Fortios v0.0.6, Jul 9 24

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.Securitypolicy

Explore with Pulumi AI

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";

const trname = new fortios.firewall.Securitypolicy("trname", {
    action: "accept",
    dstaddrs: [{
        name: "all",
    }],
    dstintfs: [{
        name: "port4",
    }],
    logtraffic: "utm",
    policyid: 1,
    profileProtocolOptions: "default",
    profileType: "single",
    schedule: "always",
    srcaddrs: [{
        name: "all",
    }],
    srcintfs: [{
        name: "port2",
    }],
    status: "enable",
});

import pulumi
import pulumiverse_fortios as fortios

trname = fortios.firewall.Securitypolicy("trname",
    action="accept",
    dstaddrs=[fortios.firewall.SecuritypolicyDstaddrArgs(
        name="all",
    )],
    dstintfs=[fortios.firewall.SecuritypolicyDstintfArgs(
        name="port4",
    )],
    logtraffic="utm",
    policyid=1,
    profile_protocol_options="default",
    profile_type="single",
    schedule="always",
    srcaddrs=[fortios.firewall.SecuritypolicySrcaddrArgs(
        name="all",
    )],
    srcintfs=[fortios.firewall.SecuritypolicySrcintfArgs(
        name="port2",
    )],
    status="enable")

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firewall.NewSecuritypolicy(ctx, "trname", &firewall.SecuritypolicyArgs{
			Action: pulumi.String("accept"),
			Dstaddrs: firewall.SecuritypolicyDstaddrArray{
				&firewall.SecuritypolicyDstaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			Dstintfs: firewall.SecuritypolicyDstintfArray{
				&firewall.SecuritypolicyDstintfArgs{
					Name: pulumi.String("port4"),
				},
			},
			Logtraffic:             pulumi.String("utm"),
			Policyid:               pulumi.Int(1),
			ProfileProtocolOptions: pulumi.String("default"),
			ProfileType:            pulumi.String("single"),
			Schedule:               pulumi.String("always"),
			Srcaddrs: firewall.SecuritypolicySrcaddrArray{
				&firewall.SecuritypolicySrcaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			Srcintfs: firewall.SecuritypolicySrcintfArray{
				&firewall.SecuritypolicySrcintfArgs{
					Name: pulumi.String("port2"),
				},
			},
			Status: pulumi.String("enable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Firewall.Securitypolicy("trname", new()
    {
        Action = "accept",
        Dstaddrs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
            {
                Name = "all",
            },
        },
        Dstintfs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
            {
                Name = "port4",
            },
        },
        Logtraffic = "utm",
        Policyid = 1,
        ProfileProtocolOptions = "default",
        ProfileType = "single",
        Schedule = "always",
        Srcaddrs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
            {
                Name = "all",
            },
        },
        Srcintfs = new[]
        {
            new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
            {
                Name = "port2",
            },
        },
        Status = "enable",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Securitypolicy;
import com.pulumi.fortios.firewall.SecuritypolicyArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstaddrArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicyDstintfArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.SecuritypolicySrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new Securitypolicy("trname", SecuritypolicyArgs.builder()
            .action("accept")
            .dstaddrs(SecuritypolicyDstaddrArgs.builder()
                .name("all")
                .build())
            .dstintfs(SecuritypolicyDstintfArgs.builder()
                .name("port4")
                .build())
            .logtraffic("utm")
            .policyid(1)
            .profileProtocolOptions("default")
            .profileType("single")
            .schedule("always")
            .srcaddrs(SecuritypolicySrcaddrArgs.builder()
                .name("all")
                .build())
            .srcintfs(SecuritypolicySrcintfArgs.builder()
                .name("port2")
                .build())
            .status("enable")
            .build());

    }
}

resources:
  trname:
    type: fortios:firewall:Securitypolicy
    properties:
      action: accept
      dstaddrs:
        - name: all
      dstintfs:
        - name: port4
      logtraffic: utm
      policyid: 1
      profileProtocolOptions: default
      profileType: single
      schedule: always
      srcaddrs:
        - name: all
      srcintfs:
        - name: port2
      status: enable

Create Securitypolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Securitypolicy(name: string, args?: SecuritypolicyArgs, opts?: CustomResourceOptions);

@overload
def Securitypolicy(resource_name: str,
                   args: Optional[SecuritypolicyArgs] = None,
                   opts: Optional[ResourceOptions] = None)

@overload
def Securitypolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   action: Optional[str] = None,
                   app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
                   app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
                   application_list: Optional[str] = None,
                   applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
                   av_profile: Optional[str] = None,
                   casb_profile: Optional[str] = None,
                   cifs_profile: Optional[str] = None,
                   comments: Optional[str] = None,
                   diameter_filter_profile: Optional[str] = None,
                   dlp_profile: Optional[str] = None,
                   dlp_sensor: Optional[str] = None,
                   dnsfilter_profile: Optional[str] = None,
                   dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
                   dstaddr6_negate: Optional[str] = None,
                   dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
                   dstaddr_negate: Optional[str] = None,
                   dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
                   dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
                   dynamic_sort_subtable: Optional[str] = None,
                   emailfilter_profile: Optional[str] = None,
                   enforce_default_app_port: Optional[str] = None,
                   file_filter_profile: Optional[str] = None,
                   fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
                   get_all_tables: Optional[str] = None,
                   groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
                   icap_profile: Optional[str] = None,
                   internet_service: Optional[str] = None,
                   internet_service6: Optional[str] = None,
                   internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
                   internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
                   internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
                   internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
                   internet_service6_negate: Optional[str] = None,
                   internet_service6_src: Optional[str] = None,
                   internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
                   internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
                   internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
                   internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
                   internet_service6_src_negate: Optional[str] = None,
                   internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
                   internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
                   internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
                   internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
                   internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
                   internet_service_negate: Optional[str] = None,
                   internet_service_src: Optional[str] = None,
                   internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
                   internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
                   internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
                   internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
                   internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
                   internet_service_src_negate: Optional[str] = None,
                   ips_sensor: Optional[str] = None,
                   ips_voip_filter: Optional[str] = None,
                   learning_mode: Optional[str] = None,
                   logtraffic: Optional[str] = None,
                   logtraffic_start: Optional[str] = None,
                   name: Optional[str] = None,
                   nat46: Optional[str] = None,
                   nat64: Optional[str] = None,
                   policyid: Optional[int] = None,
                   profile_group: Optional[str] = None,
                   profile_protocol_options: Optional[str] = None,
                   profile_type: Optional[str] = None,
                   schedule: Optional[str] = None,
                   sctp_filter_profile: Optional[str] = None,
                   send_deny_packet: Optional[str] = None,
                   service_negate: Optional[str] = None,
                   services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
                   srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
                   srcaddr6_negate: Optional[str] = None,
                   srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
                   srcaddr_negate: Optional[str] = None,
                   srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
                   srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
                   ssh_filter_profile: Optional[str] = None,
                   ssl_ssh_profile: Optional[str] = None,
                   status: Optional[str] = None,
                   url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
                   url_category_unitary: Optional[str] = None,
                   users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
                   uuid: Optional[str] = None,
                   vdomparam: Optional[str] = None,
                   videofilter_profile: Optional[str] = None,
                   virtual_patch_profile: Optional[str] = None,
                   voip_profile: Optional[str] = None,
                   webfilter_profile: Optional[str] = None)

func NewSecuritypolicy(ctx *Context, name string, args *SecuritypolicyArgs, opts ...ResourceOption) (*Securitypolicy, error)

public Securitypolicy(string name, SecuritypolicyArgs? args = null, CustomResourceOptions? opts = null)

public Securitypolicy(String name, SecuritypolicyArgs args)
public Securitypolicy(String name, SecuritypolicyArgs args, CustomResourceOptions options)

type: fortios:firewall:Securitypolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecuritypolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecuritypolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecuritypolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecuritypolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecuritypolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securitypolicyResource = new Fortios.Firewall.Securitypolicy("securitypolicyResource", new()
{
    Action = "string",
    AppCategories = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyAppCategoryArgs
        {
            Id = 0,
        },
    },
    AppGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyAppGroupArgs
        {
            Name = "string",
        },
    },
    ApplicationList = "string",
    Applications = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyApplicationArgs
        {
            Id = 0,
        },
    },
    AvProfile = "string",
    CasbProfile = "string",
    CifsProfile = "string",
    Comments = "string",
    DiameterFilterProfile = "string",
    DlpProfile = "string",
    DlpSensor = "string",
    DnsfilterProfile = "string",
    Dstaddr4s = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyDstaddr4Args
        {
            Name = "string",
        },
    },
    Dstaddr6Negate = "string",
    Dstaddr6s = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyDstaddr6Args
        {
            Name = "string",
        },
    },
    DstaddrNegate = "string",
    Dstaddrs = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyDstaddrArgs
        {
            Name = "string",
        },
    },
    Dstintfs = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyDstintfArgs
        {
            Name = "string",
        },
    },
    DynamicSortSubtable = "string",
    EmailfilterProfile = "string",
    EnforceDefaultAppPort = "string",
    FileFilterProfile = "string",
    FssoGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyFssoGroupArgs
        {
            Name = "string",
        },
    },
    GetAllTables = "string",
    Groups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyGroupArgs
        {
            Name = "string",
        },
    },
    IcapProfile = "string",
    InternetService = "string",
    InternetService6 = "string",
    InternetService6CustomGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroupArgs
        {
            Name = "string",
        },
    },
    InternetService6Customs = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomArgs
        {
            Name = "string",
        },
    },
    InternetService6Groups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6GroupArgs
        {
            Name = "string",
        },
    },
    InternetService6Names = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6NameArgs
        {
            Name = "string",
        },
    },
    InternetService6Negate = "string",
    InternetService6Src = "string",
    InternetService6SrcCustomGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroupArgs
        {
            Name = "string",
        },
    },
    InternetService6SrcCustoms = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomArgs
        {
            Name = "string",
        },
    },
    InternetService6SrcGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroupArgs
        {
            Name = "string",
        },
    },
    InternetService6SrcNames = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcNameArgs
        {
            Name = "string",
        },
    },
    InternetService6SrcNegate = "string",
    InternetServiceCustomGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroupArgs
        {
            Name = "string",
        },
    },
    InternetServiceCustoms = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomArgs
        {
            Name = "string",
        },
    },
    InternetServiceGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroupArgs
        {
            Name = "string",
        },
    },
    InternetServiceIds = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceIdArgs
        {
            Id = 0,
        },
    },
    InternetServiceNames = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceNameArgs
        {
            Name = "string",
        },
    },
    InternetServiceNegate = "string",
    InternetServiceSrc = "string",
    InternetServiceSrcCustomGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroupArgs
        {
            Name = "string",
        },
    },
    InternetServiceSrcCustoms = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomArgs
        {
            Name = "string",
        },
    },
    InternetServiceSrcGroups = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroupArgs
        {
            Name = "string",
        },
    },
    InternetServiceSrcIds = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcIdArgs
        {
            Id = 0,
        },
    },
    InternetServiceSrcNames = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcNameArgs
        {
            Name = "string",
        },
    },
    InternetServiceSrcNegate = "string",
    IpsSensor = "string",
    IpsVoipFilter = "string",
    LearningMode = "string",
    Logtraffic = "string",
    LogtrafficStart = "string",
    Name = "string",
    Nat46 = "string",
    Nat64 = "string",
    Policyid = 0,
    ProfileGroup = "string",
    ProfileProtocolOptions = "string",
    ProfileType = "string",
    Schedule = "string",
    SctpFilterProfile = "string",
    SendDenyPacket = "string",
    ServiceNegate = "string",
    Services = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyServiceArgs
        {
            Name = "string",
        },
    },
    Srcaddr4s = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicySrcaddr4Args
        {
            Name = "string",
        },
    },
    Srcaddr6Negate = "string",
    Srcaddr6s = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicySrcaddr6Args
        {
            Name = "string",
        },
    },
    SrcaddrNegate = "string",
    Srcaddrs = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicySrcaddrArgs
        {
            Name = "string",
        },
    },
    Srcintfs = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicySrcintfArgs
        {
            Name = "string",
        },
    },
    SshFilterProfile = "string",
    SslSshProfile = "string",
    Status = "string",
    UrlCategories = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyUrlCategoryArgs
        {
            Id = 0,
        },
    },
    UrlCategoryUnitary = "string",
    Users = new[]
    {
        new Fortios.Firewall.Inputs.SecuritypolicyUserArgs
        {
            Name = "string",
        },
    },
    Uuid = "string",
    Vdomparam = "string",
    VideofilterProfile = "string",
    VirtualPatchProfile = "string",
    VoipProfile = "string",
    WebfilterProfile = "string",
});

example, err := firewall.NewSecuritypolicy(ctx, "securitypolicyResource", &firewall.SecuritypolicyArgs{
	Action: pulumi.String("string"),
	AppCategories: firewall.SecuritypolicyAppCategoryArray{
		&firewall.SecuritypolicyAppCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	AppGroups: firewall.SecuritypolicyAppGroupArray{
		&firewall.SecuritypolicyAppGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	ApplicationList: pulumi.String("string"),
	Applications: firewall.SecuritypolicyApplicationArray{
		&firewall.SecuritypolicyApplicationArgs{
			Id: pulumi.Int(0),
		},
	},
	AvProfile:             pulumi.String("string"),
	CasbProfile:           pulumi.String("string"),
	CifsProfile:           pulumi.String("string"),
	Comments:              pulumi.String("string"),
	DiameterFilterProfile: pulumi.String("string"),
	DlpProfile:            pulumi.String("string"),
	DlpSensor:             pulumi.String("string"),
	DnsfilterProfile:      pulumi.String("string"),
	Dstaddr4s: firewall.SecuritypolicyDstaddr4Array{
		&firewall.SecuritypolicyDstaddr4Args{
			Name: pulumi.String("string"),
		},
	},
	Dstaddr6Negate: pulumi.String("string"),
	Dstaddr6s: firewall.SecuritypolicyDstaddr6Array{
		&firewall.SecuritypolicyDstaddr6Args{
			Name: pulumi.String("string"),
		},
	},
	DstaddrNegate: pulumi.String("string"),
	Dstaddrs: firewall.SecuritypolicyDstaddrArray{
		&firewall.SecuritypolicyDstaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Dstintfs: firewall.SecuritypolicyDstintfArray{
		&firewall.SecuritypolicyDstintfArgs{
			Name: pulumi.String("string"),
		},
	},
	DynamicSortSubtable:   pulumi.String("string"),
	EmailfilterProfile:    pulumi.String("string"),
	EnforceDefaultAppPort: pulumi.String("string"),
	FileFilterProfile:     pulumi.String("string"),
	FssoGroups: firewall.SecuritypolicyFssoGroupArray{
		&firewall.SecuritypolicyFssoGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	GetAllTables: pulumi.String("string"),
	Groups: firewall.SecuritypolicyGroupArray{
		&firewall.SecuritypolicyGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	IcapProfile:      pulumi.String("string"),
	InternetService:  pulumi.String("string"),
	InternetService6: pulumi.String("string"),
	InternetService6CustomGroups: firewall.SecuritypolicyInternetService6CustomGroupArray{
		&firewall.SecuritypolicyInternetService6CustomGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6Customs: firewall.SecuritypolicyInternetService6CustomArray{
		&firewall.SecuritypolicyInternetService6CustomArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6Groups: firewall.SecuritypolicyInternetService6GroupArray{
		&firewall.SecuritypolicyInternetService6GroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6Names: firewall.SecuritypolicyInternetService6NameArray{
		&firewall.SecuritypolicyInternetService6NameArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6Negate: pulumi.String("string"),
	InternetService6Src:    pulumi.String("string"),
	InternetService6SrcCustomGroups: firewall.SecuritypolicyInternetService6SrcCustomGroupArray{
		&firewall.SecuritypolicyInternetService6SrcCustomGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6SrcCustoms: firewall.SecuritypolicyInternetService6SrcCustomArray{
		&firewall.SecuritypolicyInternetService6SrcCustomArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6SrcGroups: firewall.SecuritypolicyInternetService6SrcGroupArray{
		&firewall.SecuritypolicyInternetService6SrcGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6SrcNames: firewall.SecuritypolicyInternetService6SrcNameArray{
		&firewall.SecuritypolicyInternetService6SrcNameArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetService6SrcNegate: pulumi.String("string"),
	InternetServiceCustomGroups: firewall.SecuritypolicyInternetServiceCustomGroupArray{
		&firewall.SecuritypolicyInternetServiceCustomGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceCustoms: firewall.SecuritypolicyInternetServiceCustomArray{
		&firewall.SecuritypolicyInternetServiceCustomArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceGroups: firewall.SecuritypolicyInternetServiceGroupArray{
		&firewall.SecuritypolicyInternetServiceGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceIds: firewall.SecuritypolicyInternetServiceIdArray{
		&firewall.SecuritypolicyInternetServiceIdArgs{
			Id: pulumi.Int(0),
		},
	},
	InternetServiceNames: firewall.SecuritypolicyInternetServiceNameArray{
		&firewall.SecuritypolicyInternetServiceNameArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceNegate: pulumi.String("string"),
	InternetServiceSrc:    pulumi.String("string"),
	InternetServiceSrcCustomGroups: firewall.SecuritypolicyInternetServiceSrcCustomGroupArray{
		&firewall.SecuritypolicyInternetServiceSrcCustomGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceSrcCustoms: firewall.SecuritypolicyInternetServiceSrcCustomArray{
		&firewall.SecuritypolicyInternetServiceSrcCustomArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceSrcGroups: firewall.SecuritypolicyInternetServiceSrcGroupArray{
		&firewall.SecuritypolicyInternetServiceSrcGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceSrcIds: firewall.SecuritypolicyInternetServiceSrcIdArray{
		&firewall.SecuritypolicyInternetServiceSrcIdArgs{
			Id: pulumi.Int(0),
		},
	},
	InternetServiceSrcNames: firewall.SecuritypolicyInternetServiceSrcNameArray{
		&firewall.SecuritypolicyInternetServiceSrcNameArgs{
			Name: pulumi.String("string"),
		},
	},
	InternetServiceSrcNegate: pulumi.String("string"),
	IpsSensor:                pulumi.String("string"),
	IpsVoipFilter:            pulumi.String("string"),
	LearningMode:             pulumi.String("string"),
	Logtraffic:               pulumi.String("string"),
	LogtrafficStart:          pulumi.String("string"),
	Name:                     pulumi.String("string"),
	Nat46:                    pulumi.String("string"),
	Nat64:                    pulumi.String("string"),
	Policyid:                 pulumi.Int(0),
	ProfileGroup:             pulumi.String("string"),
	ProfileProtocolOptions:   pulumi.String("string"),
	ProfileType:              pulumi.String("string"),
	Schedule:                 pulumi.String("string"),
	SctpFilterProfile:        pulumi.String("string"),
	SendDenyPacket:           pulumi.String("string"),
	ServiceNegate:            pulumi.String("string"),
	Services: firewall.SecuritypolicyServiceArray{
		&firewall.SecuritypolicyServiceArgs{
			Name: pulumi.String("string"),
		},
	},
	Srcaddr4s: firewall.SecuritypolicySrcaddr4Array{
		&firewall.SecuritypolicySrcaddr4Args{
			Name: pulumi.String("string"),
		},
	},
	Srcaddr6Negate: pulumi.String("string"),
	Srcaddr6s: firewall.SecuritypolicySrcaddr6Array{
		&firewall.SecuritypolicySrcaddr6Args{
			Name: pulumi.String("string"),
		},
	},
	SrcaddrNegate: pulumi.String("string"),
	Srcaddrs: firewall.SecuritypolicySrcaddrArray{
		&firewall.SecuritypolicySrcaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Srcintfs: firewall.SecuritypolicySrcintfArray{
		&firewall.SecuritypolicySrcintfArgs{
			Name: pulumi.String("string"),
		},
	},
	SshFilterProfile: pulumi.String("string"),
	SslSshProfile:    pulumi.String("string"),
	Status:           pulumi.String("string"),
	UrlCategories: firewall.SecuritypolicyUrlCategoryArray{
		&firewall.SecuritypolicyUrlCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	UrlCategoryUnitary: pulumi.String("string"),
	Users: firewall.SecuritypolicyUserArray{
		&firewall.SecuritypolicyUserArgs{
			Name: pulumi.String("string"),
		},
	},
	Uuid:                pulumi.String("string"),
	Vdomparam:           pulumi.String("string"),
	VideofilterProfile:  pulumi.String("string"),
	VirtualPatchProfile: pulumi.String("string"),
	VoipProfile:         pulumi.String("string"),
	WebfilterProfile:    pulumi.String("string"),
})

var securitypolicyResource = new Securitypolicy("securitypolicyResource", SecuritypolicyArgs.builder()
    .action("string")
    .appCategories(SecuritypolicyAppCategoryArgs.builder()
        .id(0)
        .build())
    .appGroups(SecuritypolicyAppGroupArgs.builder()
        .name("string")
        .build())
    .applicationList("string")
    .applications(SecuritypolicyApplicationArgs.builder()
        .id(0)
        .build())
    .avProfile("string")
    .casbProfile("string")
    .cifsProfile("string")
    .comments("string")
    .diameterFilterProfile("string")
    .dlpProfile("string")
    .dlpSensor("string")
    .dnsfilterProfile("string")
    .dstaddr4s(SecuritypolicyDstaddr4Args.builder()
        .name("string")
        .build())
    .dstaddr6Negate("string")
    .dstaddr6s(SecuritypolicyDstaddr6Args.builder()
        .name("string")
        .build())
    .dstaddrNegate("string")
    .dstaddrs(SecuritypolicyDstaddrArgs.builder()
        .name("string")
        .build())
    .dstintfs(SecuritypolicyDstintfArgs.builder()
        .name("string")
        .build())
    .dynamicSortSubtable("string")
    .emailfilterProfile("string")
    .enforceDefaultAppPort("string")
    .fileFilterProfile("string")
    .fssoGroups(SecuritypolicyFssoGroupArgs.builder()
        .name("string")
        .build())
    .getAllTables("string")
    .groups(SecuritypolicyGroupArgs.builder()
        .name("string")
        .build())
    .icapProfile("string")
    .internetService("string")
    .internetService6("string")
    .internetService6CustomGroups(SecuritypolicyInternetService6CustomGroupArgs.builder()
        .name("string")
        .build())
    .internetService6Customs(SecuritypolicyInternetService6CustomArgs.builder()
        .name("string")
        .build())
    .internetService6Groups(SecuritypolicyInternetService6GroupArgs.builder()
        .name("string")
        .build())
    .internetService6Names(SecuritypolicyInternetService6NameArgs.builder()
        .name("string")
        .build())
    .internetService6Negate("string")
    .internetService6Src("string")
    .internetService6SrcCustomGroups(SecuritypolicyInternetService6SrcCustomGroupArgs.builder()
        .name("string")
        .build())
    .internetService6SrcCustoms(SecuritypolicyInternetService6SrcCustomArgs.builder()
        .name("string")
        .build())
    .internetService6SrcGroups(SecuritypolicyInternetService6SrcGroupArgs.builder()
        .name("string")
        .build())
    .internetService6SrcNames(SecuritypolicyInternetService6SrcNameArgs.builder()
        .name("string")
        .build())
    .internetService6SrcNegate("string")
    .internetServiceCustomGroups(SecuritypolicyInternetServiceCustomGroupArgs.builder()
        .name("string")
        .build())
    .internetServiceCustoms(SecuritypolicyInternetServiceCustomArgs.builder()
        .name("string")
        .build())
    .internetServiceGroups(SecuritypolicyInternetServiceGroupArgs.builder()
        .name("string")
        .build())
    .internetServiceIds(SecuritypolicyInternetServiceIdArgs.builder()
        .id(0)
        .build())
    .internetServiceNames(SecuritypolicyInternetServiceNameArgs.builder()
        .name("string")
        .build())
    .internetServiceNegate("string")
    .internetServiceSrc("string")
    .internetServiceSrcCustomGroups(SecuritypolicyInternetServiceSrcCustomGroupArgs.builder()
        .name("string")
        .build())
    .internetServiceSrcCustoms(SecuritypolicyInternetServiceSrcCustomArgs.builder()
        .name("string")
        .build())
    .internetServiceSrcGroups(SecuritypolicyInternetServiceSrcGroupArgs.builder()
        .name("string")
        .build())
    .internetServiceSrcIds(SecuritypolicyInternetServiceSrcIdArgs.builder()
        .id(0)
        .build())
    .internetServiceSrcNames(SecuritypolicyInternetServiceSrcNameArgs.builder()
        .name("string")
        .build())
    .internetServiceSrcNegate("string")
    .ipsSensor("string")
    .ipsVoipFilter("string")
    .learningMode("string")
    .logtraffic("string")
    .logtrafficStart("string")
    .name("string")
    .nat46("string")
    .nat64("string")
    .policyid(0)
    .profileGroup("string")
    .profileProtocolOptions("string")
    .profileType("string")
    .schedule("string")
    .sctpFilterProfile("string")
    .sendDenyPacket("string")
    .serviceNegate("string")
    .services(SecuritypolicyServiceArgs.builder()
        .name("string")
        .build())
    .srcaddr4s(SecuritypolicySrcaddr4Args.builder()
        .name("string")
        .build())
    .srcaddr6Negate("string")
    .srcaddr6s(SecuritypolicySrcaddr6Args.builder()
        .name("string")
        .build())
    .srcaddrNegate("string")
    .srcaddrs(SecuritypolicySrcaddrArgs.builder()
        .name("string")
        .build())
    .srcintfs(SecuritypolicySrcintfArgs.builder()
        .name("string")
        .build())
    .sshFilterProfile("string")
    .sslSshProfile("string")
    .status("string")
    .urlCategories(SecuritypolicyUrlCategoryArgs.builder()
        .id(0)
        .build())
    .urlCategoryUnitary("string")
    .users(SecuritypolicyUserArgs.builder()
        .name("string")
        .build())
    .uuid("string")
    .vdomparam("string")
    .videofilterProfile("string")
    .virtualPatchProfile("string")
    .voipProfile("string")
    .webfilterProfile("string")
    .build());

securitypolicy_resource = fortios.firewall.Securitypolicy("securitypolicyResource",
    action="string",
    app_categories=[fortios.firewall.SecuritypolicyAppCategoryArgs(
        id=0,
    )],
    app_groups=[fortios.firewall.SecuritypolicyAppGroupArgs(
        name="string",
    )],
    application_list="string",
    applications=[fortios.firewall.SecuritypolicyApplicationArgs(
        id=0,
    )],
    av_profile="string",
    casb_profile="string",
    cifs_profile="string",
    comments="string",
    diameter_filter_profile="string",
    dlp_profile="string",
    dlp_sensor="string",
    dnsfilter_profile="string",
    dstaddr4s=[fortios.firewall.SecuritypolicyDstaddr4Args(
        name="string",
    )],
    dstaddr6_negate="string",
    dstaddr6s=[fortios.firewall.SecuritypolicyDstaddr6Args(
        name="string",
    )],
    dstaddr_negate="string",
    dstaddrs=[fortios.firewall.SecuritypolicyDstaddrArgs(
        name="string",
    )],
    dstintfs=[fortios.firewall.SecuritypolicyDstintfArgs(
        name="string",
    )],
    dynamic_sort_subtable="string",
    emailfilter_profile="string",
    enforce_default_app_port="string",
    file_filter_profile="string",
    fsso_groups=[fortios.firewall.SecuritypolicyFssoGroupArgs(
        name="string",
    )],
    get_all_tables="string",
    groups=[fortios.firewall.SecuritypolicyGroupArgs(
        name="string",
    )],
    icap_profile="string",
    internet_service="string",
    internet_service6="string",
    internet_service6_custom_groups=[fortios.firewall.SecuritypolicyInternetService6CustomGroupArgs(
        name="string",
    )],
    internet_service6_customs=[fortios.firewall.SecuritypolicyInternetService6CustomArgs(
        name="string",
    )],
    internet_service6_groups=[fortios.firewall.SecuritypolicyInternetService6GroupArgs(
        name="string",
    )],
    internet_service6_names=[fortios.firewall.SecuritypolicyInternetService6NameArgs(
        name="string",
    )],
    internet_service6_negate="string",
    internet_service6_src="string",
    internet_service6_src_custom_groups=[fortios.firewall.SecuritypolicyInternetService6SrcCustomGroupArgs(
        name="string",
    )],
    internet_service6_src_customs=[fortios.firewall.SecuritypolicyInternetService6SrcCustomArgs(
        name="string",
    )],
    internet_service6_src_groups=[fortios.firewall.SecuritypolicyInternetService6SrcGroupArgs(
        name="string",
    )],
    internet_service6_src_names=[fortios.firewall.SecuritypolicyInternetService6SrcNameArgs(
        name="string",
    )],
    internet_service6_src_negate="string",
    internet_service_custom_groups=[fortios.firewall.SecuritypolicyInternetServiceCustomGroupArgs(
        name="string",
    )],
    internet_service_customs=[fortios.firewall.SecuritypolicyInternetServiceCustomArgs(
        name="string",
    )],
    internet_service_groups=[fortios.firewall.SecuritypolicyInternetServiceGroupArgs(
        name="string",
    )],
    internet_service_ids=[fortios.firewall.SecuritypolicyInternetServiceIdArgs(
        id=0,
    )],
    internet_service_names=[fortios.firewall.SecuritypolicyInternetServiceNameArgs(
        name="string",
    )],
    internet_service_negate="string",
    internet_service_src="string",
    internet_service_src_custom_groups=[fortios.firewall.SecuritypolicyInternetServiceSrcCustomGroupArgs(
        name="string",
    )],
    internet_service_src_customs=[fortios.firewall.SecuritypolicyInternetServiceSrcCustomArgs(
        name="string",
    )],
    internet_service_src_groups=[fortios.firewall.SecuritypolicyInternetServiceSrcGroupArgs(
        name="string",
    )],
    internet_service_src_ids=[fortios.firewall.SecuritypolicyInternetServiceSrcIdArgs(
        id=0,
    )],
    internet_service_src_names=[fortios.firewall.SecuritypolicyInternetServiceSrcNameArgs(
        name="string",
    )],
    internet_service_src_negate="string",
    ips_sensor="string",
    ips_voip_filter="string",
    learning_mode="string",
    logtraffic="string",
    logtraffic_start="string",
    name="string",
    nat46="string",
    nat64="string",
    policyid=0,
    profile_group="string",
    profile_protocol_options="string",
    profile_type="string",
    schedule="string",
    sctp_filter_profile="string",
    send_deny_packet="string",
    service_negate="string",
    services=[fortios.firewall.SecuritypolicyServiceArgs(
        name="string",
    )],
    srcaddr4s=[fortios.firewall.SecuritypolicySrcaddr4Args(
        name="string",
    )],
    srcaddr6_negate="string",
    srcaddr6s=[fortios.firewall.SecuritypolicySrcaddr6Args(
        name="string",
    )],
    srcaddr_negate="string",
    srcaddrs=[fortios.firewall.SecuritypolicySrcaddrArgs(
        name="string",
    )],
    srcintfs=[fortios.firewall.SecuritypolicySrcintfArgs(
        name="string",
    )],
    ssh_filter_profile="string",
    ssl_ssh_profile="string",
    status="string",
    url_categories=[fortios.firewall.SecuritypolicyUrlCategoryArgs(
        id=0,
    )],
    url_category_unitary="string",
    users=[fortios.firewall.SecuritypolicyUserArgs(
        name="string",
    )],
    uuid="string",
    vdomparam="string",
    videofilter_profile="string",
    virtual_patch_profile="string",
    voip_profile="string",
    webfilter_profile="string")

const securitypolicyResource = new fortios.firewall.Securitypolicy("securitypolicyResource", {
    action: "string",
    appCategories: [{
        id: 0,
    }],
    appGroups: [{
        name: "string",
    }],
    applicationList: "string",
    applications: [{
        id: 0,
    }],
    avProfile: "string",
    casbProfile: "string",
    cifsProfile: "string",
    comments: "string",
    diameterFilterProfile: "string",
    dlpProfile: "string",
    dlpSensor: "string",
    dnsfilterProfile: "string",
    dstaddr4s: [{
        name: "string",
    }],
    dstaddr6Negate: "string",
    dstaddr6s: [{
        name: "string",
    }],
    dstaddrNegate: "string",
    dstaddrs: [{
        name: "string",
    }],
    dstintfs: [{
        name: "string",
    }],
    dynamicSortSubtable: "string",
    emailfilterProfile: "string",
    enforceDefaultAppPort: "string",
    fileFilterProfile: "string",
    fssoGroups: [{
        name: "string",
    }],
    getAllTables: "string",
    groups: [{
        name: "string",
    }],
    icapProfile: "string",
    internetService: "string",
    internetService6: "string",
    internetService6CustomGroups: [{
        name: "string",
    }],
    internetService6Customs: [{
        name: "string",
    }],
    internetService6Groups: [{
        name: "string",
    }],
    internetService6Names: [{
        name: "string",
    }],
    internetService6Negate: "string",
    internetService6Src: "string",
    internetService6SrcCustomGroups: [{
        name: "string",
    }],
    internetService6SrcCustoms: [{
        name: "string",
    }],
    internetService6SrcGroups: [{
        name: "string",
    }],
    internetService6SrcNames: [{
        name: "string",
    }],
    internetService6SrcNegate: "string",
    internetServiceCustomGroups: [{
        name: "string",
    }],
    internetServiceCustoms: [{
        name: "string",
    }],
    internetServiceGroups: [{
        name: "string",
    }],
    internetServiceIds: [{
        id: 0,
    }],
    internetServiceNames: [{
        name: "string",
    }],
    internetServiceNegate: "string",
    internetServiceSrc: "string",
    internetServiceSrcCustomGroups: [{
        name: "string",
    }],
    internetServiceSrcCustoms: [{
        name: "string",
    }],
    internetServiceSrcGroups: [{
        name: "string",
    }],
    internetServiceSrcIds: [{
        id: 0,
    }],
    internetServiceSrcNames: [{
        name: "string",
    }],
    internetServiceSrcNegate: "string",
    ipsSensor: "string",
    ipsVoipFilter: "string",
    learningMode: "string",
    logtraffic: "string",
    logtrafficStart: "string",
    name: "string",
    nat46: "string",
    nat64: "string",
    policyid: 0,
    profileGroup: "string",
    profileProtocolOptions: "string",
    profileType: "string",
    schedule: "string",
    sctpFilterProfile: "string",
    sendDenyPacket: "string",
    serviceNegate: "string",
    services: [{
        name: "string",
    }],
    srcaddr4s: [{
        name: "string",
    }],
    srcaddr6Negate: "string",
    srcaddr6s: [{
        name: "string",
    }],
    srcaddrNegate: "string",
    srcaddrs: [{
        name: "string",
    }],
    srcintfs: [{
        name: "string",
    }],
    sshFilterProfile: "string",
    sslSshProfile: "string",
    status: "string",
    urlCategories: [{
        id: 0,
    }],
    urlCategoryUnitary: "string",
    users: [{
        name: "string",
    }],
    uuid: "string",
    vdomparam: "string",
    videofilterProfile: "string",
    virtualPatchProfile: "string",
    voipProfile: "string",
    webfilterProfile: "string",
});

type: fortios:firewall:Securitypolicy
properties:
    action: string
    appCategories:
        - id: 0
    appGroups:
        - name: string
    applicationList: string
    applications:
        - id: 0
    avProfile: string
    casbProfile: string
    cifsProfile: string
    comments: string
    diameterFilterProfile: string
    dlpProfile: string
    dlpSensor: string
    dnsfilterProfile: string
    dstaddr4s:
        - name: string
    dstaddr6Negate: string
    dstaddr6s:
        - name: string
    dstaddrNegate: string
    dstaddrs:
        - name: string
    dstintfs:
        - name: string
    dynamicSortSubtable: string
    emailfilterProfile: string
    enforceDefaultAppPort: string
    fileFilterProfile: string
    fssoGroups:
        - name: string
    getAllTables: string
    groups:
        - name: string
    icapProfile: string
    internetService: string
    internetService6: string
    internetService6CustomGroups:
        - name: string
    internetService6Customs:
        - name: string
    internetService6Groups:
        - name: string
    internetService6Names:
        - name: string
    internetService6Negate: string
    internetService6Src: string
    internetService6SrcCustomGroups:
        - name: string
    internetService6SrcCustoms:
        - name: string
    internetService6SrcGroups:
        - name: string
    internetService6SrcNames:
        - name: string
    internetService6SrcNegate: string
    internetServiceCustomGroups:
        - name: string
    internetServiceCustoms:
        - name: string
    internetServiceGroups:
        - name: string
    internetServiceIds:
        - id: 0
    internetServiceNames:
        - name: string
    internetServiceNegate: string
    internetServiceSrc: string
    internetServiceSrcCustomGroups:
        - name: string
    internetServiceSrcCustoms:
        - name: string
    internetServiceSrcGroups:
        - name: string
    internetServiceSrcIds:
        - id: 0
    internetServiceSrcNames:
        - name: string
    internetServiceSrcNegate: string
    ipsSensor: string
    ipsVoipFilter: string
    learningMode: string
    logtraffic: string
    logtrafficStart: string
    name: string
    nat46: string
    nat64: string
    policyid: 0
    profileGroup: string
    profileProtocolOptions: string
    profileType: string
    schedule: string
    sctpFilterProfile: string
    sendDenyPacket: string
    serviceNegate: string
    services:
        - name: string
    srcaddr4s:
        - name: string
    srcaddr6Negate: string
    srcaddr6s:
        - name: string
    srcaddrNegate: string
    srcaddrs:
        - name: string
    srcintfs:
        - name: string
    sshFilterProfile: string
    sslSshProfile: string
    status: string
    urlCategories:
        - id: 0
    urlCategoryUnitary: string
    users:
        - name: string
    uuid: string
    vdomparam: string
    videofilterProfile: string
    virtualPatchProfile: string
    voipProfile: string
    webfilterProfile: string

Securitypolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Securitypolicy resource accepts the following input properties:

Action string: Policy action (accept/deny). Valid values: accept, deny.
AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppGroup>: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyApplication>: Application ID list. The structure of application block is documented below.
AvProfile string: Name of an existing Antivirus profile.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dstaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr4>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string: Name of an existing email filter profile.
EnforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
FileFilterProfile string: Name of an existing file-filter profile.
FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
IcapProfile string: Name of an existing ICAP profile.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
InternetService6CustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroup>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetService6SrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
Name string: Policy name.
Nat46 string: Enable/disable NAT46. Valid values: enable, disable.
Nat64 string: Enable/disable NAT64. Valid values: enable, disable.
Policyid int: Policy ID.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
Schedule string: Schedule name.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
ServiceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyService>: Service and service group names. The structure of service block is documented below.
Srcaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr4>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy. Valid values: enable, disable.
UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUrlCategory>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
UrlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
Users List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VoipProfile string: Name of an existing VoIP (voipd) profile.
WebfilterProfile string: Name of an existing Web filter profile.

Action string: Policy action (accept/deny). Valid values: accept, deny.
AppCategories []SecuritypolicyAppCategoryArgs: Application category ID list. The structure of app_category block is documented below.
AppGroups []SecuritypolicyAppGroupArgs: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications []SecuritypolicyApplicationArgs: Application ID list. The structure of application block is documented below.
AvProfile string: Name of an existing Antivirus profile.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dstaddr4s []SecuritypolicyDstaddr4Args: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddr6s []SecuritypolicyDstaddr6Args: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs []SecuritypolicyDstaddrArgs: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
Dstintfs []SecuritypolicyDstintfArgs: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string: Name of an existing email filter profile.
EnforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
FileFilterProfile string: Name of an existing file-filter profile.
FssoGroups []SecuritypolicyFssoGroupArgs: Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Groups []SecuritypolicyGroupArgs: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
IcapProfile string: Name of an existing ICAP profile.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
InternetService6CustomGroups []SecuritypolicyInternetService6CustomGroupArgs: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs []SecuritypolicyInternetService6CustomArgs: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups []SecuritypolicyInternetService6GroupArgs: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names []SecuritypolicyInternetService6NameArgs: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetService6SrcCustomGroups []SecuritypolicyInternetService6SrcCustomGroupArgs: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms []SecuritypolicyInternetService6SrcCustomArgs: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups []SecuritypolicyInternetService6SrcGroupArgs: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames []SecuritypolicyInternetService6SrcNameArgs: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceCustomGroups []SecuritypolicyInternetServiceCustomGroupArgs: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms []SecuritypolicyInternetServiceCustomArgs: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups []SecuritypolicyInternetServiceGroupArgs: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds []SecuritypolicyInternetServiceIdArgs: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames []SecuritypolicyInternetServiceNameArgs: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetServiceSrcCustomGroups []SecuritypolicyInternetServiceSrcCustomGroupArgs: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms []SecuritypolicyInternetServiceSrcCustomArgs: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups []SecuritypolicyInternetServiceSrcGroupArgs: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds []SecuritypolicyInternetServiceSrcIdArgs: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames []SecuritypolicyInternetServiceSrcNameArgs: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
Name string: Policy name.
Nat46 string: Enable/disable NAT46. Valid values: enable, disable.
Nat64 string: Enable/disable NAT64. Valid values: enable, disable.
Policyid int: Policy ID.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
Schedule string: Schedule name.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
ServiceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services []SecuritypolicyServiceArgs: Service and service group names. The structure of service block is documented below.
Srcaddr4s []SecuritypolicySrcaddr4Args: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddr6s []SecuritypolicySrcaddr6Args: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs []SecuritypolicySrcaddrArgs: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
Srcintfs []SecuritypolicySrcintfArgs: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy. Valid values: enable, disable.
UrlCategories []SecuritypolicyUrlCategoryArgs: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
UrlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
Users []SecuritypolicyUserArgs: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VoipProfile string: Name of an existing VoIP (voipd) profile.
WebfilterProfile string: Name of an existing Web filter profile.

action String: Policy action (accept/deny). Valid values: accept, deny.
appCategories List<SecuritypolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
appGroups List<SecuritypolicyAppGroup>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<SecuritypolicyApplication>: Application ID list. The structure of application block is documented below.
avProfile String: Name of an existing Antivirus profile.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
diameterFilterProfile String: Name of an existing Diameter filter profile.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dstaddr4s List<SecuritypolicyDstaddr4>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s List<SecuritypolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<SecuritypolicyDstaddr>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs List<SecuritypolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String: Name of an existing email filter profile.
enforceDefaultAppPort String: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile String: Name of an existing file-filter profile.
fssoGroups List<SecuritypolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups List<SecuritypolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile String: Name of an existing ICAP profile.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups List<SecuritypolicyInternetService6CustomGroup>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<SecuritypolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<SecuritypolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<SecuritypolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups List<SecuritypolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<SecuritypolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<SecuritypolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<SecuritypolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups List<SecuritypolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<SecuritypolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<SecuritypolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<SecuritypolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<SecuritypolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups List<SecuritypolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<SecuritypolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<SecuritypolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<SecuritypolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<SecuritypolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String: Record logs when a session starts. Valid values: enable, disable.
name String: Policy name.
nat46 String: Enable/disable NAT46. Valid values: enable, disable.
nat64 String: Enable/disable NAT64. Valid values: enable, disable.
policyid Integer: Policy ID.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule String: Schedule name.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate String: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<SecuritypolicyService>: Service and service group names. The structure of service block is documented below.
srcaddr4s List<SecuritypolicySrcaddr4>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s List<SecuritypolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<SecuritypolicySrcaddr>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs List<SecuritypolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy. Valid values: enable, disable.
urlCategories List<SecuritypolicyUrlCategory>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary String: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users List<SecuritypolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
voipProfile String: Name of an existing VoIP (voipd) profile.
webfilterProfile String: Name of an existing Web filter profile.

action string: Policy action (accept/deny). Valid values: accept, deny.
appCategories SecuritypolicyAppCategory[]: Application category ID list. The structure of app_category block is documented below.
appGroups SecuritypolicyAppGroup[]: Application group names. The structure of app_group block is documented below.
applicationList string: Name of an existing Application list.
applications SecuritypolicyApplication[]: Application ID list. The structure of application block is documented below.
avProfile string: Name of an existing Antivirus profile.
casbProfile string: Name of an existing CASB profile.
cifsProfile string: Name of an existing CIFS profile.
comments string: Comment.
diameterFilterProfile string: Name of an existing Diameter filter profile.
dlpProfile string: Name of an existing DLP profile.
dlpSensor string: Name of an existing DLP sensor.
dnsfilterProfile string: Name of an existing DNS filter profile.
dstaddr4s SecuritypolicyDstaddr4[]: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s SecuritypolicyDstaddr6[]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs SecuritypolicyDstaddr[]: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs SecuritypolicyDstintf[]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile string: Name of an existing email filter profile.
enforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile string: Name of an existing file-filter profile.
fssoGroups SecuritypolicyFssoGroup[]: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups SecuritypolicyGroup[]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile string: Name of an existing ICAP profile.
internetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups SecuritypolicyInternetService6CustomGroup[]: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs SecuritypolicyInternetService6Custom[]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups SecuritypolicyInternetService6Group[]: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names SecuritypolicyInternetService6Name[]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups SecuritypolicyInternetService6SrcCustomGroup[]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms SecuritypolicyInternetService6SrcCustom[]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups SecuritypolicyInternetService6SrcGroup[]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames SecuritypolicyInternetService6SrcName[]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups SecuritypolicyInternetServiceCustomGroup[]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms SecuritypolicyInternetServiceCustom[]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups SecuritypolicyInternetServiceGroup[]: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds SecuritypolicyInternetServiceId[]: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames SecuritypolicyInternetServiceName[]: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups SecuritypolicyInternetServiceSrcCustomGroup[]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms SecuritypolicyInternetServiceSrcCustom[]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups SecuritypolicyInternetServiceSrcGroup[]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds SecuritypolicyInternetServiceSrcId[]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames SecuritypolicyInternetServiceSrcName[]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor string: Name of an existing IPS sensor.
ipsVoipFilter string: Name of an existing VoIP (ips) profile.
learningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
name string: Policy name.
nat46 string: Enable/disable NAT46. Valid values: enable, disable.
nat64 string: Enable/disable NAT64. Valid values: enable, disable.
policyid number: Policy ID.
profileGroup string: Name of profile group.
profileProtocolOptions string: Name of an existing Protocol options profile.
profileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule string: Schedule name.
sctpFilterProfile string: Name of an existing SCTP filter profile.
sendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services SecuritypolicyService[]: Service and service group names. The structure of service block is documented below.
srcaddr4s SecuritypolicySrcaddr4[]: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s SecuritypolicySrcaddr6[]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs SecuritypolicySrcaddr[]: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs SecuritypolicySrcintf[]: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile string: Name of an existing SSH filter profile.
sslSshProfile string: Name of an existing SSL SSH profile.
status string: Enable or disable this policy. Valid values: enable, disable.
urlCategories SecuritypolicyUrlCategory[]: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users SecuritypolicyUser[]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile string: Name of an existing VideoFilter profile.
virtualPatchProfile string: Name of an existing virtual-patch profile.
voipProfile string: Name of an existing VoIP (voipd) profile.
webfilterProfile string: Name of an existing Web filter profile.

action str: Policy action (accept/deny). Valid values: accept, deny.
app_categories Sequence[SecuritypolicyAppCategoryArgs]: Application category ID list. The structure of app_category block is documented below.
app_groups Sequence[SecuritypolicyAppGroupArgs]: Application group names. The structure of app_group block is documented below.
application_list str: Name of an existing Application list.
applications Sequence[SecuritypolicyApplicationArgs]: Application ID list. The structure of application block is documented below.
av_profile str: Name of an existing Antivirus profile.
casb_profile str: Name of an existing CASB profile.
cifs_profile str: Name of an existing CIFS profile.
comments str: Comment.
diameter_filter_profile str: Name of an existing Diameter filter profile.
dlp_profile str: Name of an existing DLP profile.
dlp_sensor str: Name of an existing DLP sensor.
dnsfilter_profile str: Name of an existing DNS filter profile.
dstaddr4s Sequence[SecuritypolicyDstaddr4Args]: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6_negate str: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s Sequence[SecuritypolicyDstaddr6Args]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddr_negate str: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs Sequence[SecuritypolicyDstaddrArgs]: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs Sequence[SecuritypolicyDstintfArgs]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilter_profile str: Name of an existing email filter profile.
enforce_default_app_port str: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
file_filter_profile str: Name of an existing file-filter profile.
fsso_groups Sequence[SecuritypolicyFssoGroupArgs]: Names of FSSO groups. The structure of fsso_groups block is documented below.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups Sequence[SecuritypolicyGroupArgs]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icap_profile str: Name of an existing ICAP profile.
internet_service str: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internet_service6 str: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internet_service6_custom_groups Sequence[SecuritypolicyInternetService6CustomGroupArgs]: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internet_service6_customs Sequence[SecuritypolicyInternetService6CustomArgs]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internet_service6_groups Sequence[SecuritypolicyInternetService6GroupArgs]: Internet Service group name. The structure of internet_service6_group block is documented below.
internet_service6_names Sequence[SecuritypolicyInternetService6NameArgs]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internet_service6_negate str: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internet_service6_src str: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internet_service6_src_custom_groups Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internet_service6_src_customs Sequence[SecuritypolicyInternetService6SrcCustomArgs]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internet_service6_src_groups Sequence[SecuritypolicyInternetService6SrcGroupArgs]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internet_service6_src_names Sequence[SecuritypolicyInternetService6SrcNameArgs]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internet_service6_src_negate str: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internet_service_custom_groups Sequence[SecuritypolicyInternetServiceCustomGroupArgs]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internet_service_customs Sequence[SecuritypolicyInternetServiceCustomArgs]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internet_service_groups Sequence[SecuritypolicyInternetServiceGroupArgs]: Internet Service group name. The structure of internet_service_group block is documented below.
internet_service_ids Sequence[SecuritypolicyInternetServiceIdArgs]: Internet Service ID. The structure of internet_service_id block is documented below.
internet_service_names Sequence[SecuritypolicyInternetServiceNameArgs]: Internet Service name. The structure of internet_service_name block is documented below.
internet_service_negate str: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internet_service_src str: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internet_service_src_custom_groups Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internet_service_src_customs Sequence[SecuritypolicyInternetServiceSrcCustomArgs]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internet_service_src_groups Sequence[SecuritypolicyInternetServiceSrcGroupArgs]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internet_service_src_ids Sequence[SecuritypolicyInternetServiceSrcIdArgs]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internet_service_src_names Sequence[SecuritypolicyInternetServiceSrcNameArgs]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internet_service_src_negate str: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ips_sensor str: Name of an existing IPS sensor.
ips_voip_filter str: Name of an existing VoIP (ips) profile.
learning_mode str: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic str: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtraffic_start str: Record logs when a session starts. Valid values: enable, disable.
name str: Policy name.
nat46 str: Enable/disable NAT46. Valid values: enable, disable.
nat64 str: Enable/disable NAT64. Valid values: enable, disable.
policyid int: Policy ID.
profile_group str: Name of profile group.
profile_protocol_options str: Name of an existing Protocol options profile.
profile_type str: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule str: Schedule name.
sctp_filter_profile str: Name of an existing SCTP filter profile.
send_deny_packet str: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
service_negate str: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Sequence[SecuritypolicyServiceArgs]: Service and service group names. The structure of service block is documented below.
srcaddr4s Sequence[SecuritypolicySrcaddr4Args]: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6_negate str: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s Sequence[SecuritypolicySrcaddr6Args]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddr_negate str: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs Sequence[SecuritypolicySrcaddrArgs]: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs Sequence[SecuritypolicySrcintfArgs]: Incoming (ingress) interface. The structure of srcintf block is documented below.
ssh_filter_profile str: Name of an existing SSH filter profile.
ssl_ssh_profile str: Name of an existing SSL SSH profile.
status str: Enable or disable this policy. Valid values: enable, disable.
url_categories Sequence[SecuritypolicyUrlCategoryArgs]: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
url_category_unitary str: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users Sequence[SecuritypolicyUserArgs]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid str: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilter_profile str: Name of an existing VideoFilter profile.
virtual_patch_profile str: Name of an existing virtual-patch profile.
voip_profile str: Name of an existing VoIP (voipd) profile.
webfilter_profile str: Name of an existing Web filter profile.

action String: Policy action (accept/deny). Valid values: accept, deny.
appCategories List<Property Map>: Application category ID list. The structure of app_category block is documented below.
appGroups List<Property Map>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<Property Map>: Application ID list. The structure of application block is documented below.
avProfile String: Name of an existing Antivirus profile.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
diameterFilterProfile String: Name of an existing Diameter filter profile.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dstaddr4s List<Property Map>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s List<Property Map>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<Property Map>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs List<Property Map>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String: Name of an existing email filter profile.
enforceDefaultAppPort String: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile String: Name of an existing file-filter profile.
fssoGroups List<Property Map>: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups List<Property Map>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile String: Name of an existing ICAP profile.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups List<Property Map>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<Property Map>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<Property Map>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<Property Map>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups List<Property Map>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<Property Map>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<Property Map>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<Property Map>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups List<Property Map>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<Property Map>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<Property Map>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<Property Map>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<Property Map>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups List<Property Map>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<Property Map>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<Property Map>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<Property Map>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<Property Map>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String: Record logs when a session starts. Valid values: enable, disable.
name String: Policy name.
nat46 String: Enable/disable NAT46. Valid values: enable, disable.
nat64 String: Enable/disable NAT64. Valid values: enable, disable.
policyid Number: Policy ID.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule String: Schedule name.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate String: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Property Map>: Service and service group names. The structure of service block is documented below.
srcaddr4s List<Property Map>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s List<Property Map>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<Property Map>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs List<Property Map>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy. Valid values: enable, disable.
urlCategories List<Property Map>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary String: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users List<Property Map>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
voipProfile String: Name of an existing VoIP (voipd) profile.
webfilterProfile String: Name of an existing Web filter profile.

Outputs

All input properties are implicitly available as output properties. Additionally, the Securitypolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Securitypolicy Resource

Get an existing Securitypolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecuritypolicyState, opts?: CustomResourceOptions): Securitypolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        app_categories: Optional[Sequence[SecuritypolicyAppCategoryArgs]] = None,
        app_groups: Optional[Sequence[SecuritypolicyAppGroupArgs]] = None,
        application_list: Optional[str] = None,
        applications: Optional[Sequence[SecuritypolicyApplicationArgs]] = None,
        av_profile: Optional[str] = None,
        casb_profile: Optional[str] = None,
        cifs_profile: Optional[str] = None,
        comments: Optional[str] = None,
        diameter_filter_profile: Optional[str] = None,
        dlp_profile: Optional[str] = None,
        dlp_sensor: Optional[str] = None,
        dnsfilter_profile: Optional[str] = None,
        dstaddr4s: Optional[Sequence[SecuritypolicyDstaddr4Args]] = None,
        dstaddr6_negate: Optional[str] = None,
        dstaddr6s: Optional[Sequence[SecuritypolicyDstaddr6Args]] = None,
        dstaddr_negate: Optional[str] = None,
        dstaddrs: Optional[Sequence[SecuritypolicyDstaddrArgs]] = None,
        dstintfs: Optional[Sequence[SecuritypolicyDstintfArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        emailfilter_profile: Optional[str] = None,
        enforce_default_app_port: Optional[str] = None,
        file_filter_profile: Optional[str] = None,
        fsso_groups: Optional[Sequence[SecuritypolicyFssoGroupArgs]] = None,
        get_all_tables: Optional[str] = None,
        groups: Optional[Sequence[SecuritypolicyGroupArgs]] = None,
        icap_profile: Optional[str] = None,
        internet_service: Optional[str] = None,
        internet_service6: Optional[str] = None,
        internet_service6_custom_groups: Optional[Sequence[SecuritypolicyInternetService6CustomGroupArgs]] = None,
        internet_service6_customs: Optional[Sequence[SecuritypolicyInternetService6CustomArgs]] = None,
        internet_service6_groups: Optional[Sequence[SecuritypolicyInternetService6GroupArgs]] = None,
        internet_service6_names: Optional[Sequence[SecuritypolicyInternetService6NameArgs]] = None,
        internet_service6_negate: Optional[str] = None,
        internet_service6_src: Optional[str] = None,
        internet_service6_src_custom_groups: Optional[Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]] = None,
        internet_service6_src_customs: Optional[Sequence[SecuritypolicyInternetService6SrcCustomArgs]] = None,
        internet_service6_src_groups: Optional[Sequence[SecuritypolicyInternetService6SrcGroupArgs]] = None,
        internet_service6_src_names: Optional[Sequence[SecuritypolicyInternetService6SrcNameArgs]] = None,
        internet_service6_src_negate: Optional[str] = None,
        internet_service_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceCustomGroupArgs]] = None,
        internet_service_customs: Optional[Sequence[SecuritypolicyInternetServiceCustomArgs]] = None,
        internet_service_groups: Optional[Sequence[SecuritypolicyInternetServiceGroupArgs]] = None,
        internet_service_ids: Optional[Sequence[SecuritypolicyInternetServiceIdArgs]] = None,
        internet_service_names: Optional[Sequence[SecuritypolicyInternetServiceNameArgs]] = None,
        internet_service_negate: Optional[str] = None,
        internet_service_src: Optional[str] = None,
        internet_service_src_custom_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]] = None,
        internet_service_src_customs: Optional[Sequence[SecuritypolicyInternetServiceSrcCustomArgs]] = None,
        internet_service_src_groups: Optional[Sequence[SecuritypolicyInternetServiceSrcGroupArgs]] = None,
        internet_service_src_ids: Optional[Sequence[SecuritypolicyInternetServiceSrcIdArgs]] = None,
        internet_service_src_names: Optional[Sequence[SecuritypolicyInternetServiceSrcNameArgs]] = None,
        internet_service_src_negate: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        ips_voip_filter: Optional[str] = None,
        learning_mode: Optional[str] = None,
        logtraffic: Optional[str] = None,
        logtraffic_start: Optional[str] = None,
        name: Optional[str] = None,
        nat46: Optional[str] = None,
        nat64: Optional[str] = None,
        policyid: Optional[int] = None,
        profile_group: Optional[str] = None,
        profile_protocol_options: Optional[str] = None,
        profile_type: Optional[str] = None,
        schedule: Optional[str] = None,
        sctp_filter_profile: Optional[str] = None,
        send_deny_packet: Optional[str] = None,
        service_negate: Optional[str] = None,
        services: Optional[Sequence[SecuritypolicyServiceArgs]] = None,
        srcaddr4s: Optional[Sequence[SecuritypolicySrcaddr4Args]] = None,
        srcaddr6_negate: Optional[str] = None,
        srcaddr6s: Optional[Sequence[SecuritypolicySrcaddr6Args]] = None,
        srcaddr_negate: Optional[str] = None,
        srcaddrs: Optional[Sequence[SecuritypolicySrcaddrArgs]] = None,
        srcintfs: Optional[Sequence[SecuritypolicySrcintfArgs]] = None,
        ssh_filter_profile: Optional[str] = None,
        ssl_ssh_profile: Optional[str] = None,
        status: Optional[str] = None,
        url_categories: Optional[Sequence[SecuritypolicyUrlCategoryArgs]] = None,
        url_category_unitary: Optional[str] = None,
        users: Optional[Sequence[SecuritypolicyUserArgs]] = None,
        uuid: Optional[str] = None,
        vdomparam: Optional[str] = None,
        videofilter_profile: Optional[str] = None,
        virtual_patch_profile: Optional[str] = None,
        voip_profile: Optional[str] = None,
        webfilter_profile: Optional[str] = None) -> Securitypolicy

func GetSecuritypolicy(ctx *Context, name string, id IDInput, state *SecuritypolicyState, opts ...ResourceOption) (*Securitypolicy, error)

public static Securitypolicy Get(string name, Input<string> id, SecuritypolicyState? state, CustomResourceOptions? opts = null)

public static Securitypolicy get(String name, Output<String> id, SecuritypolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Policy action (accept/deny). Valid values: accept, deny.
AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyAppGroup>: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyApplication>: Application ID list. The structure of application block is documented below.
AvProfile string: Name of an existing Antivirus profile.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dstaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr4>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstaddr>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string: Name of an existing email filter profile.
EnforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
FileFilterProfile string: Name of an existing file-filter profile.
FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
IcapProfile string: Name of an existing ICAP profile.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
InternetService6CustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6CustomGroup>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetService6SrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
Name string: Policy name.
Nat46 string: Enable/disable NAT46. Valid values: enable, disable.
Nat64 string: Enable/disable NAT64. Valid values: enable, disable.
Policyid int: Policy ID.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
Schedule string: Schedule name.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
ServiceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyService>: Service and service group names. The structure of service block is documented below.
Srcaddr4s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr4>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddr6s List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcaddr>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy. Valid values: enable, disable.
UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUrlCategory>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
UrlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
Users List<Pulumiverse.Fortios.Firewall.Inputs.SecuritypolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VoipProfile string: Name of an existing VoIP (voipd) profile.
WebfilterProfile string: Name of an existing Web filter profile.

Action string: Policy action (accept/deny). Valid values: accept, deny.
AppCategories []SecuritypolicyAppCategoryArgs: Application category ID list. The structure of app_category block is documented below.
AppGroups []SecuritypolicyAppGroupArgs: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications []SecuritypolicyApplicationArgs: Application ID list. The structure of application block is documented below.
AvProfile string: Name of an existing Antivirus profile.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dstaddr4s []SecuritypolicyDstaddr4Args: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddr6s []SecuritypolicyDstaddr6Args: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
Dstaddrs []SecuritypolicyDstaddrArgs: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
Dstintfs []SecuritypolicyDstintfArgs: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
EmailfilterProfile string: Name of an existing email filter profile.
EnforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
FileFilterProfile string: Name of an existing file-filter profile.
FssoGroups []SecuritypolicyFssoGroupArgs: Names of FSSO groups. The structure of fsso_groups block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Groups []SecuritypolicyGroupArgs: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
IcapProfile string: Name of an existing ICAP profile.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
InternetService6CustomGroups []SecuritypolicyInternetService6CustomGroupArgs: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs []SecuritypolicyInternetService6CustomArgs: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups []SecuritypolicyInternetService6GroupArgs: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names []SecuritypolicyInternetService6NameArgs: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetService6SrcCustomGroups []SecuritypolicyInternetService6SrcCustomGroupArgs: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms []SecuritypolicyInternetService6SrcCustomArgs: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups []SecuritypolicyInternetService6SrcGroupArgs: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames []SecuritypolicyInternetService6SrcNameArgs: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceCustomGroups []SecuritypolicyInternetServiceCustomGroupArgs: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms []SecuritypolicyInternetServiceCustomArgs: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups []SecuritypolicyInternetServiceGroupArgs: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds []SecuritypolicyInternetServiceIdArgs: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames []SecuritypolicyInternetServiceNameArgs: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
InternetServiceSrcCustomGroups []SecuritypolicyInternetServiceSrcCustomGroupArgs: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms []SecuritypolicyInternetServiceSrcCustomArgs: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups []SecuritypolicyInternetServiceSrcGroupArgs: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds []SecuritypolicyInternetServiceSrcIdArgs: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames []SecuritypolicyInternetServiceSrcNameArgs: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
LogtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
Name string: Policy name.
Nat46 string: Enable/disable NAT46. Valid values: enable, disable.
Nat64 string: Enable/disable NAT64. Valid values: enable, disable.
Policyid int: Policy ID.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
Schedule string: Schedule name.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
ServiceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
Services []SecuritypolicyServiceArgs: Service and service group names. The structure of service block is documented below.
Srcaddr4s []SecuritypolicySrcaddr4Args: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddr6s []SecuritypolicySrcaddr6Args: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
Srcaddrs []SecuritypolicySrcaddrArgs: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
Srcintfs []SecuritypolicySrcintfArgs: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy. Valid values: enable, disable.
UrlCategories []SecuritypolicyUrlCategoryArgs: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
UrlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
Users []SecuritypolicyUserArgs: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VoipProfile string: Name of an existing VoIP (voipd) profile.
WebfilterProfile string: Name of an existing Web filter profile.

action String: Policy action (accept/deny). Valid values: accept, deny.
appCategories List<SecuritypolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
appGroups List<SecuritypolicyAppGroup>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<SecuritypolicyApplication>: Application ID list. The structure of application block is documented below.
avProfile String: Name of an existing Antivirus profile.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
diameterFilterProfile String: Name of an existing Diameter filter profile.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dstaddr4s List<SecuritypolicyDstaddr4>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s List<SecuritypolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<SecuritypolicyDstaddr>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs List<SecuritypolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String: Name of an existing email filter profile.
enforceDefaultAppPort String: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile String: Name of an existing file-filter profile.
fssoGroups List<SecuritypolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups List<SecuritypolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile String: Name of an existing ICAP profile.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups List<SecuritypolicyInternetService6CustomGroup>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<SecuritypolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<SecuritypolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<SecuritypolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups List<SecuritypolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<SecuritypolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<SecuritypolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<SecuritypolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups List<SecuritypolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<SecuritypolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<SecuritypolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<SecuritypolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<SecuritypolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups List<SecuritypolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<SecuritypolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<SecuritypolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<SecuritypolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<SecuritypolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String: Record logs when a session starts. Valid values: enable, disable.
name String: Policy name.
nat46 String: Enable/disable NAT46. Valid values: enable, disable.
nat64 String: Enable/disable NAT64. Valid values: enable, disable.
policyid Integer: Policy ID.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule String: Schedule name.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate String: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<SecuritypolicyService>: Service and service group names. The structure of service block is documented below.
srcaddr4s List<SecuritypolicySrcaddr4>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s List<SecuritypolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<SecuritypolicySrcaddr>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs List<SecuritypolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy. Valid values: enable, disable.
urlCategories List<SecuritypolicyUrlCategory>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary String: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users List<SecuritypolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
voipProfile String: Name of an existing VoIP (voipd) profile.
webfilterProfile String: Name of an existing Web filter profile.

action string: Policy action (accept/deny). Valid values: accept, deny.
appCategories SecuritypolicyAppCategory[]: Application category ID list. The structure of app_category block is documented below.
appGroups SecuritypolicyAppGroup[]: Application group names. The structure of app_group block is documented below.
applicationList string: Name of an existing Application list.
applications SecuritypolicyApplication[]: Application ID list. The structure of application block is documented below.
avProfile string: Name of an existing Antivirus profile.
casbProfile string: Name of an existing CASB profile.
cifsProfile string: Name of an existing CIFS profile.
comments string: Comment.
diameterFilterProfile string: Name of an existing Diameter filter profile.
dlpProfile string: Name of an existing DLP profile.
dlpSensor string: Name of an existing DLP sensor.
dnsfilterProfile string: Name of an existing DNS filter profile.
dstaddr4s SecuritypolicyDstaddr4[]: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s SecuritypolicyDstaddr6[]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate string: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs SecuritypolicyDstaddr[]: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs SecuritypolicyDstintf[]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile string: Name of an existing email filter profile.
enforceDefaultAppPort string: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile string: Name of an existing file-filter profile.
fssoGroups SecuritypolicyFssoGroup[]: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups SecuritypolicyGroup[]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile string: Name of an existing ICAP profile.
internetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups SecuritypolicyInternetService6CustomGroup[]: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs SecuritypolicyInternetService6Custom[]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups SecuritypolicyInternetService6Group[]: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names SecuritypolicyInternetService6Name[]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate string: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups SecuritypolicyInternetService6SrcCustomGroup[]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms SecuritypolicyInternetService6SrcCustom[]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups SecuritypolicyInternetService6SrcGroup[]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames SecuritypolicyInternetService6SrcName[]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups SecuritypolicyInternetServiceCustomGroup[]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms SecuritypolicyInternetServiceCustom[]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups SecuritypolicyInternetServiceGroup[]: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds SecuritypolicyInternetServiceId[]: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames SecuritypolicyInternetServiceName[]: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate string: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups SecuritypolicyInternetServiceSrcCustomGroup[]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms SecuritypolicyInternetServiceSrcCustom[]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups SecuritypolicyInternetServiceSrcGroup[]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds SecuritypolicyInternetServiceSrcId[]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames SecuritypolicyInternetServiceSrcName[]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor string: Name of an existing IPS sensor.
ipsVoipFilter string: Name of an existing VoIP (ips) profile.
learningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic string: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart string: Record logs when a session starts. Valid values: enable, disable.
name string: Policy name.
nat46 string: Enable/disable NAT46. Valid values: enable, disable.
nat64 string: Enable/disable NAT64. Valid values: enable, disable.
policyid number: Policy ID.
profileGroup string: Name of profile group.
profileProtocolOptions string: Name of an existing Protocol options profile.
profileType string: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule string: Schedule name.
sctpFilterProfile string: Name of an existing SCTP filter profile.
sendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate string: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services SecuritypolicyService[]: Service and service group names. The structure of service block is documented below.
srcaddr4s SecuritypolicySrcaddr4[]: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s SecuritypolicySrcaddr6[]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate string: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs SecuritypolicySrcaddr[]: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs SecuritypolicySrcintf[]: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile string: Name of an existing SSH filter profile.
sslSshProfile string: Name of an existing SSL SSH profile.
status string: Enable or disable this policy. Valid values: enable, disable.
urlCategories SecuritypolicyUrlCategory[]: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary string: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users SecuritypolicyUser[]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile string: Name of an existing VideoFilter profile.
virtualPatchProfile string: Name of an existing virtual-patch profile.
voipProfile string: Name of an existing VoIP (voipd) profile.
webfilterProfile string: Name of an existing Web filter profile.

action str: Policy action (accept/deny). Valid values: accept, deny.
app_categories Sequence[SecuritypolicyAppCategoryArgs]: Application category ID list. The structure of app_category block is documented below.
app_groups Sequence[SecuritypolicyAppGroupArgs]: Application group names. The structure of app_group block is documented below.
application_list str: Name of an existing Application list.
applications Sequence[SecuritypolicyApplicationArgs]: Application ID list. The structure of application block is documented below.
av_profile str: Name of an existing Antivirus profile.
casb_profile str: Name of an existing CASB profile.
cifs_profile str: Name of an existing CIFS profile.
comments str: Comment.
diameter_filter_profile str: Name of an existing Diameter filter profile.
dlp_profile str: Name of an existing DLP profile.
dlp_sensor str: Name of an existing DLP sensor.
dnsfilter_profile str: Name of an existing DNS filter profile.
dstaddr4s Sequence[SecuritypolicyDstaddr4Args]: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6_negate str: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s Sequence[SecuritypolicyDstaddr6Args]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddr_negate str: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs Sequence[SecuritypolicyDstaddrArgs]: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs Sequence[SecuritypolicyDstintfArgs]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilter_profile str: Name of an existing email filter profile.
enforce_default_app_port str: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
file_filter_profile str: Name of an existing file-filter profile.
fsso_groups Sequence[SecuritypolicyFssoGroupArgs]: Names of FSSO groups. The structure of fsso_groups block is documented below.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups Sequence[SecuritypolicyGroupArgs]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icap_profile str: Name of an existing ICAP profile.
internet_service str: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internet_service6 str: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internet_service6_custom_groups Sequence[SecuritypolicyInternetService6CustomGroupArgs]: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internet_service6_customs Sequence[SecuritypolicyInternetService6CustomArgs]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internet_service6_groups Sequence[SecuritypolicyInternetService6GroupArgs]: Internet Service group name. The structure of internet_service6_group block is documented below.
internet_service6_names Sequence[SecuritypolicyInternetService6NameArgs]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internet_service6_negate str: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internet_service6_src str: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internet_service6_src_custom_groups Sequence[SecuritypolicyInternetService6SrcCustomGroupArgs]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internet_service6_src_customs Sequence[SecuritypolicyInternetService6SrcCustomArgs]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internet_service6_src_groups Sequence[SecuritypolicyInternetService6SrcGroupArgs]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internet_service6_src_names Sequence[SecuritypolicyInternetService6SrcNameArgs]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internet_service6_src_negate str: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internet_service_custom_groups Sequence[SecuritypolicyInternetServiceCustomGroupArgs]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internet_service_customs Sequence[SecuritypolicyInternetServiceCustomArgs]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internet_service_groups Sequence[SecuritypolicyInternetServiceGroupArgs]: Internet Service group name. The structure of internet_service_group block is documented below.
internet_service_ids Sequence[SecuritypolicyInternetServiceIdArgs]: Internet Service ID. The structure of internet_service_id block is documented below.
internet_service_names Sequence[SecuritypolicyInternetServiceNameArgs]: Internet Service name. The structure of internet_service_name block is documented below.
internet_service_negate str: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internet_service_src str: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internet_service_src_custom_groups Sequence[SecuritypolicyInternetServiceSrcCustomGroupArgs]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internet_service_src_customs Sequence[SecuritypolicyInternetServiceSrcCustomArgs]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internet_service_src_groups Sequence[SecuritypolicyInternetServiceSrcGroupArgs]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internet_service_src_ids Sequence[SecuritypolicyInternetServiceSrcIdArgs]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internet_service_src_names Sequence[SecuritypolicyInternetServiceSrcNameArgs]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internet_service_src_negate str: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ips_sensor str: Name of an existing IPS sensor.
ips_voip_filter str: Name of an existing VoIP (ips) profile.
learning_mode str: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic str: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtraffic_start str: Record logs when a session starts. Valid values: enable, disable.
name str: Policy name.
nat46 str: Enable/disable NAT46. Valid values: enable, disable.
nat64 str: Enable/disable NAT64. Valid values: enable, disable.
policyid int: Policy ID.
profile_group str: Name of profile group.
profile_protocol_options str: Name of an existing Protocol options profile.
profile_type str: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule str: Schedule name.
sctp_filter_profile str: Name of an existing SCTP filter profile.
send_deny_packet str: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
service_negate str: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services Sequence[SecuritypolicyServiceArgs]: Service and service group names. The structure of service block is documented below.
srcaddr4s Sequence[SecuritypolicySrcaddr4Args]: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6_negate str: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s Sequence[SecuritypolicySrcaddr6Args]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddr_negate str: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs Sequence[SecuritypolicySrcaddrArgs]: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs Sequence[SecuritypolicySrcintfArgs]: Incoming (ingress) interface. The structure of srcintf block is documented below.
ssh_filter_profile str: Name of an existing SSH filter profile.
ssl_ssh_profile str: Name of an existing SSL SSH profile.
status str: Enable or disable this policy. Valid values: enable, disable.
url_categories Sequence[SecuritypolicyUrlCategoryArgs]: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
url_category_unitary str: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users Sequence[SecuritypolicyUserArgs]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid str: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilter_profile str: Name of an existing VideoFilter profile.
virtual_patch_profile str: Name of an existing virtual-patch profile.
voip_profile str: Name of an existing VoIP (voipd) profile.
webfilter_profile str: Name of an existing Web filter profile.

action String: Policy action (accept/deny). Valid values: accept, deny.
appCategories List<Property Map>: Application category ID list. The structure of app_category block is documented below.
appGroups List<Property Map>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<Property Map>: Application ID list. The structure of application block is documented below.
avProfile String: Name of an existing Antivirus profile.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
diameterFilterProfile String: Name of an existing Diameter filter profile.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dstaddr4s List<Property Map>: Destination IPv4 address name and address group names. The structure of dstaddr4 block is documented below.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddr6s List<Property Map>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr/dstaddr6 specifies what the destination address must NOT be. Valid values: enable, disable.
dstaddrs List<Property Map>: Destination IPv4 address name and address group names. The structure of dstaddr block is documented below.
dstintfs List<Property Map>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
emailfilterProfile String: Name of an existing email filter profile.
enforceDefaultAppPort String: Enable/disable default application port enforcement for allowed applications. Valid values: enable, disable.
fileFilterProfile String: Name of an existing file-filter profile.
fssoGroups List<Property Map>: Names of FSSO groups. The structure of fsso_groups block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groups List<Property Map>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
icapProfile String: Name of an existing ICAP profile.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values: enable, disable.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address, service and default application port enforcement are not used. Valid values: enable, disable.
internetService6CustomGroups List<Property Map>: Custom IPv6 Internet Service group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<Property Map>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<Property Map>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<Property Map>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be. Valid values: enable, disable.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetService6SrcCustomGroups List<Property Map>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<Property Map>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<Property Map>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<Property Map>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be. Valid values: enable, disable.
internetServiceCustomGroups List<Property Map>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<Property Map>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<Property Map>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<Property Map>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<Property Map>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be. Valid values: enable, disable.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. Valid values: enable, disable.
internetServiceSrcCustomGroups List<Property Map>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<Property Map>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<Property Map>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<Property Map>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<Property Map>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be. Valid values: enable, disable.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated. Valid values: enable, disable.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
logtrafficStart String: Record logs when a session starts. Valid values: enable, disable.
name String: Policy name.
nat46 String: Enable/disable NAT46. Valid values: enable, disable.
nat64 String: Enable/disable NAT64. Valid values: enable, disable.
policyid Number: Policy ID.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
schedule String: Schedule name.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy. Valid values: disable, enable.
serviceNegate String: When enabled service specifies what the service must NOT be. Valid values: enable, disable.
services List<Property Map>: Service and service group names. The structure of service block is documented below.
srcaddr4s List<Property Map>: Source IPv4 address name and address group names. The structure of srcaddr4 block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddr6s List<Property Map>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr/srcaddr6 specifies what the source address must NOT be. Valid values: enable, disable.
srcaddrs List<Property Map>: Source IPv4 address name and address group names. The structure of srcaddr block is documented below.
srcintfs List<Property Map>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy. Valid values: enable, disable.
urlCategories List<Property Map>: URL category ID list. Due to the data type change of API, for other versions of FortiOS, please check variable url-category_unitary. The structure of url_category block is documented below.
urlCategoryUnitary String: URL categories or groups. Due to the data type change of API, for other versions of FortiOS, please check variable url-category.
users List<Property Map>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
voipProfile String: Name of an existing VoIP (voipd) profile.
webfilterProfile String: Name of an existing Web filter profile.

Supporting Types

SecuritypolicyAppCategory, SecuritypolicyAppCategoryArgs

Id int: Category IDs.

Id int: Category IDs.

id Integer: Category IDs.

id number: Category IDs.

id int: Category IDs.

id Number: Category IDs.

SecuritypolicyAppGroup, SecuritypolicyAppGroupArgs

Name string: Application group names.

Name string: Application group names.

name String: Application group names.

name string: Application group names.

name str: Application group names.

name String: Application group names.

SecuritypolicyApplication, SecuritypolicyApplicationArgs

Id int: Application IDs.

Id int: Application IDs.

id Integer: Application IDs.

id number: Application IDs.

id int: Application IDs.

id Number: Application IDs.

SecuritypolicyDstaddr, SecuritypolicyDstaddrArgs

Name string: Address name.

Name string: Address name.

name String: Address name.

name string: Address name.

name str: Address name.

name String: Address name.

SecuritypolicyDstaddr4, SecuritypolicyDstaddr4Args

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyDstaddr6, SecuritypolicyDstaddr6Args

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyDstintf, SecuritypolicyDstintfArgs

Name string: Interface name.

Name string: Interface name.

name String: Interface name.

name string: Interface name.

name str: Interface name.

name String: Interface name.

SecuritypolicyFssoGroup, SecuritypolicyFssoGroupArgs

Name string: Names of FSSO groups.

Name string: Names of FSSO groups.

name String: Names of FSSO groups.

name string: Names of FSSO groups.

name str: Names of FSSO groups.

name String: Names of FSSO groups.

SecuritypolicyGroup, SecuritypolicyGroupArgs

Name string: User group name.

Name string: User group name.

name String: User group name.

name string: User group name.

name str: User group name.

name String: User group name.

SecuritypolicyInternetService6Custom, SecuritypolicyInternetService6CustomArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6CustomGroup, SecuritypolicyInternetService6CustomGroupArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6Group, SecuritypolicyInternetService6GroupArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6Name, SecuritypolicyInternetService6NameArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6SrcCustom, SecuritypolicyInternetService6SrcCustomArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6SrcCustomGroup, SecuritypolicyInternetService6SrcCustomGroupArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6SrcGroup, SecuritypolicyInternetService6SrcGroupArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetService6SrcName, SecuritypolicyInternetService6SrcNameArgs

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicyInternetServiceCustom, SecuritypolicyInternetServiceCustomArgs

Name string: Custom Internet Service name.

Name string: Custom Internet Service name.

name String: Custom Internet Service name.

name string: Custom Internet Service name.

name str: Custom Internet Service name.

name String: Custom Internet Service name.

SecuritypolicyInternetServiceCustomGroup, SecuritypolicyInternetServiceCustomGroupArgs

Name string: Custom Internet Service group name.

Name string: Custom Internet Service group name.

name String: Custom Internet Service group name.

name string: Custom Internet Service group name.

name str: Custom Internet Service group name.

name String: Custom Internet Service group name.

SecuritypolicyInternetServiceGroup, SecuritypolicyInternetServiceGroupArgs

Name string: Internet Service group name.

Name string: Internet Service group name.

name String: Internet Service group name.

name string: Internet Service group name.

name str: Internet Service group name.

name String: Internet Service group name.

SecuritypolicyInternetServiceId, SecuritypolicyInternetServiceIdArgs

Id int: Internet Service ID.

Id int: Internet Service ID.

id Integer: Internet Service ID.

id number: Internet Service ID.

id int: Internet Service ID.

id Number: Internet Service ID.

SecuritypolicyInternetServiceName, SecuritypolicyInternetServiceNameArgs

Name string: Internet Service name.

Name string: Internet Service name.

name String: Internet Service name.

name string: Internet Service name.

name str: Internet Service name.

name String: Internet Service name.

SecuritypolicyInternetServiceSrcCustom, SecuritypolicyInternetServiceSrcCustomArgs

Name string: Custom Internet Service name.

Name string: Custom Internet Service name.

name String: Custom Internet Service name.

name string: Custom Internet Service name.

name str: Custom Internet Service name.

name String: Custom Internet Service name.

SecuritypolicyInternetServiceSrcCustomGroup, SecuritypolicyInternetServiceSrcCustomGroupArgs

Name string: Custom Internet Service6 group name.

Name string: Custom Internet Service6 group name.

name String: Custom Internet Service6 group name.

name string: Custom Internet Service6 group name.

name str: Custom Internet Service6 group name.

name String: Custom Internet Service6 group name.

SecuritypolicyInternetServiceSrcGroup, SecuritypolicyInternetServiceSrcGroupArgs

Name string: Internet Service group name.

Name string: Internet Service group name.

name String: Internet Service group name.

name string: Internet Service group name.

name str: Internet Service group name.

name String: Internet Service group name.

SecuritypolicyInternetServiceSrcId, SecuritypolicyInternetServiceSrcIdArgs

Id int: Internet Service ID.

Id int: Internet Service ID.

id Integer: Internet Service ID.

id number: Internet Service ID.

id int: Internet Service ID.

id Number: Internet Service ID.

SecuritypolicyInternetServiceSrcName, SecuritypolicyInternetServiceSrcNameArgs

Name string: Internet Service name.

Name string: Internet Service name.

name String: Internet Service name.

name string: Internet Service name.

name str: Internet Service name.

name String: Internet Service name.

SecuritypolicyService, SecuritypolicyServiceArgs

Name string: Service name.

Name string: Service name.

name String: Service name.

name string: Service name.

name str: Service name.

name String: Service name.

SecuritypolicySrcaddr, SecuritypolicySrcaddrArgs

Name string: Address name.

Name string: Address name.

name String: Address name.

name string: Address name.

name str: Address name.

name String: Address name.

SecuritypolicySrcaddr4, SecuritypolicySrcaddr4Args

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicySrcaddr6, SecuritypolicySrcaddr6Args

Name string: Policy name.

Name string: Policy name.

name String: Policy name.

name string: Policy name.

name str: Policy name.

name String: Policy name.

SecuritypolicySrcintf, SecuritypolicySrcintfArgs

Name string: Interface name.

Name string: Interface name.

name String: Interface name.

name string: Interface name.

name str: Interface name.

name String: Interface name.

SecuritypolicyUrlCategory, SecuritypolicyUrlCategoryArgs

Id int: URL category ID.

Id int: URL category ID.

id Integer: URL category ID.

id number: URL category ID.

id int: URL category ID.

id Number: URL category ID.

SecuritypolicyUser, SecuritypolicyUserArgs

Name string: User name.

Name string: User name.

name String: User name.

name string: User name.

name str: User name.

name String: User name.

Import

Firewall SecurityPolicy can be imported using any of these accepted formats:

$ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}

If you do not want to import arguments of block:

$ export “FORTIOS_IMPORT_TABLE”=“false”

$ pulumi import fortios:firewall/securitypolicy:Securitypolicy labelname {{policyid}}

$ unset “FORTIOS_IMPORT_TABLE”

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortios pulumiverse/pulumi-fortios
License: Apache-2.0
Notes: This Pulumi package is based on the fortios Terraform Provider.

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

pulumiverse/pulumi-fortios

fortios.firewall.Securitypolicy

On this page

On this page

Example Usage

Create Securitypolicy Resource

Constructor syntax

Parameters

Constructor example

Securitypolicy Resource Properties

Inputs

Outputs

Look up Existing Securitypolicy Resource

Supporting Types

SecuritypolicyAppCategory, SecuritypolicyAppCategoryArgs

SecuritypolicyAppGroup, SecuritypolicyAppGroupArgs

SecuritypolicyApplication, SecuritypolicyApplicationArgs

SecuritypolicyDstaddr, SecuritypolicyDstaddrArgs

SecuritypolicyDstaddr4, SecuritypolicyDstaddr4Args

SecuritypolicyDstaddr6, SecuritypolicyDstaddr6Args

SecuritypolicyDstintf, SecuritypolicyDstintfArgs

SecuritypolicyFssoGroup, SecuritypolicyFssoGroupArgs

SecuritypolicyGroup, SecuritypolicyGroupArgs

SecuritypolicyInternetService6Custom, SecuritypolicyInternetService6CustomArgs

SecuritypolicyInternetService6CustomGroup, SecuritypolicyInternetService6CustomGroupArgs

SecuritypolicyInternetService6Group, SecuritypolicyInternetService6GroupArgs

SecuritypolicyInternetService6Name, SecuritypolicyInternetService6NameArgs

SecuritypolicyInternetService6SrcCustom, SecuritypolicyInternetService6SrcCustomArgs

SecuritypolicyInternetService6SrcCustomGroup, SecuritypolicyInternetService6SrcCustomGroupArgs

SecuritypolicyInternetService6SrcGroup, SecuritypolicyInternetService6SrcGroupArgs

SecuritypolicyInternetService6SrcName, SecuritypolicyInternetService6SrcNameArgs

SecuritypolicyInternetServiceCustom, SecuritypolicyInternetServiceCustomArgs

SecuritypolicyInternetServiceCustomGroup, SecuritypolicyInternetServiceCustomGroupArgs

SecuritypolicyInternetServiceGroup, SecuritypolicyInternetServiceGroupArgs

SecuritypolicyInternetServiceId, SecuritypolicyInternetServiceIdArgs

SecuritypolicyInternetServiceName, SecuritypolicyInternetServiceNameArgs

SecuritypolicyInternetServiceSrcCustom, SecuritypolicyInternetServiceSrcCustomArgs

SecuritypolicyInternetServiceSrcCustomGroup, SecuritypolicyInternetServiceSrcCustomGroupArgs

SecuritypolicyInternetServiceSrcGroup, SecuritypolicyInternetServiceSrcGroupArgs

SecuritypolicyInternetServiceSrcId, SecuritypolicyInternetServiceSrcIdArgs

SecuritypolicyInternetServiceSrcName, SecuritypolicyInternetServiceSrcNameArgs

SecuritypolicyService, SecuritypolicyServiceArgs

SecuritypolicySrcaddr, SecuritypolicySrcaddrArgs

SecuritypolicySrcaddr4, SecuritypolicySrcaddr4Args

SecuritypolicySrcaddr6, SecuritypolicySrcaddr6Args

SecuritypolicySrcintf, SecuritypolicySrcintfArgs

SecuritypolicyUrlCategory, SecuritypolicyUrlCategoryArgs

SecuritypolicyUser, SecuritypolicyUserArgs

Import

Package Details

On this page

On this page