Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.PackagesGlobalHeaderPolicy6
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure IPv6 policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const labelname = new fortimanager.PackagesGlobalHeaderPolicy6("labelname", {
action: "accept",
comments: "terraform-comment",
dstaddr: "gall",
dstintf: "any",
pkg: "default",
schedule: "galways",
service: "gALL",
srcaddr: "gall",
srcintf: "any",
status: "disable",
});
import pulumi
import pulumi_fortimanager as fortimanager
labelname = fortimanager.PackagesGlobalHeaderPolicy6("labelname",
action="accept",
comments="terraform-comment",
dstaddr="gall",
dstintf="any",
pkg="default",
schedule="galways",
service="gALL",
srcaddr="gall",
srcintf="any",
status="disable")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewPackagesGlobalHeaderPolicy6(ctx, "labelname", &fortimanager.PackagesGlobalHeaderPolicy6Args{
Action: pulumi.String("accept"),
Comments: pulumi.String("terraform-comment"),
Dstaddr: pulumi.String("gall"),
Dstintf: pulumi.String("any"),
Pkg: pulumi.String("default"),
Schedule: pulumi.String("galways"),
Service: pulumi.String("gALL"),
Srcaddr: pulumi.String("gall"),
Srcintf: pulumi.String("any"),
Status: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var labelname = new Fortimanager.PackagesGlobalHeaderPolicy6("labelname", new()
{
Action = "accept",
Comments = "terraform-comment",
Dstaddr = "gall",
Dstintf = "any",
Pkg = "default",
Schedule = "galways",
Service = "gALL",
Srcaddr = "gall",
Srcintf = "any",
Status = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.PackagesGlobalHeaderPolicy6;
import com.pulumi.fortimanager.PackagesGlobalHeaderPolicy6Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var labelname = new PackagesGlobalHeaderPolicy6("labelname", PackagesGlobalHeaderPolicy6Args.builder()
.action("accept")
.comments("terraform-comment")
.dstaddr("gall")
.dstintf("any")
.pkg("default")
.schedule("galways")
.service("gALL")
.srcaddr("gall")
.srcintf("any")
.status("disable")
.build());
}
}
resources:
labelname:
type: fortimanager:PackagesGlobalHeaderPolicy6
properties:
action: accept
comments: terraform-comment
dstaddr: gall
dstintf: any
pkg: default
schedule: galways
service: gALL
srcaddr: gall
srcintf: any
status: disable
Create PackagesGlobalHeaderPolicy6 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PackagesGlobalHeaderPolicy6(name: string, args: PackagesGlobalHeaderPolicy6Args, opts?: CustomResourceOptions);@overload
def PackagesGlobalHeaderPolicy6(resource_name: str,
args: PackagesGlobalHeaderPolicy6Args,
opts: Optional[ResourceOptions] = None)
@overload
def PackagesGlobalHeaderPolicy6(resource_name: str,
opts: Optional[ResourceOptions] = None,
pkg: Optional[str] = None,
_policy_block: Optional[float] = None,
action: Optional[str] = None,
anti_replay: Optional[str] = None,
app_category: Optional[str] = None,
app_group: Optional[str] = None,
application_charts: Optional[Sequence[str]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[float]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
casi_profile: Optional[str] = None,
cgn_log_server_grp: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
custom_log_fields: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
deep_inspection_options: Optional[str] = None,
device_detection_portal: Optional[str] = None,
devices: Optional[str] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dscp_match: Optional[str] = None,
dscp_negate: Optional[str] = None,
dscp_value: Optional[str] = None,
dsri: Optional[str] = None,
dstaddr: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dstintf: Optional[str] = None,
dynamic_profile: Optional[str] = None,
dynamic_profile_accesses: Optional[Sequence[str]] = None,
dynamic_profile_group: Optional[str] = None,
email_collection_portal: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fixedport: Optional[str] = None,
fsae: Optional[str] = None,
fsso_groups: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[str] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
identity_based: Optional[str] = None,
identity_from: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
natinbound: Optional[str] = None,
natoutbound: Optional[str] = None,
np_accelation: Optional[str] = None,
np_acceleration: Optional[str] = None,
outbound: Optional[str] = None,
packages_global_header_policy6_id: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policy_offload: Optional[str] = None,
policyid: Optional[float] = None,
poolname: Optional[str] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
replacemsg_group: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
rsso: Optional[str] = None,
schedule: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service: Optional[str] = None,
service_negate: Optional[str] = None,
session_ttl: Optional[str] = None,
spamfilter_profile: Optional[str] = None,
srcaddr: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_mirror: Optional[str] = None,
ssl_mirror_intf: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
sslvpn_auth: Optional[str] = None,
sslvpn_ccert: Optional[str] = None,
sslvpn_cipher: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[str] = None,
tcp_mss_receiver: Optional[float] = None,
tcp_mss_sender: Optional[float] = None,
tcp_session_without_syn: Optional[str] = None,
timeout_send_rst: Optional[str] = None,
tos: Optional[str] = None,
tos_mask: Optional[str] = None,
tos_negate: Optional[str] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_category: Optional[str] = None,
users: Optional[str] = None,
utm_inspection_mode: Optional[str] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vlan_cos_fwd: Optional[float] = None,
vlan_cos_rev: Optional[float] = None,
vlan_filter: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None)func NewPackagesGlobalHeaderPolicy6(ctx *Context, name string, args PackagesGlobalHeaderPolicy6Args, opts ...ResourceOption) (*PackagesGlobalHeaderPolicy6, error)public PackagesGlobalHeaderPolicy6(string name, PackagesGlobalHeaderPolicy6Args args, CustomResourceOptions? opts = null)public PackagesGlobalHeaderPolicy6(String name, PackagesGlobalHeaderPolicy6Args args)
public PackagesGlobalHeaderPolicy6(String name, PackagesGlobalHeaderPolicy6Args args, CustomResourceOptions options)
type: fortimanager:PackagesGlobalHeaderPolicy6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesGlobalHeaderPolicy6Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PackagesGlobalHeaderPolicy6Args - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesGlobalHeaderPolicy6Args - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PackagesGlobalHeaderPolicy6Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PackagesGlobalHeaderPolicy6Args - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var packagesGlobalHeaderPolicy6Resource = new Fortimanager.PackagesGlobalHeaderPolicy6("packagesGlobalHeaderPolicy6Resource", new()
{
Pkg = "string",
_policyBlock = 0,
Action = "string",
AntiReplay = "string",
AppCategory = "string",
AppGroup = "string",
ApplicationCharts = new[]
{
"string",
},
ApplicationList = "string",
Applications = new[]
{
0,
},
AutoAsicOffload = "string",
AvProfile = "string",
CasiProfile = "string",
CgnLogServerGrp = "string",
CifsProfile = "string",
Comments = "string",
CustomLogFields = "string",
DecryptedTrafficMirror = "string",
DeepInspectionOptions = "string",
DeviceDetectionPortal = "string",
Devices = "string",
DiffservForward = "string",
DiffservReverse = "string",
DiffservcodeForward = "string",
DiffservcodeRev = "string",
DlpSensor = "string",
DnsfilterProfile = "string",
DscpMatch = "string",
DscpNegate = "string",
DscpValue = "string",
Dsri = "string",
Dstaddr = "string",
DstaddrNegate = "string",
Dstintf = "string",
DynamicProfile = "string",
DynamicProfileAccesses = new[]
{
"string",
},
DynamicProfileGroup = "string",
EmailCollectionPortal = "string",
EmailfilterProfile = "string",
FileFilterProfile = "string",
FirewallSessionDirty = "string",
Fixedport = "string",
Fsae = "string",
FssoGroups = "string",
GlobalLabel = "string",
Groups = "string",
HttpPolicyRedirect = "string",
IcapProfile = "string",
IdentityBased = "string",
IdentityFrom = "string",
Inbound = "string",
InspectionMode = "string",
Ippool = "string",
IpsSensor = "string",
Label = "string",
Logtraffic = "string",
LogtrafficStart = "string",
MmsProfile = "string",
Name = "string",
Nat = "string",
Natinbound = "string",
Natoutbound = "string",
NpAccelation = "string",
NpAcceleration = "string",
Outbound = "string",
PackagesGlobalHeaderPolicy6Id = "string",
PerIpShaper = "string",
PkgFolderPath = "string",
PolicyOffload = "string",
Policyid = 0,
Poolname = "string",
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
ReplacemsgGroup = "string",
ReplacemsgOverrideGroup = "string",
Rsso = "string",
Schedule = "string",
SendDenyPacket = "string",
Service = "string",
ServiceNegate = "string",
SessionTtl = "string",
SpamfilterProfile = "string",
Srcaddr = "string",
SrcaddrNegate = "string",
Srcintf = "string",
SshFilterProfile = "string",
SshPolicyRedirect = "string",
SslMirror = "string",
SslMirrorIntf = "string",
SslSshProfile = "string",
SslvpnAuth = "string",
SslvpnCcert = "string",
SslvpnCipher = "string",
Status = "string",
Tags = "string",
TcpMssReceiver = 0,
TcpMssSender = 0,
TcpSessionWithoutSyn = "string",
TimeoutSendRst = "string",
Tos = "string",
TosMask = "string",
TosNegate = "string",
TrafficShaper = "string",
TrafficShaperReverse = "string",
UrlCategory = "string",
Users = "string",
UtmInspectionMode = "string",
UtmStatus = "string",
Uuid = "string",
VlanCosFwd = 0,
VlanCosRev = 0,
VlanFilter = "string",
VoipProfile = "string",
Vpntunnel = "string",
WafProfile = "string",
Webcache = "string",
WebcacheHttps = "string",
WebfilterProfile = "string",
WebproxyForwardServer = "string",
WebproxyProfile = "string",
});
example, err := fortimanager.NewPackagesGlobalHeaderPolicy6(ctx, "packagesGlobalHeaderPolicy6Resource", &fortimanager.PackagesGlobalHeaderPolicy6Args{
Pkg: pulumi.String("string"),
_policyBlock: pulumi.Float64(0),
Action: pulumi.String("string"),
AntiReplay: pulumi.String("string"),
AppCategory: pulumi.String("string"),
AppGroup: pulumi.String("string"),
ApplicationCharts: pulumi.StringArray{
pulumi.String("string"),
},
ApplicationList: pulumi.String("string"),
Applications: pulumi.Float64Array{
pulumi.Float64(0),
},
AutoAsicOffload: pulumi.String("string"),
AvProfile: pulumi.String("string"),
CasiProfile: pulumi.String("string"),
CgnLogServerGrp: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
CustomLogFields: pulumi.String("string"),
DecryptedTrafficMirror: pulumi.String("string"),
DeepInspectionOptions: pulumi.String("string"),
DeviceDetectionPortal: pulumi.String("string"),
Devices: pulumi.String("string"),
DiffservForward: pulumi.String("string"),
DiffservReverse: pulumi.String("string"),
DiffservcodeForward: pulumi.String("string"),
DiffservcodeRev: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
DnsfilterProfile: pulumi.String("string"),
DscpMatch: pulumi.String("string"),
DscpNegate: pulumi.String("string"),
DscpValue: pulumi.String("string"),
Dsri: pulumi.String("string"),
Dstaddr: pulumi.String("string"),
DstaddrNegate: pulumi.String("string"),
Dstintf: pulumi.String("string"),
DynamicProfile: pulumi.String("string"),
DynamicProfileAccesses: pulumi.StringArray{
pulumi.String("string"),
},
DynamicProfileGroup: pulumi.String("string"),
EmailCollectionPortal: pulumi.String("string"),
EmailfilterProfile: pulumi.String("string"),
FileFilterProfile: pulumi.String("string"),
FirewallSessionDirty: pulumi.String("string"),
Fixedport: pulumi.String("string"),
Fsae: pulumi.String("string"),
FssoGroups: pulumi.String("string"),
GlobalLabel: pulumi.String("string"),
Groups: pulumi.String("string"),
HttpPolicyRedirect: pulumi.String("string"),
IcapProfile: pulumi.String("string"),
IdentityBased: pulumi.String("string"),
IdentityFrom: pulumi.String("string"),
Inbound: pulumi.String("string"),
InspectionMode: pulumi.String("string"),
Ippool: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Label: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
MmsProfile: pulumi.String("string"),
Name: pulumi.String("string"),
Nat: pulumi.String("string"),
Natinbound: pulumi.String("string"),
Natoutbound: pulumi.String("string"),
NpAccelation: pulumi.String("string"),
NpAcceleration: pulumi.String("string"),
Outbound: pulumi.String("string"),
PackagesGlobalHeaderPolicy6Id: pulumi.String("string"),
PerIpShaper: pulumi.String("string"),
PkgFolderPath: pulumi.String("string"),
PolicyOffload: pulumi.String("string"),
Policyid: pulumi.Float64(0),
Poolname: pulumi.String("string"),
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
ReplacemsgGroup: pulumi.String("string"),
ReplacemsgOverrideGroup: pulumi.String("string"),
Rsso: pulumi.String("string"),
Schedule: pulumi.String("string"),
SendDenyPacket: pulumi.String("string"),
Service: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
SessionTtl: pulumi.String("string"),
SpamfilterProfile: pulumi.String("string"),
Srcaddr: pulumi.String("string"),
SrcaddrNegate: pulumi.String("string"),
Srcintf: pulumi.String("string"),
SshFilterProfile: pulumi.String("string"),
SshPolicyRedirect: pulumi.String("string"),
SslMirror: pulumi.String("string"),
SslMirrorIntf: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
SslvpnAuth: pulumi.String("string"),
SslvpnCcert: pulumi.String("string"),
SslvpnCipher: pulumi.String("string"),
Status: pulumi.String("string"),
Tags: pulumi.String("string"),
TcpMssReceiver: pulumi.Float64(0),
TcpMssSender: pulumi.Float64(0),
TcpSessionWithoutSyn: pulumi.String("string"),
TimeoutSendRst: pulumi.String("string"),
Tos: pulumi.String("string"),
TosMask: pulumi.String("string"),
TosNegate: pulumi.String("string"),
TrafficShaper: pulumi.String("string"),
TrafficShaperReverse: pulumi.String("string"),
UrlCategory: pulumi.String("string"),
Users: pulumi.String("string"),
UtmInspectionMode: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Uuid: pulumi.String("string"),
VlanCosFwd: pulumi.Float64(0),
VlanCosRev: pulumi.Float64(0),
VlanFilter: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
Vpntunnel: pulumi.String("string"),
WafProfile: pulumi.String("string"),
Webcache: pulumi.String("string"),
WebcacheHttps: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
WebproxyForwardServer: pulumi.String("string"),
WebproxyProfile: pulumi.String("string"),
})
var packagesGlobalHeaderPolicy6Resource = new PackagesGlobalHeaderPolicy6("packagesGlobalHeaderPolicy6Resource", PackagesGlobalHeaderPolicy6Args.builder()
.pkg("string")
._policyBlock(0)
.action("string")
.antiReplay("string")
.appCategory("string")
.appGroup("string")
.applicationCharts("string")
.applicationList("string")
.applications(0)
.autoAsicOffload("string")
.avProfile("string")
.casiProfile("string")
.cgnLogServerGrp("string")
.cifsProfile("string")
.comments("string")
.customLogFields("string")
.decryptedTrafficMirror("string")
.deepInspectionOptions("string")
.deviceDetectionPortal("string")
.devices("string")
.diffservForward("string")
.diffservReverse("string")
.diffservcodeForward("string")
.diffservcodeRev("string")
.dlpSensor("string")
.dnsfilterProfile("string")
.dscpMatch("string")
.dscpNegate("string")
.dscpValue("string")
.dsri("string")
.dstaddr("string")
.dstaddrNegate("string")
.dstintf("string")
.dynamicProfile("string")
.dynamicProfileAccesses("string")
.dynamicProfileGroup("string")
.emailCollectionPortal("string")
.emailfilterProfile("string")
.fileFilterProfile("string")
.firewallSessionDirty("string")
.fixedport("string")
.fsae("string")
.fssoGroups("string")
.globalLabel("string")
.groups("string")
.httpPolicyRedirect("string")
.icapProfile("string")
.identityBased("string")
.identityFrom("string")
.inbound("string")
.inspectionMode("string")
.ippool("string")
.ipsSensor("string")
.label("string")
.logtraffic("string")
.logtrafficStart("string")
.mmsProfile("string")
.name("string")
.nat("string")
.natinbound("string")
.natoutbound("string")
.npAccelation("string")
.npAcceleration("string")
.outbound("string")
.packagesGlobalHeaderPolicy6Id("string")
.perIpShaper("string")
.pkgFolderPath("string")
.policyOffload("string")
.policyid(0)
.poolname("string")
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.replacemsgGroup("string")
.replacemsgOverrideGroup("string")
.rsso("string")
.schedule("string")
.sendDenyPacket("string")
.service("string")
.serviceNegate("string")
.sessionTtl("string")
.spamfilterProfile("string")
.srcaddr("string")
.srcaddrNegate("string")
.srcintf("string")
.sshFilterProfile("string")
.sshPolicyRedirect("string")
.sslMirror("string")
.sslMirrorIntf("string")
.sslSshProfile("string")
.sslvpnAuth("string")
.sslvpnCcert("string")
.sslvpnCipher("string")
.status("string")
.tags("string")
.tcpMssReceiver(0)
.tcpMssSender(0)
.tcpSessionWithoutSyn("string")
.timeoutSendRst("string")
.tos("string")
.tosMask("string")
.tosNegate("string")
.trafficShaper("string")
.trafficShaperReverse("string")
.urlCategory("string")
.users("string")
.utmInspectionMode("string")
.utmStatus("string")
.uuid("string")
.vlanCosFwd(0)
.vlanCosRev(0)
.vlanFilter("string")
.voipProfile("string")
.vpntunnel("string")
.wafProfile("string")
.webcache("string")
.webcacheHttps("string")
.webfilterProfile("string")
.webproxyForwardServer("string")
.webproxyProfile("string")
.build());
packages_global_header_policy6_resource = fortimanager.PackagesGlobalHeaderPolicy6("packagesGlobalHeaderPolicy6Resource",
pkg="string",
_policy_block=0,
action="string",
anti_replay="string",
app_category="string",
app_group="string",
application_charts=["string"],
application_list="string",
applications=[0],
auto_asic_offload="string",
av_profile="string",
casi_profile="string",
cgn_log_server_grp="string",
cifs_profile="string",
comments="string",
custom_log_fields="string",
decrypted_traffic_mirror="string",
deep_inspection_options="string",
device_detection_portal="string",
devices="string",
diffserv_forward="string",
diffserv_reverse="string",
diffservcode_forward="string",
diffservcode_rev="string",
dlp_sensor="string",
dnsfilter_profile="string",
dscp_match="string",
dscp_negate="string",
dscp_value="string",
dsri="string",
dstaddr="string",
dstaddr_negate="string",
dstintf="string",
dynamic_profile="string",
dynamic_profile_accesses=["string"],
dynamic_profile_group="string",
email_collection_portal="string",
emailfilter_profile="string",
file_filter_profile="string",
firewall_session_dirty="string",
fixedport="string",
fsae="string",
fsso_groups="string",
global_label="string",
groups="string",
http_policy_redirect="string",
icap_profile="string",
identity_based="string",
identity_from="string",
inbound="string",
inspection_mode="string",
ippool="string",
ips_sensor="string",
label="string",
logtraffic="string",
logtraffic_start="string",
mms_profile="string",
name="string",
nat="string",
natinbound="string",
natoutbound="string",
np_accelation="string",
np_acceleration="string",
outbound="string",
packages_global_header_policy6_id="string",
per_ip_shaper="string",
pkg_folder_path="string",
policy_offload="string",
policyid=0,
poolname="string",
profile_group="string",
profile_protocol_options="string",
profile_type="string",
replacemsg_group="string",
replacemsg_override_group="string",
rsso="string",
schedule="string",
send_deny_packet="string",
service="string",
service_negate="string",
session_ttl="string",
spamfilter_profile="string",
srcaddr="string",
srcaddr_negate="string",
srcintf="string",
ssh_filter_profile="string",
ssh_policy_redirect="string",
ssl_mirror="string",
ssl_mirror_intf="string",
ssl_ssh_profile="string",
sslvpn_auth="string",
sslvpn_ccert="string",
sslvpn_cipher="string",
status="string",
tags="string",
tcp_mss_receiver=0,
tcp_mss_sender=0,
tcp_session_without_syn="string",
timeout_send_rst="string",
tos="string",
tos_mask="string",
tos_negate="string",
traffic_shaper="string",
traffic_shaper_reverse="string",
url_category="string",
users="string",
utm_inspection_mode="string",
utm_status="string",
uuid="string",
vlan_cos_fwd=0,
vlan_cos_rev=0,
vlan_filter="string",
voip_profile="string",
vpntunnel="string",
waf_profile="string",
webcache="string",
webcache_https="string",
webfilter_profile="string",
webproxy_forward_server="string",
webproxy_profile="string")
const packagesGlobalHeaderPolicy6Resource = new fortimanager.PackagesGlobalHeaderPolicy6("packagesGlobalHeaderPolicy6Resource", {
pkg: "string",
_policyBlock: 0,
action: "string",
antiReplay: "string",
appCategory: "string",
appGroup: "string",
applicationCharts: ["string"],
applicationList: "string",
applications: [0],
autoAsicOffload: "string",
avProfile: "string",
casiProfile: "string",
cgnLogServerGrp: "string",
cifsProfile: "string",
comments: "string",
customLogFields: "string",
decryptedTrafficMirror: "string",
deepInspectionOptions: "string",
deviceDetectionPortal: "string",
devices: "string",
diffservForward: "string",
diffservReverse: "string",
diffservcodeForward: "string",
diffservcodeRev: "string",
dlpSensor: "string",
dnsfilterProfile: "string",
dscpMatch: "string",
dscpNegate: "string",
dscpValue: "string",
dsri: "string",
dstaddr: "string",
dstaddrNegate: "string",
dstintf: "string",
dynamicProfile: "string",
dynamicProfileAccesses: ["string"],
dynamicProfileGroup: "string",
emailCollectionPortal: "string",
emailfilterProfile: "string",
fileFilterProfile: "string",
firewallSessionDirty: "string",
fixedport: "string",
fsae: "string",
fssoGroups: "string",
globalLabel: "string",
groups: "string",
httpPolicyRedirect: "string",
icapProfile: "string",
identityBased: "string",
identityFrom: "string",
inbound: "string",
inspectionMode: "string",
ippool: "string",
ipsSensor: "string",
label: "string",
logtraffic: "string",
logtrafficStart: "string",
mmsProfile: "string",
name: "string",
nat: "string",
natinbound: "string",
natoutbound: "string",
npAccelation: "string",
npAcceleration: "string",
outbound: "string",
packagesGlobalHeaderPolicy6Id: "string",
perIpShaper: "string",
pkgFolderPath: "string",
policyOffload: "string",
policyid: 0,
poolname: "string",
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
replacemsgGroup: "string",
replacemsgOverrideGroup: "string",
rsso: "string",
schedule: "string",
sendDenyPacket: "string",
service: "string",
serviceNegate: "string",
sessionTtl: "string",
spamfilterProfile: "string",
srcaddr: "string",
srcaddrNegate: "string",
srcintf: "string",
sshFilterProfile: "string",
sshPolicyRedirect: "string",
sslMirror: "string",
sslMirrorIntf: "string",
sslSshProfile: "string",
sslvpnAuth: "string",
sslvpnCcert: "string",
sslvpnCipher: "string",
status: "string",
tags: "string",
tcpMssReceiver: 0,
tcpMssSender: 0,
tcpSessionWithoutSyn: "string",
timeoutSendRst: "string",
tos: "string",
tosMask: "string",
tosNegate: "string",
trafficShaper: "string",
trafficShaperReverse: "string",
urlCategory: "string",
users: "string",
utmInspectionMode: "string",
utmStatus: "string",
uuid: "string",
vlanCosFwd: 0,
vlanCosRev: 0,
vlanFilter: "string",
voipProfile: "string",
vpntunnel: "string",
wafProfile: "string",
webcache: "string",
webcacheHttps: "string",
webfilterProfile: "string",
webproxyForwardServer: "string",
webproxyProfile: "string",
});
type: fortimanager:PackagesGlobalHeaderPolicy6
properties:
_policyBlock: 0
action: string
antiReplay: string
appCategory: string
appGroup: string
applicationCharts:
- string
applicationList: string
applications:
- 0
autoAsicOffload: string
avProfile: string
casiProfile: string
cgnLogServerGrp: string
cifsProfile: string
comments: string
customLogFields: string
decryptedTrafficMirror: string
deepInspectionOptions: string
deviceDetectionPortal: string
devices: string
diffservForward: string
diffservReverse: string
diffservcodeForward: string
diffservcodeRev: string
dlpSensor: string
dnsfilterProfile: string
dscpMatch: string
dscpNegate: string
dscpValue: string
dsri: string
dstaddr: string
dstaddrNegate: string
dstintf: string
dynamicProfile: string
dynamicProfileAccesses:
- string
dynamicProfileGroup: string
emailCollectionPortal: string
emailfilterProfile: string
fileFilterProfile: string
firewallSessionDirty: string
fixedport: string
fsae: string
fssoGroups: string
globalLabel: string
groups: string
httpPolicyRedirect: string
icapProfile: string
identityBased: string
identityFrom: string
inbound: string
inspectionMode: string
ippool: string
ipsSensor: string
label: string
logtraffic: string
logtrafficStart: string
mmsProfile: string
name: string
nat: string
natinbound: string
natoutbound: string
npAccelation: string
npAcceleration: string
outbound: string
packagesGlobalHeaderPolicy6Id: string
perIpShaper: string
pkg: string
pkgFolderPath: string
policyOffload: string
policyid: 0
poolname: string
profileGroup: string
profileProtocolOptions: string
profileType: string
replacemsgGroup: string
replacemsgOverrideGroup: string
rsso: string
schedule: string
sendDenyPacket: string
service: string
serviceNegate: string
sessionTtl: string
spamfilterProfile: string
srcaddr: string
srcaddrNegate: string
srcintf: string
sshFilterProfile: string
sshPolicyRedirect: string
sslMirror: string
sslMirrorIntf: string
sslSshProfile: string
sslvpnAuth: string
sslvpnCcert: string
sslvpnCipher: string
status: string
tags: string
tcpMssReceiver: 0
tcpMssSender: 0
tcpSessionWithoutSyn: string
timeoutSendRst: string
tos: string
tosMask: string
tosNegate: string
trafficShaper: string
trafficShaperReverse: string
urlCategory: string
users: string
utmInspectionMode: string
utmStatus: string
uuid: string
vlanCosFwd: 0
vlanCosRev: 0
vlanFilter: string
voipProfile: string
vpntunnel: string
wafProfile: string
webcache: string
webcacheHttps: string
webfilterProfile: string
webproxyForwardServer: string
webproxyProfile: string
PackagesGlobalHeaderPolicy6 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PackagesGlobalHeaderPolicy6 resource accepts the following input properties:
- Pkg
This property is required. string - Package.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - App
Category string - Application category ID list.
- App
Group string - Application group names.
- Application
Charts List<string> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - Application
List string - Name of an existing Application list.
- Applications List<double>
- Application ID list.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Casi
Profile string - Casi-Profile.
- Cgn
Log stringServer Grp - NP log server group name
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- Decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- Deep
Inspection stringOptions - Deep-Inspection-Options.
- Device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - Devices string
- Devices.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dscp
Match string - Dscp-Match. Valid values:
disable,enable. - Dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - Dscp
Value string - Dscp-Value.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - Dstaddr string
- Destination address and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Dynamic
Profile List<string>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - Dynamic
Profile stringGroup - Dynamic-Profile-Group.
- Email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - File-Filter-Profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsae string
- Fsae. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Identity
Based string - Identity-Based. Valid values:
disable,enable. - Identity
From string - Identity-From. Valid values:
auth,device. - Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - Np
Accelation string - Np-Accelation. Valid values:
disable,enable. - Np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - Policyid double
- Policy ID (0 - 4294967294).
- Poolname string
- IP Pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Replacemsg
Group string - Replacemsg-Group.
- Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Spamfilter-Profile.
- Srcaddr string
- Source address and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - Ssl
Mirror stringIntf - SSL mirror interface name.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - Sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - Sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - Status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- Tcp
Mss doubleReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss doubleSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - URL category ID list.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vlan
Cos doubleFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos doubleRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Pkg
This property is required. string - Package.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - App
Category string - Application category ID list.
- App
Group string - Application group names.
- Application
Charts []string - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - Application
List string - Name of an existing Application list.
- Applications []float64
- Application ID list.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Casi
Profile string - Casi-Profile.
- Cgn
Log stringServer Grp - NP log server group name
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- Decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- Deep
Inspection stringOptions - Deep-Inspection-Options.
- Device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - Devices string
- Devices.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dscp
Match string - Dscp-Match. Valid values:
disable,enable. - Dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - Dscp
Value string - Dscp-Value.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - Dstaddr string
- Destination address and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Dynamic
Profile []stringAccesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - Dynamic
Profile stringGroup - Dynamic-Profile-Group.
- Email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - File-Filter-Profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsae string
- Fsae. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Identity
Based string - Identity-Based. Valid values:
disable,enable. - Identity
From string - Identity-From. Valid values:
auth,device. - Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - Np
Accelation string - Np-Accelation. Valid values:
disable,enable. - Np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - Policyid float64
- Policy ID (0 - 4294967294).
- Poolname string
- IP Pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Replacemsg
Group string - Replacemsg-Group.
- Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Spamfilter-Profile.
- Srcaddr string
- Source address and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - Ssl
Mirror stringIntf - SSL mirror interface name.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - Sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - Sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - Status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- Tcp
Mss float64Receiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss float64Sender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - URL category ID list.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vlan
Cos float64Fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos float64Rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- pkg
This property is required. String - Package.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay String - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category String - Application category ID list.
- app
Group String - Application group names.
- application
Charts List<String> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List String - Name of an existing Application list.
- applications List<Double>
- Application ID list.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- casi
Profile String - Casi-Profile.
- cgn
Log StringServer Grp - NP log server group name
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log StringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic StringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection StringOptions - Deep-Inspection-Options.
- device
Detection StringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices String
- Devices.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dscp
Match String - Dscp-Match. Valid values:
disable,enable. - dscp
Negate String - Dscp-Negate. Valid values:
disable,enable. - dscp
Value String - Dscp-Value.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr String
- Destination address and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile List<String>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile StringGroup - Dynamic-Profile-Group.
- email
Collection StringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - File-Filter-Profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae String
- Fsae. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- identity
Based String - Identity-Based. Valid values:
disable,enable. - identity
From String - Identity-From. Valid values:
auth,device. - inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation String - Np-Accelation. Valid values:
disable,enable. - np
Acceleration String - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global StringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg
Folder StringPath - Pkg Folder Path.
- policy
Offload String - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid Double
- Policy ID (0 - 4294967294).
- poolname String
- IP Pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group String - Replacemsg-Group.
- replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl String - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Spamfilter-Profile.
- srcaddr String
- Source address and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror StringIntf - SSL mirror interface name.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth String - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert String - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher String - Sslvpn-Cipher. Valid values:
any,high,medium. - status String
- Enable or disable this policy. Valid values:
disable,enable. - String
- Tags.
- tcp
Mss DoubleReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss DoubleSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - URL category ID list.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Inspection StringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos DoubleFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos DoubleRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- pkg
This property is required. string - Package.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category string - Application category ID list.
- app
Group string - Application group names.
- application
Charts string[] - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List string - Name of an existing Application list.
- applications number[]
- Application ID list.
- auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile string - Name of an existing Antivirus profile.
- casi
Profile string - Casi-Profile.
- cgn
Log stringServer Grp - NP log server group name
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection stringOptions - Deep-Inspection-Options.
- device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices string
- Devices.
- diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dscp
Match string - Dscp-Match. Valid values:
disable,enable. - dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - dscp
Value string - Dscp-Value.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr string
- Destination address and address group names.
- dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf string
- Outgoing (egress) interface.
- dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile string[]Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile stringGroup - Dynamic-Profile-Group.
- email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - File-Filter-Profile.
- firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae string
- Fsae. Valid values:
disable,enable. - fsso
Groups string - Names of FSSO groups.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups string
- Names of user groups that can authenticate with this policy.
- http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- identity
Based string - Identity-Based. Valid values:
disable,enable. - identity
From string - Identity-From. Valid values:
auth,device. - inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation string - Np-Accelation. Valid values:
disable,enable. - np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip stringShaper - Per-IP traffic shaper.
- pkg
Folder stringPath - Pkg Folder Path.
- policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid number
- Policy ID (0 - 4294967294).
- poolname string
- IP Pool names.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group string - Replacemsg-Group.
- replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule string
- Schedule name.
- send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service string
- Service and service group names.
- service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile string - Spamfilter-Profile.
- srcaddr string
- Source address and address group names.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf string
- Incoming (ingress) interface.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror stringIntf - SSL mirror interface name.
- ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos string
- ToS (Type of Service) value used for comparison.
- tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper string - Reverse traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Category string - URL category ID list.
- users string
- Names of individual users that can authenticate with this policy.
- utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos numberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos numberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter string - Set VLAN filters.
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- pkg
This property is required. str - Package.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action str
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti_
replay str - Enable/disable anti-replay check. Valid values:
disable,enable. - app_
category str - Application category ID list.
- app_
group str - Application group names.
- application_
charts Sequence[str] - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application_
list str - Name of an existing Application list.
- applications Sequence[float]
- Application ID list.
- auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av_
profile str - Name of an existing Antivirus profile.
- casi_
profile str - Casi-Profile.
- cgn_
log_ strserver_ grp - NP log server group name
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- custom_
log_ strfields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted_
traffic_ strmirror - Decrypted-Traffic-Mirror.
- deep_
inspection_ stroptions - Deep-Inspection-Options.
- device_
detection_ strportal - Device-Detection-Portal. Valid values:
disable,enable. - devices str
- Devices.
- diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dscp_
match str - Dscp-Match. Valid values:
disable,enable. - dscp_
negate str - Dscp-Negate. Valid values:
disable,enable. - dscp_
value str - Dscp-Value.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr str
- Destination address and address group names.
- dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf str
- Outgoing (egress) interface.
- dynamic_
profile str - Dynamic-Profile. Valid values:
disable,enable. - dynamic_
profile_ Sequence[str]accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic_
profile_ strgroup - Dynamic-Profile-Group.
- email_
collection_ strportal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - File-Filter-Profile.
- firewall_
session_ strdirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae str
- Fsae. Valid values:
disable,enable. - fsso_
groups str - Names of FSSO groups.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups str
- Names of user groups that can authenticate with this policy.
- http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- identity_
based str - Identity-Based. Valid values:
disable,enable. - identity_
from str - Identity-From. Valid values:
auth,device. - inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic_
start str - Record logs when a session starts. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np_
accelation str - Np-Accelation. Valid values:
disable,enable. - np_
acceleration str - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages_
global_ strheader_ policy6_ id - an identifier for the resource with format {{policyid}}.
- per_
ip_ strshaper - Per-IP traffic shaper.
- pkg_
folder_ strpath - Pkg Folder Path.
- policy_
offload str - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid float
- Policy ID (0 - 4294967294).
- poolname str
- IP Pool names.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg_
group str - Replacemsg-Group.
- replacemsg_
override_ strgroup - Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule str
- Schedule name.
- send_
deny_ strpacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service str
- Service and service group names.
- service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session_
ttl str - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_
profile str - Spamfilter-Profile.
- srcaddr str
- Source address and address group names.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf str
- Incoming (ingress) interface.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
mirror str - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl_
mirror_ strintf - SSL mirror interface name.
- ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- sslvpn_
auth str - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn_
ccert str - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn_
cipher str - Sslvpn-Cipher. Valid values:
any,high,medium. - status str
- Enable or disable this policy. Valid values:
disable,enable. - str
- Tags.
- tcp_
mss_ floatreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ floatsender - Sender TCP maximum segment size (MSS).
- tcp_
session_ strwithout_ syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout_
send_ strrst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos str
- ToS (Type of Service) value used for comparison.
- tos_
mask str - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_
negate str - Enable negated TOS match. Valid values:
disable,enable. - traffic_
shaper str - Reverse traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
category str - URL category ID list.
- users str
- Names of individual users that can authenticate with this policy.
- utm_
inspection_ strmode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm_
status str - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan_
cos_ floatfwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
cos_ floatrev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
filter str - Set VLAN filters.
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values:
disable,enable. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- pkg
This property is required. String - Package.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay String - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category String - Application category ID list.
- app
Group String - Application group names.
- application
Charts List<String> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List String - Name of an existing Application list.
- applications List<Number>
- Application ID list.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- casi
Profile String - Casi-Profile.
- cgn
Log StringServer Grp - NP log server group name
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log StringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic StringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection StringOptions - Deep-Inspection-Options.
- device
Detection StringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices String
- Devices.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dscp
Match String - Dscp-Match. Valid values:
disable,enable. - dscp
Negate String - Dscp-Negate. Valid values:
disable,enable. - dscp
Value String - Dscp-Value.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr String
- Destination address and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile List<String>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile StringGroup - Dynamic-Profile-Group.
- email
Collection StringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - File-Filter-Profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae String
- Fsae. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- identity
Based String - Identity-Based. Valid values:
disable,enable. - identity
From String - Identity-From. Valid values:
auth,device. - inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation String - Np-Accelation. Valid values:
disable,enable. - np
Acceleration String - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global StringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg
Folder StringPath - Pkg Folder Path.
- policy
Offload String - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid Number
- Policy ID (0 - 4294967294).
- poolname String
- IP Pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group String - Replacemsg-Group.
- replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl String - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Spamfilter-Profile.
- srcaddr String
- Source address and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror StringIntf - SSL mirror interface name.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth String - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert String - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher String - Sslvpn-Cipher. Valid values:
any,high,medium. - status String
- Enable or disable this policy. Valid values:
disable,enable. - String
- Tags.
- tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - URL category ID list.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Inspection StringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos NumberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos NumberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the PackagesGlobalHeaderPolicy6 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PackagesGlobalHeaderPolicy6 Resource
Get an existing PackagesGlobalHeaderPolicy6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PackagesGlobalHeaderPolicy6State, opts?: CustomResourceOptions): PackagesGlobalHeaderPolicy6@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_policy_block: Optional[float] = None,
action: Optional[str] = None,
anti_replay: Optional[str] = None,
app_category: Optional[str] = None,
app_group: Optional[str] = None,
application_charts: Optional[Sequence[str]] = None,
application_list: Optional[str] = None,
applications: Optional[Sequence[float]] = None,
auto_asic_offload: Optional[str] = None,
av_profile: Optional[str] = None,
casi_profile: Optional[str] = None,
cgn_log_server_grp: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
custom_log_fields: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
deep_inspection_options: Optional[str] = None,
device_detection_portal: Optional[str] = None,
devices: Optional[str] = None,
diffserv_forward: Optional[str] = None,
diffserv_reverse: Optional[str] = None,
diffservcode_forward: Optional[str] = None,
diffservcode_rev: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profile: Optional[str] = None,
dscp_match: Optional[str] = None,
dscp_negate: Optional[str] = None,
dscp_value: Optional[str] = None,
dsri: Optional[str] = None,
dstaddr: Optional[str] = None,
dstaddr_negate: Optional[str] = None,
dstintf: Optional[str] = None,
dynamic_profile: Optional[str] = None,
dynamic_profile_accesses: Optional[Sequence[str]] = None,
dynamic_profile_group: Optional[str] = None,
email_collection_portal: Optional[str] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fixedport: Optional[str] = None,
fsae: Optional[str] = None,
fsso_groups: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[str] = None,
http_policy_redirect: Optional[str] = None,
icap_profile: Optional[str] = None,
identity_based: Optional[str] = None,
identity_from: Optional[str] = None,
inbound: Optional[str] = None,
inspection_mode: Optional[str] = None,
ippool: Optional[str] = None,
ips_sensor: Optional[str] = None,
label: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
nat: Optional[str] = None,
natinbound: Optional[str] = None,
natoutbound: Optional[str] = None,
np_accelation: Optional[str] = None,
np_acceleration: Optional[str] = None,
outbound: Optional[str] = None,
packages_global_header_policy6_id: Optional[str] = None,
per_ip_shaper: Optional[str] = None,
pkg: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policy_offload: Optional[str] = None,
policyid: Optional[float] = None,
poolname: Optional[str] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
replacemsg_group: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
rsso: Optional[str] = None,
schedule: Optional[str] = None,
send_deny_packet: Optional[str] = None,
service: Optional[str] = None,
service_negate: Optional[str] = None,
session_ttl: Optional[str] = None,
spamfilter_profile: Optional[str] = None,
srcaddr: Optional[str] = None,
srcaddr_negate: Optional[str] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_mirror: Optional[str] = None,
ssl_mirror_intf: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
sslvpn_auth: Optional[str] = None,
sslvpn_ccert: Optional[str] = None,
sslvpn_cipher: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[str] = None,
tcp_mss_receiver: Optional[float] = None,
tcp_mss_sender: Optional[float] = None,
tcp_session_without_syn: Optional[str] = None,
timeout_send_rst: Optional[str] = None,
tos: Optional[str] = None,
tos_mask: Optional[str] = None,
tos_negate: Optional[str] = None,
traffic_shaper: Optional[str] = None,
traffic_shaper_reverse: Optional[str] = None,
url_category: Optional[str] = None,
users: Optional[str] = None,
utm_inspection_mode: Optional[str] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
vlan_cos_fwd: Optional[float] = None,
vlan_cos_rev: Optional[float] = None,
vlan_filter: Optional[str] = None,
voip_profile: Optional[str] = None,
vpntunnel: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None) -> PackagesGlobalHeaderPolicy6func GetPackagesGlobalHeaderPolicy6(ctx *Context, name string, id IDInput, state *PackagesGlobalHeaderPolicy6State, opts ...ResourceOption) (*PackagesGlobalHeaderPolicy6, error)public static PackagesGlobalHeaderPolicy6 Get(string name, Input<string> id, PackagesGlobalHeaderPolicy6State? state, CustomResourceOptions? opts = null)public static PackagesGlobalHeaderPolicy6 get(String name, Output<String> id, PackagesGlobalHeaderPolicy6State state, CustomResourceOptions options)resources: _: type: fortimanager:PackagesGlobalHeaderPolicy6 get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - App
Category string - Application category ID list.
- App
Group string - Application group names.
- Application
Charts List<string> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - Application
List string - Name of an existing Application list.
- Applications List<double>
- Application ID list.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Casi
Profile string - Casi-Profile.
- Cgn
Log stringServer Grp - NP log server group name
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- Decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- Deep
Inspection stringOptions - Deep-Inspection-Options.
- Device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - Devices string
- Devices.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dscp
Match string - Dscp-Match. Valid values:
disable,enable. - Dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - Dscp
Value string - Dscp-Value.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - Dstaddr string
- Destination address and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Dynamic
Profile List<string>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - Dynamic
Profile stringGroup - Dynamic-Profile-Group.
- Email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - File-Filter-Profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsae string
- Fsae. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Identity
Based string - Identity-Based. Valid values:
disable,enable. - Identity
From string - Identity-From. Valid values:
auth,device. - Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - Np
Accelation string - Np-Accelation. Valid values:
disable,enable. - Np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - Policyid double
- Policy ID (0 - 4294967294).
- Poolname string
- IP Pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Replacemsg
Group string - Replacemsg-Group.
- Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Spamfilter-Profile.
- Srcaddr string
- Source address and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - Ssl
Mirror stringIntf - SSL mirror interface name.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - Sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - Sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - Status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- Tcp
Mss doubleReceiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss doubleSender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - URL category ID list.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vlan
Cos doubleFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos doubleRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - Anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - App
Category string - Application category ID list.
- App
Group string - Application group names.
- Application
Charts []string - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - Application
List string - Name of an existing Application list.
- Applications []float64
- Application ID list.
- Auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - Av
Profile string - Name of an existing Antivirus profile.
- Casi
Profile string - Casi-Profile.
- Cgn
Log stringServer Grp - NP log server group name
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Comment.
- Custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- Decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- Deep
Inspection stringOptions - Deep-Inspection-Options.
- Device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - Devices string
- Devices.
- Diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - Diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - Diffservcode
Forward string - Change packet's DiffServ to this value.
- Diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profile string - Name of an existing DNS filter profile.
- Dscp
Match string - Dscp-Match. Valid values:
disable,enable. - Dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - Dscp
Value string - Dscp-Value.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - Dstaddr string
- Destination address and address group names.
- Dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - Dstintf string
- Outgoing (egress) interface.
- Dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - Dynamic
Profile []stringAccesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - Dynamic
Profile stringGroup - Dynamic-Profile-Group.
- Email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - File-Filter-Profile.
- Firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - Fsae string
- Fsae. Valid values:
disable,enable. - Fsso
Groups string - Names of FSSO groups.
- Global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- Groups string
- Names of user groups that can authenticate with this policy.
- Http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Identity
Based string - Identity-Based. Valid values:
disable,enable. - Identity
From string - Identity-From. Valid values:
auth,device. - Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - Inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - Ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - Logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values:
disable,enable. - Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - Np
Accelation string - Np-Accelation. Valid values:
disable,enable. - Np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - Packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- Per
Ip stringShaper - Per-IP traffic shaper.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - Policyid float64
- Policy ID (0 - 4294967294).
- Poolname string
- IP Pool names.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Replacemsg
Group string - Replacemsg-Group.
- Replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - Schedule string
- Schedule name.
- Send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - Service string
- Service and service group names.
- Service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - Session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- Spamfilter
Profile string - Spamfilter-Profile.
- Srcaddr string
- Source address and address group names.
- Srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - Srcintf string
- Incoming (ingress) interface.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - Ssl
Mirror stringIntf - SSL mirror interface name.
- Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - Sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - Sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - Status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- Tcp
Mss float64Receiver - Receiver TCP maximum segment size (MSS).
- Tcp
Mss float64Sender - Sender TCP maximum segment size (MSS).
- Tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - Timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - Tos string
- ToS (Type of Service) value used for comparison.
- Tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- Tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - Traffic
Shaper string - Reverse traffic shaper.
- Traffic
Shaper stringReverse - Reverse traffic shaper.
- Url
Category string - URL category ID list.
- Users string
- Names of individual users that can authenticate with this policy.
- Utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - Utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vlan
Cos float64Fwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Cos float64Rev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- Vlan
Filter string - Set VLAN filters.
- Voip
Profile string - Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Webproxy profile name.
- _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay String - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category String - Application category ID list.
- app
Group String - Application group names.
- application
Charts List<String> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List String - Name of an existing Application list.
- applications List<Double>
- Application ID list.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- casi
Profile String - Casi-Profile.
- cgn
Log StringServer Grp - NP log server group name
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log StringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic StringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection StringOptions - Deep-Inspection-Options.
- device
Detection StringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices String
- Devices.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dscp
Match String - Dscp-Match. Valid values:
disable,enable. - dscp
Negate String - Dscp-Negate. Valid values:
disable,enable. - dscp
Value String - Dscp-Value.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr String
- Destination address and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile List<String>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile StringGroup - Dynamic-Profile-Group.
- email
Collection StringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - File-Filter-Profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae String
- Fsae. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- identity
Based String - Identity-Based. Valid values:
disable,enable. - identity
From String - Identity-From. Valid values:
auth,device. - inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation String - Np-Accelation. Valid values:
disable,enable. - np
Acceleration String - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global StringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policy
Offload String - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid Double
- Policy ID (0 - 4294967294).
- poolname String
- IP Pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group String - Replacemsg-Group.
- replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl String - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Spamfilter-Profile.
- srcaddr String
- Source address and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror StringIntf - SSL mirror interface name.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth String - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert String - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher String - Sslvpn-Cipher. Valid values:
any,high,medium. - status String
- Enable or disable this policy. Valid values:
disable,enable. - String
- Tags.
- tcp
Mss DoubleReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss DoubleSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - URL category ID list.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Inspection StringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos DoubleFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos DoubleRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action string
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay string - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category string - Application category ID list.
- app
Group string - Application group names.
- application
Charts string[] - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List string - Name of an existing Application list.
- applications number[]
- Application ID list.
- auto
Asic stringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile string - Name of an existing Antivirus profile.
- casi
Profile string - Casi-Profile.
- cgn
Log stringServer Grp - NP log server group name
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Comment.
- custom
Log stringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic stringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection stringOptions - Deep-Inspection-Options.
- device
Detection stringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices string
- Devices.
- diffserv
Forward string - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse string - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward string - Change packet's DiffServ to this value.
- diffservcode
Rev string - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profile string - Name of an existing DNS filter profile.
- dscp
Match string - Dscp-Match. Valid values:
disable,enable. - dscp
Negate string - Dscp-Negate. Valid values:
disable,enable. - dscp
Value string - Dscp-Value.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr string
- Destination address and address group names.
- dstaddr
Negate string - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf string
- Outgoing (egress) interface.
- dynamic
Profile string - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile string[]Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile stringGroup - Dynamic-Profile-Group.
- email
Collection stringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - File-Filter-Profile.
- firewall
Session stringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae string
- Fsae. Valid values:
disable,enable. - fsso
Groups string - Names of FSSO groups.
- global
Label string - Label for the policy that appears when the GUI is in Global View mode.
- groups string
- Names of user groups that can authenticate with this policy.
- http
Policy stringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- identity
Based string - Identity-Based. Valid values:
disable,enable. - identity
From string - Identity-From. Valid values:
auth,device. - inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode string - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool string
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start string - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation string - Np-Accelation. Valid values:
disable,enable. - np
Acceleration string - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global stringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip stringShaper - Per-IP traffic shaper.
- pkg string
- Package.
- pkg
Folder stringPath - Pkg Folder Path.
- policy
Offload string - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid number
- Policy ID (0 - 4294967294).
- poolname string
- IP Pool names.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group string - Replacemsg-Group.
- replacemsg
Override stringGroup - Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule string
- Schedule name.
- send
Deny stringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service string
- Service and service group names.
- service
Negate string - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl string - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile string - Spamfilter-Profile.
- srcaddr string
- Source address and address group names.
- srcaddr
Negate string - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf string
- Incoming (ingress) interface.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror string - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror stringIntf - SSL mirror interface name.
- ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth string - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert string - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher string - Sslvpn-Cipher. Valid values:
any,high,medium. - status string
- Enable or disable this policy. Valid values:
disable,enable. - string
- Tags.
- tcp
Mss numberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss numberSender - Sender TCP maximum segment size (MSS).
- tcp
Session stringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send stringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos string
- ToS (Type of Service) value used for comparison.
- tos
Mask string - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate string - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper string - Reverse traffic shaper.
- traffic
Shaper stringReverse - Reverse traffic shaper.
- url
Category string - URL category ID list.
- users string
- Names of individual users that can authenticate with this policy.
- utm
Inspection stringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status string - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos numberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos numberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter string - Set VLAN filters.
- voip
Profile string - Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https string - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Webproxy profile name.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action str
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti_
replay str - Enable/disable anti-replay check. Valid values:
disable,enable. - app_
category str - Application category ID list.
- app_
group str - Application group names.
- application_
charts Sequence[str] - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application_
list str - Name of an existing Application list.
- applications Sequence[float]
- Application ID list.
- auto_
asic_ stroffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av_
profile str - Name of an existing Antivirus profile.
- casi_
profile str - Casi-Profile.
- cgn_
log_ strserver_ grp - NP log server group name
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Comment.
- custom_
log_ strfields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted_
traffic_ strmirror - Decrypted-Traffic-Mirror.
- deep_
inspection_ stroptions - Deep-Inspection-Options.
- device_
detection_ strportal - Device-Detection-Portal. Valid values:
disable,enable. - devices str
- Devices.
- diffserv_
forward str - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv_
reverse str - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode_
forward str - Change packet's DiffServ to this value.
- diffservcode_
rev str - Change packet's reverse (reply) DiffServ to this value.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profile str - Name of an existing DNS filter profile.
- dscp_
match str - Dscp-Match. Valid values:
disable,enable. - dscp_
negate str - Dscp-Negate. Valid values:
disable,enable. - dscp_
value str - Dscp-Value.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr str
- Destination address and address group names.
- dstaddr_
negate str - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf str
- Outgoing (egress) interface.
- dynamic_
profile str - Dynamic-Profile. Valid values:
disable,enable. - dynamic_
profile_ Sequence[str]accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic_
profile_ strgroup - Dynamic-Profile-Group.
- email_
collection_ strportal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - File-Filter-Profile.
- firewall_
session_ strdirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae str
- Fsae. Valid values:
disable,enable. - fsso_
groups str - Names of FSSO groups.
- global_
label str - Label for the policy that appears when the GUI is in Global View mode.
- groups str
- Names of user groups that can authenticate with this policy.
- http_
policy_ strredirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- identity_
based str - Identity-Based. Valid values:
disable,enable. - identity_
from str - Identity-From. Valid values:
auth,device. - inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection_
mode str - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool str
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic_
start str - Record logs when a session starts. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np_
accelation str - Np-Accelation. Valid values:
disable,enable. - np_
acceleration str - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages_
global_ strheader_ policy6_ id - an identifier for the resource with format {{policyid}}.
- per_
ip_ strshaper - Per-IP traffic shaper.
- pkg str
- Package.
- pkg_
folder_ strpath - Pkg Folder Path.
- policy_
offload str - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid float
- Policy ID (0 - 4294967294).
- poolname str
- IP Pool names.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg_
group str - Replacemsg-Group.
- replacemsg_
override_ strgroup - Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule str
- Schedule name.
- send_
deny_ strpacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service str
- Service and service group names.
- service_
negate str - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session_
ttl str - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_
profile str - Spamfilter-Profile.
- srcaddr str
- Source address and address group names.
- srcaddr_
negate str - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf str
- Incoming (ingress) interface.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
mirror str - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl_
mirror_ strintf - SSL mirror interface name.
- ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- sslvpn_
auth str - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn_
ccert str - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn_
cipher str - Sslvpn-Cipher. Valid values:
any,high,medium. - status str
- Enable or disable this policy. Valid values:
disable,enable. - str
- Tags.
- tcp_
mss_ floatreceiver - Receiver TCP maximum segment size (MSS).
- tcp_
mss_ floatsender - Sender TCP maximum segment size (MSS).
- tcp_
session_ strwithout_ syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout_
send_ strrst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos str
- ToS (Type of Service) value used for comparison.
- tos_
mask str - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_
negate str - Enable negated TOS match. Valid values:
disable,enable. - traffic_
shaper str - Reverse traffic shaper.
- traffic_
shaper_ strreverse - Reverse traffic shaper.
- url_
category str - URL category ID list.
- users str
- Names of individual users that can authenticate with this policy.
- utm_
inspection_ strmode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm_
status str - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan_
cos_ floatfwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
cos_ floatrev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_
filter str - Set VLAN filters.
- voip_
profile str - Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values:
disable,enable. - webcache_
https str - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Webproxy profile name.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- action String
- Policy action (allow/deny/ipsec). Valid values:
deny,accept,ipsec,ssl-vpn. - anti
Replay String - Enable/disable anti-replay check. Valid values:
disable,enable. - app
Category String - Application category ID list.
- app
Group String - Application group names.
- application
Charts List<String> - Application-Charts. Valid values:
top10-app,top10-p2p-user,top10-media-user. - application
List String - Name of an existing Application list.
- applications List<Number>
- Application ID list.
- auto
Asic StringOffload - Enable/disable policy traffic ASIC offloading. Valid values:
disable,enable. - av
Profile String - Name of an existing Antivirus profile.
- casi
Profile String - Casi-Profile.
- cgn
Log StringServer Grp - NP log server group name
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Comment.
- custom
Log StringFields - Log field index numbers to append custom log fields to log messages for this policy.
- decrypted
Traffic StringMirror - Decrypted-Traffic-Mirror.
- deep
Inspection StringOptions - Deep-Inspection-Options.
- device
Detection StringPortal - Device-Detection-Portal. Valid values:
disable,enable. - devices String
- Devices.
- diffserv
Forward String - Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values:
disable,enable. - diffserv
Reverse String - Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values:
disable,enable. - diffservcode
Forward String - Change packet's DiffServ to this value.
- diffservcode
Rev String - Change packet's reverse (reply) DiffServ to this value.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profile String - Name of an existing DNS filter profile.
- dscp
Match String - Dscp-Match. Valid values:
disable,enable. - dscp
Negate String - Dscp-Negate. Valid values:
disable,enable. - dscp
Value String - Dscp-Value.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values:
disable,enable. - dstaddr String
- Destination address and address group names.
- dstaddr
Negate String - When enabled dstaddr specifies what the destination address must NOT be. Valid values:
disable,enable. - dstintf String
- Outgoing (egress) interface.
- dynamic
Profile String - Dynamic-Profile. Valid values:
disable,enable. - dynamic
Profile List<String>Accesses - Dynamic-Profile-Access. Valid values:
imap,smtp,pop3,http,ftp,im,nntp,imaps,smtps,pop3s,https,ftps. - dynamic
Profile StringGroup - Dynamic-Profile-Group.
- email
Collection StringPortal - Email-Collection-Portal. Valid values:
disable,enable. - emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - File-Filter-Profile.
- firewall
Session StringDirty - How to handle sessions if the configuration of this firewall policy changes. Valid values:
check-all,check-new. - fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values:
disable,enable. - fsae String
- Fsae. Valid values:
disable,enable. - fsso
Groups String - Names of FSSO groups.
- global
Label String - Label for the policy that appears when the GUI is in Global View mode.
- groups String
- Names of user groups that can authenticate with this policy.
- http
Policy StringRedirect - Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- identity
Based String - Identity-Based. Valid values:
disable,enable. - identity
From String - Identity-From. Valid values:
auth,device. - inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values:
disable,enable. - inspection
Mode String - Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values:
proxy,flow. - ippool String
- Enable to use IP Pools for source NAT. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values:
disable,enable,all,utm. - logtraffic
Start String - Record logs when a session starts. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values:
disable,enable. - natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values:
disable,enable. - natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values:
disable,enable. - np
Accelation String - Np-Accelation. Valid values:
disable,enable. - np
Acceleration String - Enable/disable UTM Network Processor acceleration. Valid values:
disable,enable. - outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values:
disable,enable. - packages
Global StringHeader Policy6Id - an identifier for the resource with format {{policyid}}.
- per
Ip StringShaper - Per-IP traffic shaper.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policy
Offload String - Enable/disable offloading policy configuration to CP processors. Valid values:
disable,enable. - policyid Number
- Policy ID (0 - 4294967294).
- poolname String
- IP Pool names.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - replacemsg
Group String - Replacemsg-Group.
- replacemsg
Override StringGroup - Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values:
disable,enable. - schedule String
- Schedule name.
- send
Deny StringPacket - Enable/disable return of deny-packet. Valid values:
disable,enable. - service String
- Service and service group names.
- service
Negate String - When enabled service specifies what the service must NOT be. Valid values:
disable,enable. - session
Ttl String - Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter
Profile String - Spamfilter-Profile.
- srcaddr String
- Source address and address group names.
- srcaddr
Negate String - When enabled srcaddr specifies what the source address must NOT be. Valid values:
disable,enable. - srcintf String
- Incoming (ingress) interface.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Mirror String - Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values:
disable,enable. - ssl
Mirror StringIntf - SSL mirror interface name.
- ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- sslvpn
Auth String - Sslvpn-Auth. Valid values:
any,local,radius,ldap,tacacs+. - sslvpn
Ccert String - Sslvpn-Ccert. Valid values:
disable,enable. - sslvpn
Cipher String - Sslvpn-Cipher. Valid values:
any,high,medium. - status String
- Enable or disable this policy. Valid values:
disable,enable. - String
- Tags.
- tcp
Mss NumberReceiver - Receiver TCP maximum segment size (MSS).
- tcp
Mss NumberSender - Sender TCP maximum segment size (MSS).
- tcp
Session StringWithout Syn - Enable/disable creation of TCP session without SYN flag. Valid values:
all,data-only,disable. - timeout
Send StringRst - Enable/disable sending RST packets when TCP sessions expire. Valid values:
disable,enable. - tos String
- ToS (Type of Service) value used for comparison.
- tos
Mask String - Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos
Negate String - Enable negated TOS match. Valid values:
disable,enable. - traffic
Shaper String - Reverse traffic shaper.
- traffic
Shaper StringReverse - Reverse traffic shaper.
- url
Category String - URL category ID list.
- users String
- Names of individual users that can authenticate with this policy.
- utm
Inspection StringMode - Utm-Inspection-Mode. Valid values:
proxy,flow. - utm
Status String - Enable AV/web/ips protection profile. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vlan
Cos NumberFwd - VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Cos NumberRev - VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan
Filter String - Set VLAN filters.
- voip
Profile String - Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values:
disable,enable. - webcache
Https String - Enable/disable web cache for HTTPS. Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Webproxy profile name.
Import
Packages GlobalHeaderPolicy6 can be imported using any of these accepted formats:
Set import_options = [“pkg_folder_path=YOUR_VALUE”, “pkg=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/packagesGlobalHeaderPolicy6:PackagesGlobalHeaderPolicy6 labelname {{policyid}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev