrNegate: pulumi.String("string"),
    	Dstintfs: consolidated.PolicyDstintfArray{
    		&consolidated.PolicyDstintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	DynamicSortSubtable: pulumi.String("string"),
    	EmailfilterProfile:  pulumi.String("string"),
    	Fixedport:           pulumi.String("string"),
    	FssoGroups: consolidated.PolicyFssoGroupArray{
    		&consolidated.PolicyFssoGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	GetAllTables: pulumi.String("string"),
    	Groups: consolidated.PolicyGroupArray{
    		&consolidated.PolicyGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	HttpPolicyRedirect: pulumi.String("string"),
    	IcapProfile:        pulumi.String("string"),
    	Inbound:            pulumi.String("string"),
    	InspectionMode:     pulumi.String("string"),
    	InternetService:    pulumi.String("string"),
    	InternetServiceCustomGroups: consolidated.PolicyInternetServiceCustomGroupArray{
    		&consolidated.PolicyInternetServiceCustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceCustoms: consolidated.PolicyInternetServiceCustomArray{
    		&consolidated.PolicyInternetServiceCustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceGroups: consolidated.PolicyInternetServiceGroupArray{
    		&consolidated.PolicyInternetServiceGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceIds: consolidated.PolicyInternetServiceIdArray{
    		&consolidated.PolicyInternetServiceIdArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	InternetServiceNames: consolidated.PolicyInternetServiceNameArray{
    		&consolidated.PolicyInternetServiceNameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceNegate: pulumi.String("string"),
    	InternetServiceSrc:    pulumi.String("string"),
    	InternetServiceSrcCustomGroups: consolidated.PolicyInternetServiceSrcCustomGroupArray{
    		&consolidated.PolicyInternetServiceSrcCustomGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcCustoms: consolidated.PolicyInternetServiceSrcCustomArray{
    		&consolidated.PolicyInternetServiceSrcCustomArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcGroups: consolidated.PolicyInternetServiceSrcGroupArray{
    		&consolidated.PolicyInternetServiceSrcGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcIds: consolidated.PolicyInternetServiceSrcIdArray{
    		&consolidated.PolicyInternetServiceSrcIdArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	InternetServiceSrcNames: consolidated.PolicyInternetServiceSrcNameArray{
    		&consolidated.PolicyInternetServiceSrcNameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	InternetServiceSrcNegate: pulumi.String("string"),
    	Ippool:                   pulumi.String("string"),
    	IpsSensor:                pulumi.String("string"),
    	Logtraffic:               pulumi.String("string"),
    	LogtrafficStart:          pulumi.String("string"),
    	Name:                     pulumi.String("string"),
    	Nat:                      pulumi.String("string"),
    	Outbound:                 pulumi.String("string"),
    	PerIpShaper:              pulumi.String("string"),
    	Policyid:                 pulumi.Int(0),
    	Poolname4s: consolidated.PolicyPoolname4Array{
    		&consolidated.PolicyPoolname4Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	Poolname6s: consolidated.PolicyPoolname6Array{
    		&consolidated.PolicyPoolname6Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	ProfileGroup:           pulumi.String("string"),
    	ProfileProtocolOptions: pulumi.String("string"),
    	ProfileType:            pulumi.String("string"),
    	Schedule:               pulumi.String("string"),
    	ServiceNegate:          pulumi.String("string"),
    	Services: consolidated.PolicyServiceArray{
    		&consolidated.PolicyServiceArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SessionTtl:        pulumi.Int(0),
    	SpamfilterProfile: pulumi.String("string"),
    	Srcaddr4s: consolidated.PolicySrcaddr4Array{
    		&consolidated.PolicySrcaddr4Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	Srcaddr6s: consolidated.PolicySrcaddr6Array{
    		&consolidated.PolicySrcaddr6Args{
    			Name: pulumi.String("string"),
    		},
    	},
    	SrcaddrNegate: pulumi.String("string"),
    	Srcintfs: consolidated.PolicySrcintfArray{
    		&consolidated.PolicySrcintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SshFilterProfile:     pulumi.String("string"),
    	SshPolicyRedirect:    pulumi.String("string"),
    	SslSshProfile:        pulumi.String("string"),
    	Status:               pulumi.String("string"),
    	TcpMssReceiver:       pulumi.Int(0),
    	TcpMssSender:         pulumi.Int(0),
    	TrafficShaper:        pulumi.String("string"),
    	TrafficShaperReverse: pulumi.String("string"),
    	UrlCategories: consolidated.PolicyUrlCategoryArray{
    		&consolidated.PolicyUrlCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	Users: consolidated.PolicyUserArray{
    		&consolidated.PolicyUserArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	UtmStatus:             pulumi.String("string"),
    	Uuid:                  pulumi.String("string"),
    	Vdomparam:             pulumi.String("string"),
    	VoipProfile:           pulumi.String("string"),
    	Vpntunnel:             pulumi.String("string"),
    	WafProfile:            pulumi.String("string"),
    	Wanopt:                pulumi.String("string"),
    	WanoptDetection:       pulumi.String("string"),
    	WanoptPassiveOpt:      pulumi.String("string"),
    	WanoptPeer:            pulumi.String("string"),
    	WanoptProfile:         pulumi.String("string"),
    	Webcache:              pulumi.String("string"),
    	WebcacheHttps:         pulumi.String("string"),
    	WebfilterProfile:      pulumi.String("string"),
    	WebproxyForwardServer: pulumi.String("string"),
    	WebproxyProfile:       pulumi.String("string"),
    })
    
    var policyResource = new Policy("policyResource", PolicyArgs.builder()
        .action("string")
        .appCategories(PolicyAppCategoryArgs.builder()
            .id(0)
            .build())
        .appGroups(PolicyAppGroupArgs.builder()
            .name("string")
            .build())
        .applicationList("string")
        .applications(PolicyApplicationArgs.builder()
            .id(0)
            .build())
        .autoAsicOffload("string")
        .avProfile("string")
        .captivePortalExempt("string")
        .cifsProfile("string")
        .comments("string")
        .diffservForward("string")
        .diffservReverse("string")
        .diffservcodeForward("string")
        .diffservcodeRev("string")
        .dlpSensor("string")
        .dnsfilterProfile("string")
        .dstaddr4s(PolicyDstaddr4Args.builder()
            .name("string")
            .build())
        .dstaddr6s(PolicyDstaddr6Args.builder()
            .name("string")
            .build())
        .dstaddrNegate("string")
        .dstintfs(PolicyDstintfArgs.builder()
            .name("string")
            .build())
        .dynamicSortSubtable("string")
        .emailfilterProfile("string")
        .fixedport("string")
        .fssoGroups(PolicyFssoGroupArgs.builder()
            .name("string")
            .build())
        .getAllTables("string")
        .groups(PolicyGroupArgs.builder()
            .name("string")
            .build())
        .httpPolicyRedirect("string")
        .icapProfile("string")
        .inbound("string")
        .inspectionMode("string")
        .internetService("string")
        .internetServiceCustomGroups(PolicyInternetServiceCustomGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceCustoms(PolicyInternetServiceCustomArgs.builder()
            .name("string")
            .build())
        .internetServiceGroups(PolicyInternetServiceGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceIds(PolicyInternetServiceIdArgs.builder()
            .id(0)
            .build())
        .internetServiceNames(PolicyInternetServiceNameArgs.builder()
            .name("string")
            .build())
        .internetServiceNegate("string")
        .internetServiceSrc("string")
        .internetServiceSrcCustomGroups(PolicyInternetServiceSrcCustomGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcCustoms(PolicyInternetServiceSrcCustomArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcGroups(PolicyInternetServiceSrcGroupArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcIds(PolicyInternetServiceSrcIdArgs.builder()
            .id(0)
            .build())
        .internetServiceSrcNames(PolicyInternetServiceSrcNameArgs.builder()
            .name("string")
            .build())
        .internetServiceSrcNegate("string")
        .ippool("string")
        .ipsSensor("string")
        .logtraffic("string")
        .logtrafficStart("string")
        .name("string")
        .nat("string")
        .outbound("string")
        .perIpShaper("string")
        .policyid(0)
        .poolname4s(PolicyPoolname4Args.builder()
            .name("string")
            .build())
        .poolname6s(PolicyPoolname6Args.builder()
            .name("string")
            .build())
        .profileGroup("string")
        .profileProtocolOptions("string")
        .profileType("string")
        .schedule("string")
        .serviceNegate("string")
        .services(PolicyServiceArgs.builder()
            .name("string")
            .build())
        .sessionTtl(0)
        .spamfilterProfile("string")
        .srcaddr4s(PolicySrcaddr4Args.builder()
            .name("string")
            .build())
        .srcaddr6s(PolicySrcaddr6Args.builder()
            .name("string")
            .build())
        .srcaddrNegate("string")
        .srcintfs(PolicySrcintfArgs.builder()
            .name("string")
            .build())
        .sshFilterProfile("string")
        .sshPolicyRedirect("string")
        .sslSshProfile("string")
        .status("string")
        .tcpMssReceiver(0)
        .tcpMssSender(0)
        .trafficShaper("string")
        .trafficShaperReverse("string")
        .urlCategories(PolicyUrlCategoryArgs.builder()
            .id(0)
            .build())
        .users(PolicyUserArgs.builder()
            .name("string")
            .build())
        .utmStatus("string")
        .uuid("string")
        .vdomparam("string")
        .voipProfile("string")
        .vpntunnel("string")
        .wafProfile("string")
        .wanopt("string")
        .wanoptDetection("string")
        .wanoptPassiveOpt("string")
        .wanoptPeer("string")
        .wanoptProfile("string")
        .webcache("string")
        .webcacheHttps("string")
        .webfilterProfile("string")
        .webproxyForwardServer("string")
        .webproxyProfile("string")
        .build());
    
    policy_resource = fortios.firewall.consolidated.Policy("policyResource",
        action="string",
        app_categories=[fortios.firewall.consolidated.PolicyAppCategoryArgs(
            id=0,
        )],
        app_groups=[fortios.firewall.consolidated.PolicyAppGroupArgs(
            name="string",
        )],
        application_list="string",
        applications=[fortios.firewall.consolidated.PolicyApplicationArgs(
            id=0,
        )],
        auto_asic_offload="string",
        av_profile="string",
        captive_portal_exempt="string",
        cifs_profile="string",
        comments="string",
        diffserv_forward="string",
        diffserv_reverse="string",
        diffservcode_forward="string",
        diffservcode_rev="string",
        dlp_sensor="string",
        dnsfilter_profile="string",
        dstaddr4s=[fortios.firewall.consolidated.PolicyDstaddr4Args(
            name="string",
        )],
        dstaddr6s=[fortios.firewall.consolidated.PolicyDstaddr6Args(
            name="string",
        )],
        dstaddr_negate="string",
        dstintfs=[fortios.firewall.consolidated.PolicyDstintfArgs(
            name="string",
        )],
        dynamic_sort_subtable="string",
        emailfilter_profile="string",
        fixedport="string",
        fsso_groups=[fortios.firewall.consolidated.PolicyFssoGroupArgs(
            name="string",
        )],
        get_all_tables="string",
        groups=[fortios.firewall.consolidated.PolicyGroupArgs(
            name="string",
        )],
        http_policy_redirect="string",
        icap_profile="string",
        inbound="string",
        inspection_mode="string",
        internet_service="string",
        internet_service_custom_groups=[fortios.firewall.consolidated.PolicyInternetServiceCustomGroupArgs(
            name="string",
        )],
        internet_service_customs=[fortios.firewall.consolidated.PolicyInternetServiceCustomArgs(
            name="string",
        )],
        internet_service_groups=[fortios.firewall.consolidated.PolicyInternetServiceGroupArgs(
            name="string",
        )],
        internet_service_ids=[fortios.firewall.consolidated.PolicyInternetServiceIdArgs(
            id=0,
        )],
        internet_service_names=[fortios.firewall.consolidated.PolicyInternetServiceNameArgs(
            name="string",
        )],
        internet_service_negate="string",
        internet_service_src="string",
        internet_service_src_custom_groups=[fortios.firewall.consolidated.PolicyInternetServiceSrcCustomGroupArgs(
            name="string",
        )],
        internet_service_src_customs=[fortios.firewall.consolidated.PolicyInternetServiceSrcCustomArgs(
            name="string",
        )],
        internet_service_src_groups=[fortios.firewall.consolidated.PolicyInternetServiceSrcGroupArgs(
            name="string",
        )],
        internet_service_src_ids=[fortios.firewall.consolidated.PolicyInternetServiceSrcIdArgs(
            id=0,
        )],
        internet_service_src_names=[fortios.firewall.consolidated.PolicyInternetServiceSrcNameArgs(
            name="string",
        )],
        internet_service_src_negate="string",
        ippool="string",
        ips_sensor="string",
        logtraffic="string",
        logtraffic_start="string",
        name="string",
        nat="string",
        outbound="string",
        per_ip_shaper="string",
        policyid=0,
        poolname4s=[fortios.firewall.consolidated.PolicyPoolname4Args(
            name="string",
        )],
        poolname6s=[fortios.firewall.consolidated.PolicyPoolname6Args(
            name="string",
        )],
        profile_group="string",
        profile_protocol_options="string",
        profile_type="string",
        schedule="string",
        service_negate="string",
        services=[fortios.firewall.consolidated.PolicyServiceArgs(
            name="string",
        )],
        session_ttl=0,
        spamfilter_profile="string",
        srcaddr4s=[fortios.firewall.consolidated.PolicySrcaddr4Args(
            name="string",
        )],
        srcaddr6s=[fortios.firewall.consolidated.PolicySrcaddr6Args(
            name="string",
        )],
        srcaddr_negate="string",
        srcintfs=[fortios.firewall.consolidated.PolicySrcintfArgs(
            name="string",
        )],
        ssh_filter_profile="string",
        ssh_policy_redirect="string",
        ssl_ssh_profile="string",
        status="string",
        tcp_mss_receiver=0,
        tcp_mss_sender=0,
        traffic_shaper="string",
        traffic_shaper_reverse="string",
        url_categories=[fortios.firewall.consolidated.PolicyUrlCategoryArgs(
            id=0,
        )],
        users=[fortios.firewall.consolidated.PolicyUserArgs(
            name="string",
        )],
        utm_status="string",
        uuid="string",
        vdomparam="string",
        voip_profile="string",
        vpntunnel="string",
        waf_profile="string",
        wanopt="string",
        wanopt_detection="string",
        wanopt_passive_opt="string",
        wanopt_peer="string",
        wanopt_profile="string",
        webcache="string",
        webcache_https="string",
        webfilter_profile="string",
        webproxy_forward_server="string",
        webproxy_profile="string")
    
    const policyResource = new fortios.firewall.consolidated.Policy("policyResource", {
        action: "string",
        appCategories: [{
            id: 0,
        }],
        appGroups: [{
            name: "string",
        }],
        applicationList: "string",
        applications: [{
            id: 0,
        }],
        autoAsicOffload: "string",
        avProfile: "string",
        captivePortalExempt: "string",
        cifsProfile: "string",
        comments: "string",
        diffservForward: "string",
        diffservReverse: "string",
        diffservcodeForward: "string",
        diffservcodeRev: "string",
        dlpSensor: "string",
        dnsfilterProfile: "string",
        dstaddr4s: [{
            name: "string",
        }],
        dstaddr6s: [{
            name: "string",
        }],
        dstaddrNegate: "string",
        dstintfs: [{
            name: "string",
        }],
        dynamicSortSubtable: "string",
        emailfilterProfile: "string",
        fixedport: "string",
        fssoGroups: [{
            name: "string",
        }],
        getAllTables: "string",
        groups: [{
            name: "string",
        }],
        httpPolicyRedirect: "string",
        icapProfile: "string",
        inbound: "string",
        inspectionMode: "string",
        internetService: "string",
        internetServiceCustomGroups: [{
            name: "string",
        }],
        internetServiceCustoms: [{
            name: "string",
        }],
        internetServiceGroups: [{
            name: "string",
        }],
        internetServiceIds: [{
            id: 0,
        }],
        internetServiceNames: [{
            name: "string",
        }],
        internetServiceNegate: "string",
        internetServiceSrc: "string",
        internetServiceSrcCustomGroups: [{
            name: "string",
        }],
        internetServiceSrcCustoms: [{
            name: "string",
        }],
        internetServiceSrcGroups: [{
            name: "string",
        }],
        internetServiceSrcIds: [{
            id: 0,
        }],
        internetServiceSrcNames: [{
            name: "string",
        }],
        internetServiceSrcNegate: "string",
        ippool: "string",
        ipsSensor: "string",
        logtraffic: "string",
        logtrafficStart: "string",
        name: "string",
        nat: "string",
        outbound: "string",
        perIpShaper: "string",
        policyid: 0,
        poolname4s: [{
            name: "string",
        }],
        poolname6s: [{
            name: "string",
        }],
        profileGroup: "string",
        profileProtocolOptions: "string",
        profileType: "string",
        schedule: "string",
        serviceNegate: "string",
        services: [{
            name: "string",
        }],
        sessionTtl: 0,
        spamfilterProfile: "string",
        srcaddr4s: [{
            name: "string",
        }],
        srcaddr6s: [{
            name: "string",
        }],
        srcaddrNegate: "string",
        srcintfs: [{
            name: "string",
        }],
        sshFilterProfile: "string",
        sshPolicyRedirect: "string",
        sslSshProfile: "string",
        status: "string",
        tcpMssReceiver: 0,
        tcpMssSender: 0,
        trafficShaper: "string",
        trafficShaperReverse: "string",
        urlCategories: [{
            id: 0,
        }],
        users: [{
            name: "string",
        }],
        utmStatus: "string",
        uuid: "string",
        vdomparam: "string",
        voipProfile: "string",
        vpntunnel: "string",
        wafProfile: "string",
        wanopt: "string",
        wanoptDetection: "string",
        wanoptPassiveOpt: "string",
        wanoptPeer: "string",
        wanoptProfile: "string",
        webcache: "string",
        webcacheHttps: "string",
        webfilterProfile: "string",
        webproxyForwardServer: "string",
        webproxyProfile: "string",
    });
    
    Coming soon!
    

    Policy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Policy resource accepts the following input properties:

    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AppCategories List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyApplication>
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CaptivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolname4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyPoolname4>
    IPv4 pool names. The structure of poolname4 block is documented below.
    Poolname6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyPoolname6>
    IPv6 pool names. The structure of poolname6 block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyService>
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    Srcaddr4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TrafficShaper string
    Traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyUrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    Users List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    WanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    WanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    WanoptPeer string
    WAN optimization peer.
    WanoptProfile string
    WAN optimization profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Webproxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AppCategories []PolicyAppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []PolicyAppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []PolicyApplicationArgs
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CaptivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s []PolicyDstaddr4Args
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6s []PolicyDstaddr6Args
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstintfs []PolicyDstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups []PolicyFssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups []PolicyGroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetServiceCustomGroups []PolicyInternetServiceCustomGroupArgs
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms []PolicyInternetServiceCustomArgs
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups []PolicyInternetServiceGroupArgs
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds []PolicyInternetServiceIdArgs
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames []PolicyInternetServiceNameArgs
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups []PolicyInternetServiceSrcCustomGroupArgs
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms []PolicyInternetServiceSrcCustomArgs
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups []PolicyInternetServiceSrcGroupArgs
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds []PolicyInternetServiceSrcIdArgs
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames []PolicyInternetServiceSrcNameArgs
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolname4s []PolicyPoolname4Args
    IPv4 pool names. The structure of poolname4 block is documented below.
    Poolname6s []PolicyPoolname6Args
    IPv6 pool names. The structure of poolname6 block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []PolicyServiceArgs
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    Srcaddr4s []PolicySrcaddr4Args
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6s []PolicySrcaddr6Args
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcintfs []PolicySrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TrafficShaper string
    Traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories []PolicyUrlCategoryArgs
    URL category ID list. The structure of url_category block is documented below.
    Users []PolicyUserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    WanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    WanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    WanoptPeer string
    WAN optimization peer.
    WanoptProfile string
    WAN optimization profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Webproxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories List<PolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<PolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<PolicyApplication>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    captivePortalExempt String
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<PolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s List<PolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs List<PolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<PolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<PolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups List<PolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<PolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<PolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<PolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<PolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<PolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<PolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<PolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<PolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<PolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Integer
    Policy ID.
    poolname4s List<PolicyPoolname4>
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s List<PolicyPoolname6>
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<PolicyService>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Integer
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddr4s List<PolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s List<PolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs List<PolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Integer
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Integer
    Sender TCP maximum segment size (MSS).
    trafficShaper String
    Traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<PolicyUrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    users List<PolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    wanopt String
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection String
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt String
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer String
    WAN optimization peer.
    wanoptProfile String
    WAN optimization profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Webproxy forward server name.
    webproxyProfile String
    Webproxy profile name.
    action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories PolicyAppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups PolicyAppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications PolicyApplication[]
    Application ID list. The structure of application block is documented below.
    autoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile string
    Name of an existing Antivirus profile.
    captivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    diffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward string
    Change packet's DiffServ to this value.
    diffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dstaddr4s PolicyDstaddr4[]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s PolicyDstaddr6[]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs PolicyDstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups PolicyFssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups PolicyGroup[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile string
    Name of an existing ICAP profile.
    inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups PolicyInternetServiceCustomGroup[]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms PolicyInternetServiceCustom[]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups PolicyInternetServiceGroup[]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds PolicyInternetServiceId[]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames PolicyInternetServiceName[]
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups PolicyInternetServiceSrcCustomGroup[]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms PolicyInternetServiceSrcCustom[]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups PolicyInternetServiceSrcGroup[]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds PolicyInternetServiceSrcId[]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames PolicyInternetServiceSrcName[]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat string
    Enable/disable source NAT. Valid values: enable, disable.
    outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper string
    Per-IP traffic shaper.
    policyid number
    Policy ID.
    poolname4s PolicyPoolname4[]
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s PolicyPoolname6[]
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule string
    Schedule name.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services PolicyService[]
    Service and service group names. The structure of service block is documented below.
    sessionTtl number
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile string
    Name of an existing Spam filter profile.
    srcaddr4s PolicySrcaddr4[]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s PolicySrcaddr6[]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs PolicySrcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender number
    Sender TCP maximum segment size (MSS).
    trafficShaper string
    Traffic shaper.
    trafficShaperReverse string
    Reverse traffic shaper.
    urlCategories PolicyUrlCategory[]
    URL category ID list. The structure of url_category block is documented below.
    users PolicyUser[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile string
    Name of an existing VoIP profile.
    vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile string
    Name of an existing Web application firewall profile.
    wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer string
    WAN optimization peer.
    wanoptProfile string
    WAN optimization profile.
    webcache string
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile string
    Name of an existing Web filter profile.
    webproxyForwardServer string
    Webproxy forward server name.
    webproxyProfile string
    Webproxy profile name.
    action str
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    app_categories Sequence[PolicyAppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[PolicyAppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[PolicyApplicationArgs]
    Application ID list. The structure of application block is documented below.
    auto_asic_offload str
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    av_profile str
    Name of an existing Antivirus profile.
    captive_portal_exempt str
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    diffserv_forward str
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffserv_reverse str
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcode_forward str
    Change packet's DiffServ to this value.
    diffservcode_rev str
    Change packet's reverse (reply) DiffServ to this value.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dstaddr4s Sequence[PolicyDstaddr4Args]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s Sequence[PolicyDstaddr6Args]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddr_negate str
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs Sequence[PolicyDstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    fixedport str
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fsso_groups Sequence[PolicyFssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups Sequence[PolicyGroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    http_policy_redirect str
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icap_profile str
    Name of an existing ICAP profile.
    inbound str
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspection_mode str
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internet_service str
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internet_service_custom_groups Sequence[PolicyInternetServiceCustomGroupArgs]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internet_service_customs Sequence[PolicyInternetServiceCustomArgs]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internet_service_groups Sequence[PolicyInternetServiceGroupArgs]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internet_service_ids Sequence[PolicyInternetServiceIdArgs]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internet_service_names Sequence[PolicyInternetServiceNameArgs]
    Internet Service name. The structure of internet_service_name block is documented below.
    internet_service_negate str
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_src str
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service_src_custom_groups Sequence[PolicyInternetServiceSrcCustomGroupArgs]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internet_service_src_customs Sequence[PolicyInternetServiceSrcCustomArgs]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internet_service_src_groups Sequence[PolicyInternetServiceSrcGroupArgs]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internet_service_src_ids Sequence[PolicyInternetServiceSrcIdArgs]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internet_service_src_names Sequence[PolicyInternetServiceSrcNameArgs]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internet_service_src_negate str
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool str
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat str
    Enable/disable source NAT. Valid values: enable, disable.
    outbound str
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    per_ip_shaper str
    Per-IP traffic shaper.
    policyid int
    Policy ID.
    poolname4s Sequence[PolicyPoolname4Args]
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s Sequence[PolicyPoolname6Args]
    IPv6 pool names. The structure of poolname6 block is documented below.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule str
    Schedule name.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[PolicyServiceArgs]
    Service and service group names. The structure of service block is documented below.
    session_ttl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilter_profile str
    Name of an existing Spam filter profile.
    srcaddr4s Sequence[PolicySrcaddr4Args]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s Sequence[PolicySrcaddr6Args]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddr_negate str
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs Sequence[PolicySrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssh_policy_redirect str
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    tcp_mss_receiver int
    Receiver TCP maximum segment size (MSS).
    tcp_mss_sender int
    Sender TCP maximum segment size (MSS).
    traffic_shaper str
    Traffic shaper.
    traffic_shaper_reverse str
    Reverse traffic shaper.
    url_categories Sequence[PolicyUrlCategoryArgs]
    URL category ID list. The structure of url_category block is documented below.
    users Sequence[PolicyUserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voip_profile str
    Name of an existing VoIP profile.
    vpntunnel str
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    waf_profile str
    Name of an existing Web application firewall profile.
    wanopt str
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanopt_detection str
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanopt_passive_opt str
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanopt_peer str
    WAN optimization peer.
    wanopt_profile str
    WAN optimization profile.
    webcache str
    Enable/disable web cache. Valid values: enable, disable.
    webcache_https str
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilter_profile str
    Name of an existing Web filter profile.
    webproxy_forward_server str
    Webproxy forward server name.
    webproxy_profile str
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    captivePortalExempt String
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s List<Property Map>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups List<Property Map>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<Property Map>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<Property Map>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<Property Map>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<Property Map>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<Property Map>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<Property Map>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<Property Map>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<Property Map>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<Property Map>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Number
    Policy ID.
    poolname4s List<Property Map>
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s List<Property Map>
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Number
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddr4s List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s List<Property Map>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Number
    Sender TCP maximum segment size (MSS).
    trafficShaper String
    Traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Property Map>
    URL category ID list. The structure of url_category block is documented below.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    wanopt String
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection String
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt String
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer String
    WAN optimization peer.
    wanoptProfile String
    WAN optimization profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Webproxy forward server name.
    webproxyProfile String
    Webproxy profile name.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Policy Resource

    Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            app_categories: Optional[Sequence[PolicyAppCategoryArgs]] = None,
            app_groups: Optional[Sequence[PolicyAppGroupArgs]] = None,
            application_list: Optional[str] = None,
            applications: Optional[Sequence[PolicyApplicationArgs]] = None,
            auto_asic_offload: Optional[str] = None,
            av_profile: Optional[str] = None,
            captive_portal_exempt: Optional[str] = None,
            cifs_profile: Optional[str] = None,
            comments: Optional[str] = None,
            diffserv_forward: Optional[str] = None,
            diffserv_reverse: Optional[str] = None,
            diffservcode_forward: Optional[str] = None,
            diffservcode_rev: Optional[str] = None,
            dlp_sensor: Optional[str] = None,
            dnsfilter_profile: Optional[str] = None,
            dstaddr4s: Optional[Sequence[PolicyDstaddr4Args]] = None,
            dstaddr6s: Optional[Sequence[PolicyDstaddr6Args]] = None,
            dstaddr_negate: Optional[str] = None,
            dstintfs: Optional[Sequence[PolicyDstintfArgs]] = None,
            dynamic_sort_subtable: Optional[str] = None,
            emailfilter_profile: Optional[str] = None,
            fixedport: Optional[str] = None,
            fsso_groups: Optional[Sequence[PolicyFssoGroupArgs]] = None,
            get_all_tables: Optional[str] = None,
            groups: Optional[Sequence[PolicyGroupArgs]] = None,
            http_policy_redirect: Optional[str] = None,
            icap_profile: Optional[str] = None,
            inbound: Optional[str] = None,
            inspection_mode: Optional[str] = None,
            internet_service: Optional[str] = None,
            internet_service_custom_groups: Optional[Sequence[PolicyInternetServiceCustomGroupArgs]] = None,
            internet_service_customs: Optional[Sequence[PolicyInternetServiceCustomArgs]] = None,
            internet_service_groups: Optional[Sequence[PolicyInternetServiceGroupArgs]] = None,
            internet_service_ids: Optional[Sequence[PolicyInternetServiceIdArgs]] = None,
            internet_service_names: Optional[Sequence[PolicyInternetServiceNameArgs]] = None,
            internet_service_negate: Optional[str] = None,
            internet_service_src: Optional[str] = None,
            internet_service_src_custom_groups: Optional[Sequence[PolicyInternetServiceSrcCustomGroupArgs]] = None,
            internet_service_src_customs: Optional[Sequence[PolicyInternetServiceSrcCustomArgs]] = None,
            internet_service_src_groups: Optional[Sequence[PolicyInternetServiceSrcGroupArgs]] = None,
            internet_service_src_ids: Optional[Sequence[PolicyInternetServiceSrcIdArgs]] = None,
            internet_service_src_names: Optional[Sequence[PolicyInternetServiceSrcNameArgs]] = None,
            internet_service_src_negate: Optional[str] = None,
            ippool: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            logtraffic: Optional[str] = None,
            logtraffic_start: Optional[str] = None,
            name: Optional[str] = None,
            nat: Optional[str] = None,
            outbound: Optional[str] = None,
            per_ip_shaper: Optional[str] = None,
            policyid: Optional[int] = None,
            poolname4s: Optional[Sequence[PolicyPoolname4Args]] = None,
            poolname6s: Optional[Sequence[PolicyPoolname6Args]] = None,
            profile_group: Optional[str] = None,
            profile_protocol_options: Optional[str] = None,
            profile_type: Optional[str] = None,
            schedule: Optional[str] = None,
            service_negate: Optional[str] = None,
            services: Optional[Sequence[PolicyServiceArgs]] = None,
            session_ttl: Optional[int] = None,
            spamfilter_profile: Optional[str] = None,
            srcaddr4s: Optional[Sequence[PolicySrcaddr4Args]] = None,
            srcaddr6s: Optional[Sequence[PolicySrcaddr6Args]] = None,
            srcaddr_negate: Optional[str] = None,
            srcintfs: Optional[Sequence[PolicySrcintfArgs]] = None,
            ssh_filter_profile: Optional[str] = None,
            ssh_policy_redirect: Optional[str] = None,
            ssl_ssh_profile: Optional[str] = None,
            status: Optional[str] = None,
            tcp_mss_receiver: Optional[int] = None,
            tcp_mss_sender: Optional[int] = None,
            traffic_shaper: Optional[str] = None,
            traffic_shaper_reverse: Optional[str] = None,
            url_categories: Optional[Sequence[PolicyUrlCategoryArgs]] = None,
            users: Optional[Sequence[PolicyUserArgs]] = None,
            utm_status: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            voip_profile: Optional[str] = None,
            vpntunnel: Optional[str] = None,
            waf_profile: Optional[str] = None,
            wanopt: Optional[str] = None,
            wanopt_detection: Optional[str] = None,
            wanopt_passive_opt: Optional[str] = None,
            wanopt_peer: Optional[str] = None,
            wanopt_profile: Optional[str] = None,
            webcache: Optional[str] = None,
            webcache_https: Optional[str] = None,
            webfilter_profile: Optional[str] = None,
            webproxy_forward_server: Optional[str] = None,
            webproxy_profile: Optional[str] = None) -> Policy
    func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
    public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
    public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AppCategories List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyApplication>
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CaptivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolname4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyPoolname4>
    IPv4 pool names. The structure of poolname4 block is documented below.
    Poolname6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyPoolname6>
    IPv6 pool names. The structure of poolname6 block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyService>
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    Srcaddr4s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6s List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TrafficShaper string
    Traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyUrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    Users List<Pulumiverse.Fortios.Firewall.Consolidated.Inputs.PolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    WanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    WanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    WanoptPeer string
    WAN optimization peer.
    WanoptProfile string
    WAN optimization profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Webproxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AppCategories []PolicyAppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []PolicyAppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []PolicyApplicationArgs
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CaptivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dstaddr4s []PolicyDstaddr4Args
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    Dstaddr6s []PolicyDstaddr6Args
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstintfs []PolicyDstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups []PolicyFssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Groups []PolicyGroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    InternetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    InternetServiceCustomGroups []PolicyInternetServiceCustomGroupArgs
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    InternetServiceCustoms []PolicyInternetServiceCustomArgs
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    InternetServiceGroups []PolicyInternetServiceGroupArgs
    Internet Service group name. The structure of internet_service_group block is documented below.
    InternetServiceIds []PolicyInternetServiceIdArgs
    Internet Service ID. The structure of internet_service_id block is documented below.
    InternetServiceNames []PolicyInternetServiceNameArgs
    Internet Service name. The structure of internet_service_name block is documented below.
    InternetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    InternetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    InternetServiceSrcCustomGroups []PolicyInternetServiceSrcCustomGroupArgs
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    InternetServiceSrcCustoms []PolicyInternetServiceSrcCustomArgs
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    InternetServiceSrcGroups []PolicyInternetServiceSrcGroupArgs
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    InternetServiceSrcIds []PolicyInternetServiceSrcIdArgs
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    InternetServiceSrcNames []PolicyInternetServiceSrcNameArgs
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    InternetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolname4s []PolicyPoolname4Args
    IPv4 pool names. The structure of poolname4 block is documented below.
    Poolname6s []PolicyPoolname6Args
    IPv6 pool names. The structure of poolname6 block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    Schedule string
    Schedule name.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []PolicyServiceArgs
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    Srcaddr4s []PolicySrcaddr4Args
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    Srcaddr6s []PolicySrcaddr6Args
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcintfs []PolicySrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TrafficShaper string
    Traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories []PolicyUrlCategoryArgs
    URL category ID list. The structure of url_category block is documented below.
    Users []PolicyUserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    WanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    WanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    WanoptPeer string
    WAN optimization peer.
    WanoptProfile string
    WAN optimization profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Webproxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories List<PolicyAppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<PolicyAppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<PolicyApplication>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    captivePortalExempt String
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<PolicyDstaddr4>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s List<PolicyDstaddr6>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs List<PolicyDstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<PolicyFssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<PolicyGroup>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups List<PolicyInternetServiceCustomGroup>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<PolicyInternetServiceCustom>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<PolicyInternetServiceGroup>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<PolicyInternetServiceId>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<PolicyInternetServiceName>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<PolicyInternetServiceSrcCustomGroup>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<PolicyInternetServiceSrcCustom>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<PolicyInternetServiceSrcGroup>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<PolicyInternetServiceSrcId>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<PolicyInternetServiceSrcName>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Integer
    Policy ID.
    poolname4s List<PolicyPoolname4>
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s List<PolicyPoolname6>
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<PolicyService>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Integer
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddr4s List<PolicySrcaddr4>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s List<PolicySrcaddr6>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs List<PolicySrcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Integer
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Integer
    Sender TCP maximum segment size (MSS).
    trafficShaper String
    Traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<PolicyUrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    users List<PolicyUser>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    wanopt String
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection String
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt String
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer String
    WAN optimization peer.
    wanoptProfile String
    WAN optimization profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Webproxy forward server name.
    webproxyProfile String
    Webproxy profile name.
    action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories PolicyAppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups PolicyAppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications PolicyApplication[]
    Application ID list. The structure of application block is documented below.
    autoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile string
    Name of an existing Antivirus profile.
    captivePortalExempt string
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    diffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward string
    Change packet's DiffServ to this value.
    diffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dstaddr4s PolicyDstaddr4[]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s PolicyDstaddr6[]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs PolicyDstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups PolicyFssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups PolicyGroup[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile string
    Name of an existing ICAP profile.
    inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService string
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups PolicyInternetServiceCustomGroup[]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms PolicyInternetServiceCustom[]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups PolicyInternetServiceGroup[]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds PolicyInternetServiceId[]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames PolicyInternetServiceName[]
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate string
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc string
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups PolicyInternetServiceSrcCustomGroup[]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms PolicyInternetServiceSrcCustom[]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups PolicyInternetServiceSrcGroup[]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds PolicyInternetServiceSrcId[]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames PolicyInternetServiceSrcName[]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate string
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat string
    Enable/disable source NAT. Valid values: enable, disable.
    outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper string
    Per-IP traffic shaper.
    policyid number
    Policy ID.
    poolname4s PolicyPoolname4[]
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s PolicyPoolname6[]
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule string
    Schedule name.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services PolicyService[]
    Service and service group names. The structure of service block is documented below.
    sessionTtl number
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile string
    Name of an existing Spam filter profile.
    srcaddr4s PolicySrcaddr4[]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s PolicySrcaddr6[]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs PolicySrcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender number
    Sender TCP maximum segment size (MSS).
    trafficShaper string
    Traffic shaper.
    trafficShaperReverse string
    Reverse traffic shaper.
    urlCategories PolicyUrlCategory[]
    URL category ID list. The structure of url_category block is documented below.
    users PolicyUser[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile string
    Name of an existing VoIP profile.
    vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile string
    Name of an existing Web application firewall profile.
    wanopt string
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection string
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt string
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer string
    WAN optimization peer.
    wanoptProfile string
    WAN optimization profile.
    webcache string
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile string
    Name of an existing Web filter profile.
    webproxyForwardServer string
    Webproxy forward server name.
    webproxyProfile string
    Webproxy profile name.
    action str
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    app_categories Sequence[PolicyAppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[PolicyAppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[PolicyApplicationArgs]
    Application ID list. The structure of application block is documented below.
    auto_asic_offload str
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    av_profile str
    Name of an existing Antivirus profile.
    captive_portal_exempt str
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    diffserv_forward str
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffserv_reverse str
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcode_forward str
    Change packet's DiffServ to this value.
    diffservcode_rev str
    Change packet's reverse (reply) DiffServ to this value.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dstaddr4s Sequence[PolicyDstaddr4Args]
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s Sequence[PolicyDstaddr6Args]
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddr_negate str
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs Sequence[PolicyDstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    fixedport str
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fsso_groups Sequence[PolicyFssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups Sequence[PolicyGroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    http_policy_redirect str
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icap_profile str
    Name of an existing ICAP profile.
    inbound str
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspection_mode str
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internet_service str
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internet_service_custom_groups Sequence[PolicyInternetServiceCustomGroupArgs]
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internet_service_customs Sequence[PolicyInternetServiceCustomArgs]
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internet_service_groups Sequence[PolicyInternetServiceGroupArgs]
    Internet Service group name. The structure of internet_service_group block is documented below.
    internet_service_ids Sequence[PolicyInternetServiceIdArgs]
    Internet Service ID. The structure of internet_service_id block is documented below.
    internet_service_names Sequence[PolicyInternetServiceNameArgs]
    Internet Service name. The structure of internet_service_name block is documented below.
    internet_service_negate str
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internet_service_src str
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internet_service_src_custom_groups Sequence[PolicyInternetServiceSrcCustomGroupArgs]
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internet_service_src_customs Sequence[PolicyInternetServiceSrcCustomArgs]
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internet_service_src_groups Sequence[PolicyInternetServiceSrcGroupArgs]
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internet_service_src_ids Sequence[PolicyInternetServiceSrcIdArgs]
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internet_service_src_names Sequence[PolicyInternetServiceSrcNameArgs]
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internet_service_src_negate str
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool str
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat str
    Enable/disable source NAT. Valid values: enable, disable.
    outbound str
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    per_ip_shaper str
    Per-IP traffic shaper.
    policyid int
    Policy ID.
    poolname4s Sequence[PolicyPoolname4Args]
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s Sequence[PolicyPoolname6Args]
    IPv6 pool names. The structure of poolname6 block is documented below.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule str
    Schedule name.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[PolicyServiceArgs]
    Service and service group names. The structure of service block is documented below.
    session_ttl int
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilter_profile str
    Name of an existing Spam filter profile.
    srcaddr4s Sequence[PolicySrcaddr4Args]
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s Sequence[PolicySrcaddr6Args]
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddr_negate str
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs Sequence[PolicySrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssh_policy_redirect str
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    tcp_mss_receiver int
    Receiver TCP maximum segment size (MSS).
    tcp_mss_sender int
    Sender TCP maximum segment size (MSS).
    traffic_shaper str
    Traffic shaper.
    traffic_shaper_reverse str
    Reverse traffic shaper.
    url_categories Sequence[PolicyUrlCategoryArgs]
    URL category ID list. The structure of url_category block is documented below.
    users Sequence[PolicyUserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voip_profile str
    Name of an existing VoIP profile.
    vpntunnel str
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    waf_profile str
    Name of an existing Web application firewall profile.
    wanopt str
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanopt_detection str
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanopt_passive_opt str
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanopt_peer str
    WAN optimization peer.
    wanopt_profile str
    WAN optimization profile.
    webcache str
    Enable/disable web cache. Valid values: enable, disable.
    webcache_https str
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilter_profile str
    Name of an existing Web filter profile.
    webproxy_forward_server str
    Webproxy forward server name.
    webproxy_profile str
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    captivePortalExempt String
    Enable exemption of some users from the captive portal. Valid values: enable, disable.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dstaddr4s List<Property Map>
    Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
    dstaddr6s List<Property Map>
    Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    internetService String
    Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
    internetServiceCustomGroups List<Property Map>
    Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
    internetServiceCustoms List<Property Map>
    Custom Internet Service name. The structure of internet_service_custom block is documented below.
    internetServiceGroups List<Property Map>
    Internet Service group name. The structure of internet_service_group block is documented below.
    internetServiceIds List<Property Map>
    Internet Service ID. The structure of internet_service_id block is documented below.
    internetServiceNames List<Property Map>
    Internet Service name. The structure of internet_service_name block is documented below.
    internetServiceNegate String
    When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
    internetServiceSrc String
    Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
    internetServiceSrcCustomGroups List<Property Map>
    Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
    internetServiceSrcCustoms List<Property Map>
    Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
    internetServiceSrcGroups List<Property Map>
    Internet Service source group name. The structure of internet_service_src_group block is documented below.
    internetServiceSrcIds List<Property Map>
    Internet Service source ID. The structure of internet_service_src_id block is documented below.
    internetServiceSrcNames List<Property Map>
    Internet Service source name. The structure of internet_service_src_name block is documented below.
    internetServiceSrcNegate String
    When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Number
    Policy ID.
    poolname4s List<Property Map>
    IPv4 pool names. The structure of poolname4 block is documented below.
    poolname6s List<Property Map>
    IPv6 pool names. The structure of poolname6 block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    schedule String
    Schedule name.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Number
    TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddr4s List<Property Map>
    Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
    srcaddr6s List<Property Map>
    Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Number
    Sender TCP maximum segment size (MSS).
    trafficShaper String
    Traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Property Map>
    URL category ID list. The structure of url_category block is documented below.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    wanopt String
    Enable/disable WAN optimization. Valid values: enable, disable.
    wanoptDetection String
    WAN optimization auto-detection mode. Valid values: active, passive, off.
    wanoptPassiveOpt String
    WAN optimization passive mode options. This option decides what IP address will be used to connect to server. Valid values: default, transparent, non-transparent.
    wanoptPeer String
    WAN optimization peer.
    wanoptProfile String
    WAN optimization profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Webproxy forward server name.
    webproxyProfile String
    Webproxy profile name.

    Supporting Types

    PolicyAppCategory, PolicyAppCategoryArgs

    Id int
    Category IDs.
    Id int
    Category IDs.
    id Integer
    Category IDs.
    id number
    Category IDs.
    id int
    Category IDs.
    id Number
    Category IDs.

    PolicyAppGroup, PolicyAppGroupArgs

    Name string
    Application group names.
    Name string
    Application group names.
    name String
    Application group names.
    name string
    Application group names.
    name str
    Application group names.
    name String
    Application group names.

    PolicyApplication, PolicyApplicationArgs

    Id int
    Application IDs.
    Id int
    Application IDs.
    id Integer
    Application IDs.
    id number
    Application IDs.
    id int
    Application IDs.
    id Number
    Application IDs.

    PolicyDstaddr4, PolicyDstaddr4Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicyDstaddr6, PolicyDstaddr6Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicyDstintf, PolicyDstintfArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    PolicyFssoGroup, PolicyFssoGroupArgs

    Name string
    Names of FSSO groups.
    Name string
    Names of FSSO groups.
    name String
    Names of FSSO groups.
    name string
    Names of FSSO groups.
    name str
    Names of FSSO groups.
    name String
    Names of FSSO groups.

    PolicyGroup, PolicyGroupArgs

    Name string
    Group name.
    Name string
    Group name.
    name String
    Group name.
    name string
    Group name.
    name str
    Group name.
    name String
    Group name.

    PolicyInternetServiceCustom, PolicyInternetServiceCustomArgs

    Name string
    Custom Internet Service name.
    Name string
    Custom Internet Service name.
    name String
    Custom Internet Service name.
    name string
    Custom Internet Service name.
    name str
    Custom Internet Service name.
    name String
    Custom Internet Service name.

    PolicyInternetServiceCustomGroup, PolicyInternetServiceCustomGroupArgs

    Name string
    Custom Internet Service group name.
    Name string
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.
    name string
    Custom Internet Service group name.
    name str
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.

    PolicyInternetServiceGroup, PolicyInternetServiceGroupArgs

    Name string
    Internet Service group name.
    Name string
    Internet Service group name.
    name String
    Internet Service group name.
    name string
    Internet Service group name.
    name str
    Internet Service group name.
    name String
    Internet Service group name.

    PolicyInternetServiceId, PolicyInternetServiceIdArgs

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    PolicyInternetServiceName, PolicyInternetServiceNameArgs

    Name string
    Internet Service name.
    Name string
    Internet Service name.
    name String
    Internet Service name.
    name string
    Internet Service name.
    name str
    Internet Service name.
    name String
    Internet Service name.

    PolicyInternetServiceSrcCustom, PolicyInternetServiceSrcCustomArgs

    Name string
    Custom Internet Service name.
    Name string
    Custom Internet Service name.
    name String
    Custom Internet Service name.
    name string
    Custom Internet Service name.
    name str
    Custom Internet Service name.
    name String
    Custom Internet Service name.

    PolicyInternetServiceSrcCustomGroup, PolicyInternetServiceSrcCustomGroupArgs

    Name string
    Custom Internet Service group name.
    Name string
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.
    name string
    Custom Internet Service group name.
    name str
    Custom Internet Service group name.
    name String
    Custom Internet Service group name.

    PolicyInternetServiceSrcGroup, PolicyInternetServiceSrcGroupArgs

    Name string
    Internet Service group name.
    Name string
    Internet Service group name.
    name String
    Internet Service group name.
    name string
    Internet Service group name.
    name str
    Internet Service group name.
    name String
    Internet Service group name.

    PolicyInternetServiceSrcId, PolicyInternetServiceSrcIdArgs

    Id int
    Internet Service ID.
    Id int
    Internet Service ID.
    id Integer
    Internet Service ID.
    id number
    Internet Service ID.
    id int
    Internet Service ID.
    id Number
    Internet Service ID.

    PolicyInternetServiceSrcName, PolicyInternetServiceSrcNameArgs

    Name string
    Internet Service name.
    Name string
    Internet Service name.
    name String
    Internet Service name.
    name string
    Internet Service name.
    name str
    Internet Service name.
    name String
    Internet Service name.

    PolicyPoolname4, PolicyPoolname4Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicyPoolname6, PolicyPoolname6Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicyService, PolicyServiceArgs

    Name string
    Service name.
    Name string
    Service name.
    name String
    Service name.
    name string
    Service name.
    name str
    Service name.
    name String
    Service name.

    PolicySrcaddr4, PolicySrcaddr4Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicySrcaddr6, PolicySrcaddr6Args

    Name string
    Policy name.
    Name string
    Policy name.
    name String
    Policy name.
    name string
    Policy name.
    name str
    Policy name.
    name String
    Policy name.

    PolicySrcintf, PolicySrcintfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    PolicyUrlCategory, PolicyUrlCategoryArgs

    Id int
    URL category ID.
    Id int
    URL category ID.
    id Integer
    URL category ID.
    id number
    URL category ID.
    id int
    URL category ID.
    id Number
    URL category ID.

    PolicyUser, PolicyUserArgs

    Name string
    IPv6 pool name.
    Name string
    IPv6 pool name.
    name String
    IPv6 pool name.
    name string
    IPv6 pool name.
    name str
    IPv6 pool name.
    name String
    IPv6 pool name.

    Import

    FirewallConsolidated Policy can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/consolidated/policy:Policy labelname {{policyid}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/consolidated/policy:Policy labelname {{policyid}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse