Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.PackagesFirewallProxypolicy
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure proxy policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const labelname = new fortimanager.PackagesFirewallProxypolicy("labelname", {
action: "deny",
disclaimer: "disable",
dstaddrs: ["all"],
dstaddrNegate: "disable",
dstintfs: ["any"],
httpTunnelAuth: "disable",
internetService: "disable",
logtraffic: "all",
logtrafficStart: "disable",
pkg: "default",
policyid: 1,
profileType: "single",
proxy: "explicit-web",
schedule: "always",
services: ["webproxy"],
serviceNegate: "disable",
sessionTtl: 0,
srcaddrs: ["all"],
srcaddrNegate: "disable",
sshPolicyRedirect: "disable",
status: "enable",
webcache: "disable",
webcacheHttps: "disable",
});
import pulumi
import pulumi_fortimanager as fortimanager
labelname = fortimanager.PackagesFirewallProxypolicy("labelname",
action="deny",
disclaimer="disable",
dstaddrs=["all"],
dstaddr_negate="disable",
dstintfs=["any"],
http_tunnel_auth="disable",
internet_service="disable",
logtraffic="all",
logtraffic_start="disable",
pkg="default",
policyid=1,
profile_type="single",
proxy="explicit-web",
schedule="always",
services=["webproxy"],
service_negate="disable",
session_ttl=0,
srcaddrs=["all"],
srcaddr_negate="disable",
ssh_policy_redirect="disable",
status="enable",
webcache="disable",
webcache_https="disable")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewPackagesFirewallProxypolicy(ctx, "labelname", &fortimanager.PackagesFirewallProxypolicyArgs{
Action: pulumi.String("deny"),
Disclaimer: pulumi.String("disable"),
Dstaddrs: pulumi.StringArray{
pulumi.String("all"),
},
DstaddrNegate: pulumi.String("disable"),
Dstintfs: pulumi.StringArray{
pulumi.String("any"),
},
HttpTunnelAuth: pulumi.String("disable"),
InternetService: pulumi.String("disable"),
Logtraffic: pulumi.String("all"),
LogtrafficStart: pulumi.String("disable"),
Pkg: pulumi.String("default"),
Policyid: pulumi.Float64(1),
ProfileType: pulumi.String("single"),
Proxy: pulumi.String("explicit-web"),
Schedule: pulumi.String("always"),
Services: pulumi.StringArray{
pulumi.String("webproxy"),
},
ServiceNegate: pulumi.String("disable"),
SessionTtl: pulumi.Float64(0),
Srcaddrs: pulumi.StringArray{
pulumi.String("all"),
},
SrcaddrNegate: pulumi.String("disable"),
SshPolicyRedirect: pulumi.String("disable"),
Status: pulumi.String("enable"),
Webcache: pulumi.String("disable"),
WebcacheHttps: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var labelname = new Fortimanager.PackagesFirewallProxypolicy("labelname", new()
{
Action = "deny",
Disclaimer = "disable",
Dstaddrs = new[]
{
"all",
},
DstaddrNegate = "disable",
Dstintfs = new[]
{
"any",
},
HttpTunnelAuth = "disable",
InternetService = "disable",
Logtraffic = "all",
LogtrafficStart = "disable",
Pkg = "default",
Policyid = 1,
ProfileType = "single",
Proxy = "explicit-web",
Schedule = "always",
Services = new[]
{
"webproxy",
},
ServiceNegate = "disable",
SessionTtl = 0,
Srcaddrs = new[]
{
"all",
},
SrcaddrNegate = "disable",
SshPolicyRedirect = "disable",
Status = "enable",
Webcache = "disable",
WebcacheHttps = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.PackagesFirewallProxypolicy;
import com.pulumi.fortimanager.PackagesFirewallProxypolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var labelname = new PackagesFirewallProxypolicy("labelname", PackagesFirewallProxypolicyArgs.builder()
.action("deny")
.disclaimer("disable")
.dstaddrs("all")
.dstaddrNegate("disable")
.dstintfs("any")
.httpTunnelAuth("disable")
.internetService("disable")
.logtraffic("all")
.logtrafficStart("disable")
.pkg("default")
.policyid(1)
.profileType("single")
.proxy("explicit-web")
.schedule("always")
.services("webproxy")
.serviceNegate("disable")
.sessionTtl(0)
.srcaddrs("all")
.srcaddrNegate("disable")
.sshPolicyRedirect("disable")
.status("enable")
.webcache("disable")
.webcacheHttps("disable")
.build());
}
}
resources:
labelname:
type: fortimanager:PackagesFirewallProxypolicy
properties:
action: deny
disclaimer: disable
dstaddrs:
- all
dstaddrNegate: disable
dstintfs:
- any
httpTunnelAuth: disable
internetService: disable
logtraffic: all
logtrafficStart: disable
pkg: default
policyid: 1
profileType: single
proxy: explicit-web
schedule: always
services:
- webproxy
serviceNegate: disable
sessionTtl: 0
srcaddrs:
- all
srcaddrNegate: disable
sshPolicyRedirect: disable
status: enable
webcache: disable
webcacheHttps: disable
Create PackagesFirewallProxypolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PackagesFirewallProxypolicy(name: string, args: PackagesFirewallProxypolicyArgs, opts?: CustomResourceOptions);@overload
def PackagesFirewallProxypolicy(resource_name: str,
args: PackagesFirewallProxypolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PackagesFirewallProxypolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
pkg: Optional[str] = None,
_policy_block: Optional[float] = None,
access_proxies: Optional[Sequence[str]] = None,
access_proxy6: Optional[str] = None,
action: Optional[str] = None,
adom: Optional[str] = None,
application_list: Optional[str] = None,
av_profile: Optional[str] = None,
block_notification: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
detect_https_in_http_request: Optional[str] = None,
device_ownership: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
disclaimer: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profiles: Optional[Sequence[str]] = None,
dstaddr6s: Optional[Sequence[str]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[str]] = None,
dstintfs: Optional[Sequence[str]] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[str]] = None,
http_tunnel_auth: Optional[str] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[str]] = None,
internet_service6_customs: Optional[Sequence[str]] = None,
internet_service6_groups: Optional[Sequence[str]] = None,
internet_service6_names: Optional[Sequence[str]] = None,
internet_service6_negate: Optional[str] = None,
internet_service_custom: Optional[str] = None,
internet_service_custom_group: Optional[str] = None,
internet_service_group: Optional[str] = None,
internet_service_id: Optional[str] = None,
internet_service_name: Optional[str] = None,
internet_service_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
label: Optional[str] = None,
log_http_transaction: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
packages_firewall_proxypolicy_id: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policyid: Optional[float] = None,
poolnames: Optional[Sequence[str]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
proxy: Optional[str] = None,
redirect_url: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[str]] = None,
session_ttl: Optional[float] = None,
spamfilter_profile: Optional[str] = None,
srcaddr6s: Optional[Sequence[str]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[str]] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
transparent: Optional[str] = None,
users: Optional[Sequence[str]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None,
ztna_ems_tags: Optional[Sequence[str]] = None,
ztna_proxies: Optional[Sequence[str]] = None,
ztna_tags_match_logic: Optional[str] = None)func NewPackagesFirewallProxypolicy(ctx *Context, name string, args PackagesFirewallProxypolicyArgs, opts ...ResourceOption) (*PackagesFirewallProxypolicy, error)public PackagesFirewallProxypolicy(string name, PackagesFirewallProxypolicyArgs args, CustomResourceOptions? opts = null)
public PackagesFirewallProxypolicy(String name, PackagesFirewallProxypolicyArgs args)
public PackagesFirewallProxypolicy(String name, PackagesFirewallProxypolicyArgs args, CustomResourceOptions options)
type: fortimanager:PackagesFirewallProxypolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PackagesFirewallProxypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PackagesFirewallProxypolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PackagesFirewallProxypolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PackagesFirewallProxypolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PackagesFirewallProxypolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var packagesFirewallProxypolicyResource = new Fortimanager.PackagesFirewallProxypolicy("packagesFirewallProxypolicyResource", new()
{
Pkg = "string",
_policyBlock = 0,
AccessProxies = new[]
{
"string",
},
AccessProxy6 = "string",
Action = "string",
Adom = "string",
ApplicationList = "string",
AvProfile = "string",
BlockNotification = "string",
CasbProfile = "string",
CifsProfile = "string",
Comments = "string",
DecryptedTrafficMirror = "string",
DetectHttpsInHttpRequest = "string",
DeviceOwnership = "string",
DiameterFilterProfile = "string",
Disclaimer = "string",
DlpProfile = "string",
DlpSensor = "string",
DnsfilterProfiles = new[]
{
"string",
},
Dstaddr6s = new[]
{
"string",
},
DstaddrNegate = "string",
Dstaddrs = new[]
{
"string",
},
Dstintfs = new[]
{
"string",
},
EmailfilterProfile = "string",
FileFilterProfile = "string",
GlobalLabel = "string",
Groups = new[]
{
"string",
},
HttpTunnelAuth = "string",
IcapProfile = "string",
InternetService = "string",
InternetService6 = "string",
InternetService6CustomGroups = new[]
{
"string",
},
InternetService6Customs = new[]
{
"string",
},
InternetService6Groups = new[]
{
"string",
},
InternetService6Names = new[]
{
"string",
},
InternetService6Negate = "string",
InternetServiceCustom = "string",
InternetServiceCustomGroup = "string",
InternetServiceGroup = "string",
InternetServiceId = "string",
InternetServiceName = "string",
InternetServiceNegate = "string",
IpsSensor = "string",
IpsVoipFilter = "string",
Label = "string",
LogHttpTransaction = "string",
Logtraffic = "string",
LogtrafficStart = "string",
MmsProfile = "string",
Name = "string",
PackagesFirewallProxypolicyId = "string",
PkgFolderPath = "string",
Policyid = 0,
Poolnames = new[]
{
"string",
},
ProfileGroup = "string",
ProfileProtocolOptions = "string",
ProfileType = "string",
Proxy = "string",
RedirectUrl = "string",
ReplacemsgOverrideGroup = "string",
ScanBotnetConnections = "string",
Schedule = "string",
Scopetype = "string",
SctpFilterProfile = "string",
ServiceNegate = "string",
Services = new[]
{
"string",
},
SessionTtl = 0,
SpamfilterProfile = "string",
Srcaddr6s = new[]
{
"string",
},
SrcaddrNegate = "string",
Srcaddrs = new[]
{
"string",
},
Srcintf = "string",
SshFilterProfile = "string",
SshPolicyRedirect = "string",
SslSshProfile = "string",
Status = "string",
Transparent = "string",
Users = new[]
{
"string",
},
UtmStatus = "string",
Uuid = "string",
VideofilterProfile = "string",
VirtualPatchProfile = "string",
VoipProfile = "string",
WafProfile = "string",
Webcache = "string",
WebcacheHttps = "string",
WebfilterProfile = "string",
WebproxyForwardServer = "string",
WebproxyProfile = "string",
ZtnaEmsTags = new[]
{
"string",
},
ZtnaProxies = new[]
{
"string",
},
ZtnaTagsMatchLogic = "string",
});
example, err := fortimanager.NewPackagesFirewallProxypolicy(ctx, "packagesFirewallProxypolicyResource", &fortimanager.PackagesFirewallProxypolicyArgs{
Pkg: pulumi.String("string"),
_policyBlock: pulumi.Float64(0),
AccessProxies: pulumi.StringArray{
pulumi.String("string"),
},
AccessProxy6: pulumi.String("string"),
Action: pulumi.String("string"),
Adom: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
AvProfile: pulumi.String("string"),
BlockNotification: pulumi.String("string"),
CasbProfile: pulumi.String("string"),
CifsProfile: pulumi.String("string"),
Comments: pulumi.String("string"),
DecryptedTrafficMirror: pulumi.String("string"),
DetectHttpsInHttpRequest: pulumi.String("string"),
DeviceOwnership: pulumi.String("string"),
DiameterFilterProfile: pulumi.String("string"),
Disclaimer: pulumi.String("string"),
DlpProfile: pulumi.String("string"),
DlpSensor: pulumi.String("string"),
DnsfilterProfiles: pulumi.StringArray{
pulumi.String("string"),
},
Dstaddr6s: pulumi.StringArray{
pulumi.String("string"),
},
DstaddrNegate: pulumi.String("string"),
Dstaddrs: pulumi.StringArray{
pulumi.String("string"),
},
Dstintfs: pulumi.StringArray{
pulumi.String("string"),
},
EmailfilterProfile: pulumi.String("string"),
FileFilterProfile: pulumi.String("string"),
GlobalLabel: pulumi.String("string"),
Groups: pulumi.StringArray{
pulumi.String("string"),
},
HttpTunnelAuth: pulumi.String("string"),
IcapProfile: pulumi.String("string"),
InternetService: pulumi.String("string"),
InternetService6: pulumi.String("string"),
InternetService6CustomGroups: pulumi.StringArray{
pulumi.String("string"),
},
InternetService6Customs: pulumi.StringArray{
pulumi.String("string"),
},
InternetService6Groups: pulumi.StringArray{
pulumi.String("string"),
},
InternetService6Names: pulumi.StringArray{
pulumi.String("string"),
},
InternetService6Negate: pulumi.String("string"),
InternetServiceCustom: pulumi.String("string"),
InternetServiceCustomGroup: pulumi.String("string"),
InternetServiceGroup: pulumi.String("string"),
InternetServiceId: pulumi.String("string"),
InternetServiceName: pulumi.String("string"),
InternetServiceNegate: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
IpsVoipFilter: pulumi.String("string"),
Label: pulumi.String("string"),
LogHttpTransaction: pulumi.String("string"),
Logtraffic: pulumi.String("string"),
LogtrafficStart: pulumi.String("string"),
MmsProfile: pulumi.String("string"),
Name: pulumi.String("string"),
PackagesFirewallProxypolicyId: pulumi.String("string"),
PkgFolderPath: pulumi.String("string"),
Policyid: pulumi.Float64(0),
Poolnames: pulumi.StringArray{
pulumi.String("string"),
},
ProfileGroup: pulumi.String("string"),
ProfileProtocolOptions: pulumi.String("string"),
ProfileType: pulumi.String("string"),
Proxy: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
ReplacemsgOverrideGroup: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
Schedule: pulumi.String("string"),
Scopetype: pulumi.String("string"),
SctpFilterProfile: pulumi.String("string"),
ServiceNegate: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SessionTtl: pulumi.Float64(0),
SpamfilterProfile: pulumi.String("string"),
Srcaddr6s: pulumi.StringArray{
pulumi.String("string"),
},
SrcaddrNegate: pulumi.String("string"),
Srcaddrs: pulumi.StringArray{
pulumi.String("string"),
},
Srcintf: pulumi.String("string"),
SshFilterProfile: pulumi.String("string"),
SshPolicyRedirect: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
Transparent: pulumi.String("string"),
Users: pulumi.StringArray{
pulumi.String("string"),
},
UtmStatus: pulumi.String("string"),
Uuid: pulumi.String("string"),
VideofilterProfile: pulumi.String("string"),
VirtualPatchProfile: pulumi.String("string"),
VoipProfile: pulumi.String("string"),
WafProfile: pulumi.String("string"),
Webcache: pulumi.String("string"),
WebcacheHttps: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
WebproxyForwardServer: pulumi.String("string"),
WebproxyProfile: pulumi.String("string"),
ZtnaEmsTags: pulumi.StringArray{
pulumi.String("string"),
},
ZtnaProxies: pulumi.StringArray{
pulumi.String("string"),
},
ZtnaTagsMatchLogic: pulumi.String("string"),
})
var packagesFirewallProxypolicyResource = new PackagesFirewallProxypolicy("packagesFirewallProxypolicyResource", PackagesFirewallProxypolicyArgs.builder()
.pkg("string")
._policyBlock(0)
.accessProxies("string")
.accessProxy6("string")
.action("string")
.adom("string")
.applicationList("string")
.avProfile("string")
.blockNotification("string")
.casbProfile("string")
.cifsProfile("string")
.comments("string")
.decryptedTrafficMirror("string")
.detectHttpsInHttpRequest("string")
.deviceOwnership("string")
.diameterFilterProfile("string")
.disclaimer("string")
.dlpProfile("string")
.dlpSensor("string")
.dnsfilterProfiles("string")
.dstaddr6s("string")
.dstaddrNegate("string")
.dstaddrs("string")
.dstintfs("string")
.emailfilterProfile("string")
.fileFilterProfile("string")
.globalLabel("string")
.groups("string")
.httpTunnelAuth("string")
.icapProfile("string")
.internetService("string")
.internetService6("string")
.internetService6CustomGroups("string")
.internetService6Customs("string")
.internetService6Groups("string")
.internetService6Names("string")
.internetService6Negate("string")
.internetServiceCustom("string")
.internetServiceCustomGroup("string")
.internetServiceGroup("string")
.internetServiceId("string")
.internetServiceName("string")
.internetServiceNegate("string")
.ipsSensor("string")
.ipsVoipFilter("string")
.label("string")
.logHttpTransaction("string")
.logtraffic("string")
.logtrafficStart("string")
.mmsProfile("string")
.name("string")
.packagesFirewallProxypolicyId("string")
.pkgFolderPath("string")
.policyid(0)
.poolnames("string")
.profileGroup("string")
.profileProtocolOptions("string")
.profileType("string")
.proxy("string")
.redirectUrl("string")
.replacemsgOverrideGroup("string")
.scanBotnetConnections("string")
.schedule("string")
.scopetype("string")
.sctpFilterProfile("string")
.serviceNegate("string")
.services("string")
.sessionTtl(0)
.spamfilterProfile("string")
.srcaddr6s("string")
.srcaddrNegate("string")
.srcaddrs("string")
.srcintf("string")
.sshFilterProfile("string")
.sshPolicyRedirect("string")
.sslSshProfile("string")
.status("string")
.transparent("string")
.users("string")
.utmStatus("string")
.uuid("string")
.videofilterProfile("string")
.virtualPatchProfile("string")
.voipProfile("string")
.wafProfile("string")
.webcache("string")
.webcacheHttps("string")
.webfilterProfile("string")
.webproxyForwardServer("string")
.webproxyProfile("string")
.ztnaEmsTags("string")
.ztnaProxies("string")
.ztnaTagsMatchLogic("string")
.build());
packages_firewall_proxypolicy_resource = fortimanager.PackagesFirewallProxypolicy("packagesFirewallProxypolicyResource",
pkg="string",
_policy_block=0,
access_proxies=["string"],
access_proxy6="string",
action="string",
adom="string",
application_list="string",
av_profile="string",
block_notification="string",
casb_profile="string",
cifs_profile="string",
comments="string",
decrypted_traffic_mirror="string",
detect_https_in_http_request="string",
device_ownership="string",
diameter_filter_profile="string",
disclaimer="string",
dlp_profile="string",
dlp_sensor="string",
dnsfilter_profiles=["string"],
dstaddr6s=["string"],
dstaddr_negate="string",
dstaddrs=["string"],
dstintfs=["string"],
emailfilter_profile="string",
file_filter_profile="string",
global_label="string",
groups=["string"],
http_tunnel_auth="string",
icap_profile="string",
internet_service="string",
internet_service6="string",
internet_service6_custom_groups=["string"],
internet_service6_customs=["string"],
internet_service6_groups=["string"],
internet_service6_names=["string"],
internet_service6_negate="string",
internet_service_custom="string",
internet_service_custom_group="string",
internet_service_group="string",
internet_service_id="string",
internet_service_name="string",
internet_service_negate="string",
ips_sensor="string",
ips_voip_filter="string",
label="string",
log_http_transaction="string",
logtraffic="string",
logtraffic_start="string",
mms_profile="string",
name="string",
packages_firewall_proxypolicy_id="string",
pkg_folder_path="string",
policyid=0,
poolnames=["string"],
profile_group="string",
profile_protocol_options="string",
profile_type="string",
proxy="string",
redirect_url="string",
replacemsg_override_group="string",
scan_botnet_connections="string",
schedule="string",
scopetype="string",
sctp_filter_profile="string",
service_negate="string",
services=["string"],
session_ttl=0,
spamfilter_profile="string",
srcaddr6s=["string"],
srcaddr_negate="string",
srcaddrs=["string"],
srcintf="string",
ssh_filter_profile="string",
ssh_policy_redirect="string",
ssl_ssh_profile="string",
status="string",
transparent="string",
users=["string"],
utm_status="string",
uuid="string",
videofilter_profile="string",
virtual_patch_profile="string",
voip_profile="string",
waf_profile="string",
webcache="string",
webcache_https="string",
webfilter_profile="string",
webproxy_forward_server="string",
webproxy_profile="string",
ztna_ems_tags=["string"],
ztna_proxies=["string"],
ztna_tags_match_logic="string")
const packagesFirewallProxypolicyResource = new fortimanager.PackagesFirewallProxypolicy("packagesFirewallProxypolicyResource", {
pkg: "string",
_policyBlock: 0,
accessProxies: ["string"],
accessProxy6: "string",
action: "string",
adom: "string",
applicationList: "string",
avProfile: "string",
blockNotification: "string",
casbProfile: "string",
cifsProfile: "string",
comments: "string",
decryptedTrafficMirror: "string",
detectHttpsInHttpRequest: "string",
deviceOwnership: "string",
diameterFilterProfile: "string",
disclaimer: "string",
dlpProfile: "string",
dlpSensor: "string",
dnsfilterProfiles: ["string"],
dstaddr6s: ["string"],
dstaddrNegate: "string",
dstaddrs: ["string"],
dstintfs: ["string"],
emailfilterProfile: "string",
fileFilterProfile: "string",
globalLabel: "string",
groups: ["string"],
httpTunnelAuth: "string",
icapProfile: "string",
internetService: "string",
internetService6: "string",
internetService6CustomGroups: ["string"],
internetService6Customs: ["string"],
internetService6Groups: ["string"],
internetService6Names: ["string"],
internetService6Negate: "string",
internetServiceCustom: "string",
internetServiceCustomGroup: "string",
internetServiceGroup: "string",
internetServiceId: "string",
internetServiceName: "string",
internetServiceNegate: "string",
ipsSensor: "string",
ipsVoipFilter: "string",
label: "string",
logHttpTransaction: "string",
logtraffic: "string",
logtrafficStart: "string",
mmsProfile: "string",
name: "string",
packagesFirewallProxypolicyId: "string",
pkgFolderPath: "string",
policyid: 0,
poolnames: ["string"],
profileGroup: "string",
profileProtocolOptions: "string",
profileType: "string",
proxy: "string",
redirectUrl: "string",
replacemsgOverrideGroup: "string",
scanBotnetConnections: "string",
schedule: "string",
scopetype: "string",
sctpFilterProfile: "string",
serviceNegate: "string",
services: ["string"],
sessionTtl: 0,
spamfilterProfile: "string",
srcaddr6s: ["string"],
srcaddrNegate: "string",
srcaddrs: ["string"],
srcintf: "string",
sshFilterProfile: "string",
sshPolicyRedirect: "string",
sslSshProfile: "string",
status: "string",
transparent: "string",
users: ["string"],
utmStatus: "string",
uuid: "string",
videofilterProfile: "string",
virtualPatchProfile: "string",
voipProfile: "string",
wafProfile: "string",
webcache: "string",
webcacheHttps: "string",
webfilterProfile: "string",
webproxyForwardServer: "string",
webproxyProfile: "string",
ztnaEmsTags: ["string"],
ztnaProxies: ["string"],
ztnaTagsMatchLogic: "string",
});
type: fortimanager:PackagesFirewallProxypolicy
properties:
_policyBlock: 0
accessProxies:
- string
accessProxy6: string
action: string
adom: string
applicationList: string
avProfile: string
blockNotification: string
casbProfile: string
cifsProfile: string
comments: string
decryptedTrafficMirror: string
detectHttpsInHttpRequest: string
deviceOwnership: string
diameterFilterProfile: string
disclaimer: string
dlpProfile: string
dlpSensor: string
dnsfilterProfiles:
- string
dstaddr6s:
- string
dstaddrNegate: string
dstaddrs:
- string
dstintfs:
- string
emailfilterProfile: string
fileFilterProfile: string
globalLabel: string
groups:
- string
httpTunnelAuth: string
icapProfile: string
internetService: string
internetService6: string
internetService6CustomGroups:
- string
internetService6Customs:
- string
internetService6Groups:
- string
internetService6Names:
- string
internetService6Negate: string
internetServiceCustom: string
internetServiceCustomGroup: string
internetServiceGroup: string
internetServiceId: string
internetServiceName: string
internetServiceNegate: string
ipsSensor: string
ipsVoipFilter: string
label: string
logHttpTransaction: string
logtraffic: string
logtrafficStart: string
mmsProfile: string
name: string
packagesFirewallProxypolicyId: string
pkg: string
pkgFolderPath: string
policyid: 0
poolnames:
- string
profileGroup: string
profileProtocolOptions: string
profileType: string
proxy: string
redirectUrl: string
replacemsgOverrideGroup: string
scanBotnetConnections: string
schedule: string
scopetype: string
sctpFilterProfile: string
serviceNegate: string
services:
- string
sessionTtl: 0
spamfilterProfile: string
srcaddr6s:
- string
srcaddrNegate: string
srcaddrs:
- string
srcintf: string
sshFilterProfile: string
sshPolicyRedirect: string
sslSshProfile: string
status: string
transparent: string
users:
- string
utmStatus: string
uuid: string
videofilterProfile: string
virtualPatchProfile: string
voipProfile: string
wafProfile: string
webcache: string
webcacheHttps: string
webfilterProfile: string
webproxyForwardServer: string
webproxyProfile: string
ztnaEmsTags:
- string
ztnaProxies:
- string
ztnaTagsMatchLogic: string
PackagesFirewallProxypolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PackagesFirewallProxypolicy resource accepts the following input properties:
- Pkg string
- Package.
- Access
Proxies List<string> - Access Proxy.
- Access
Proxy6 string - IPv6 access proxy.
- Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profiles List<string> - Name of an existing DNS filter profile.
- Dstaddr6s List<string>
- IPv6 destination address objects.
- Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - Dstaddrs List<string>
- Destination address objects.
- Dstintfs List<string>
- Destination interface names.
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Global
Label string - Global web-based manager visible label.
- Groups List<string>
- Names of group objects.
- Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - Internet
Service6Custom List<string>Groups - Custom Internet Service IPv6 group name.
- Internet
Service6Customs List<string> - Custom Internet Service IPv6 name.
- Internet
Service6Groups List<string> - Internet Service IPv6 group name.
- Internet
Service6Names List<string> - Internet Service IPv6 name.
- Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringName - Internet Service name.
- Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid double
- Policy ID.
- Poolnames List<string>
- Name of IP pool object.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - Schedule string
- Name of schedule object.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - Services List<string>
- Name of service objects.
- Session
Ttl double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s List<string>
- IPv6 source address objects.
- Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - Srcaddrs List<string>
- Source address objects.
- Srcintf string
- Source interface names.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - Users List<string>
- Names of user objects.
- Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Virtual-Patch-Profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- List<string>
- ZTNA EMS Tag names.
- Ztna
Proxies List<string> - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and. - _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Pkg string
- Package.
- Access
Proxies []string - Access Proxy.
- Access
Proxy6 string - IPv6 access proxy.
- Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profiles []string - Name of an existing DNS filter profile.
- Dstaddr6s []string
- IPv6 destination address objects.
- Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - Dstaddrs []string
- Destination address objects.
- Dstintfs []string
- Destination interface names.
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Global
Label string - Global web-based manager visible label.
- Groups []string
- Names of group objects.
- Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - Internet
Service6Custom []stringGroups - Custom Internet Service IPv6 group name.
- Internet
Service6Customs []string - Custom Internet Service IPv6 name.
- Internet
Service6Groups []string - Internet Service IPv6 group name.
- Internet
Service6Names []string - Internet Service IPv6 name.
- Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringName - Internet Service name.
- Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid float64
- Policy ID.
- Poolnames []string
- Name of IP pool object.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - Schedule string
- Name of schedule object.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - Services []string
- Name of service objects.
- Session
Ttl float64 - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s []string
- IPv6 source address objects.
- Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - Srcaddrs []string
- Source address objects.
- Srcintf string
- Source interface names.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - Users []string
- Names of user objects.
- Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Virtual-Patch-Profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- []string
- ZTNA EMS Tag names.
- Ztna
Proxies []string - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and. - _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- pkg String
- Package.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies List<String> - Access Proxy.
- access
Proxy6 String - IPv6 access proxy.
- action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddr6s List<String>
- IPv6 destination address objects.
- dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs List<String>
- Destination address objects.
- dstintfs List<String>
- Destination interface names.
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- global
Label String - Global web-based manager visible label.
- groups List<String>
- Names of group objects.
- http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom List<String>Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs List<String> - Custom Internet Service IPv6 name.
- internet
Service6Groups List<String> - Internet Service IPv6 group name.
- internet
Service6Names List<String> - Internet Service IPv6 name.
- internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringName - Internet Service name.
- internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- log
Http StringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- packages
Firewall StringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Double
- Policy ID.
- poolnames List<String>
- Name of IP pool object.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy String
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule String
- Name of schedule object.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services List<String>
- Name of service objects.
- session
Ttl Double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<String>
- IPv6 source address objects.
- srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs List<String>
- Source address objects.
- srcintf String
- Source interface names.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users List<String>
- Names of user objects.
- utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Virtual-Patch-Profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<String>
- ZTNA EMS Tag names.
- ztna
Proxies List<String> - IPv4 ZTNA traffic forward proxy.
- String
- ZTNA tag matching logic. Valid values:
or,and.
- pkg string
- Package.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies string[] - Access Proxy.
- access
Proxy6 string - IPv6 access proxy.
- action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List string - Name of an existing Application list.
- av
Profile string - Name of an existing Antivirus profile.
- block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Optional comments.
- decrypted
Traffic stringMirror - Decrypted traffic mirror.
- detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profiles string[] - Name of an existing DNS filter profile.
- dstaddr6s string[]
- IPv6 destination address objects.
- dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs string[]
- Destination address objects.
- dstintfs string[]
- Destination interface names.
- emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - Name of an existing file-filter profile.
- global
Label string - Global web-based manager visible label.
- groups string[]
- Names of group objects.
- http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom string[]Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs string[] - Custom Internet Service IPv6 name.
- internet
Service6Groups string[] - Internet Service IPv6 group name.
- internet
Service6Names string[] - Internet Service IPv6 name.
- internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service stringCustom - Custom Internet Service name.
- internet
Service stringCustom Group - Custom Internet Service group name.
- internet
Service stringGroup - Internet Service group name.
- internet
Service stringId - Internet Service ID.
- internet
Service stringName - Internet Service name.
- internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- label string
- VDOM-specific GUI visible label.
- log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg
Folder stringPath - Pkg Folder Path.
- policyid number
- Policy ID.
- poolnames string[]
- Name of IP pool object.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url string - Redirect URL for further explicit web proxy processing.
- replacemsg
Override stringGroup - Authentication replacement message override group.
- scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule string
- Name of schedule object.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services string[]
- Name of service objects.
- session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr6s string[]
- IPv6 source address objects.
- srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs string[]
- Source address objects.
- srcintf string
- Source interface names.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users string[]
- Names of user objects.
- utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Virtual-Patch-Profile.
- voip
Profile string - Name of an existing VoIP profile.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Name of web proxy profile.
- string[]
- ZTNA EMS Tag names.
- ztna
Proxies string[] - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and.
- pkg str
- Package.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access_
proxies Sequence[str] - Access Proxy.
- access_
proxy6 str - IPv6 access proxy.
- action str
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application_
list str - Name of an existing Application list.
- av_
profile str - Name of an existing Antivirus profile.
- block_
notification str - Enable/disable block notification. Valid values:
disable,enable. - casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Optional comments.
- decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- detect_
https_ strin_ http_ request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device_
ownership str - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- disclaimer str
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profiles Sequence[str] - Name of an existing DNS filter profile.
- dstaddr6s Sequence[str]
- IPv6 destination address objects.
- dstaddr_
negate str - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs Sequence[str]
- Destination address objects.
- dstintfs Sequence[str]
- Destination interface names.
- emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - Name of an existing file-filter profile.
- global_
label str - Global web-based manager visible label.
- groups Sequence[str]
- Names of group objects.
- http_
tunnel_ strauth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet_
service6 str - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet_
service6_ Sequence[str]custom_ groups - Custom Internet Service IPv6 group name.
- internet_
service6_ Sequence[str]customs - Custom Internet Service IPv6 name.
- internet_
service6_ Sequence[str]groups - Internet Service IPv6 group name.
- internet_
service6_ Sequence[str]names - Internet Service IPv6 name.
- internet_
service6_ strnegate - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet_
service_ strcustom - Custom Internet Service name.
- internet_
service_ strcustom_ group - Custom Internet Service group name.
- internet_
service_ strgroup - Internet Service group name.
- internet_
service_ strid - Internet Service ID.
- internet_
service_ strname - Internet Service name.
- internet_
service_ strnegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- label str
- VDOM-specific GUI visible label.
- log_
http_ strtransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic str
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic_
start str - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- packages_
firewall_ strproxypolicy_ id - an identifier for the resource with format {{policyid}}.
- pkg_
folder_ strpath - Pkg Folder Path.
- policyid float
- Policy ID.
- poolnames Sequence[str]
- Name of IP pool object.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy str
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect_
url str - Redirect URL for further explicit web proxy processing.
- replacemsg_
override_ strgroup - Authentication replacement message override group.
- scan_
botnet_ strconnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule str
- Name of schedule object.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- service_
negate str - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services Sequence[str]
- Name of service objects.
- session_
ttl float - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr6s Sequence[str]
- IPv6 source address objects.
- srcaddr_
negate str - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs Sequence[str]
- Source address objects.
- srcintf str
- Source interface names.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent str
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users Sequence[str]
- Names of user objects.
- utm_
status str - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Virtual-Patch-Profile.
- voip_
profile str - Name of an existing VoIP profile.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web caching. Valid values:
disable,enable. - webcache_
https str - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Name of web proxy profile.
- Sequence[str]
- ZTNA EMS Tag names.
- ztna_
proxies Sequence[str] - IPv4 ZTNA traffic forward proxy.
- str
- ZTNA tag matching logic. Valid values:
or,and.
- pkg String
- Package.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies List<String> - Access Proxy.
- access
Proxy6 String - IPv6 access proxy.
- action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddr6s List<String>
- IPv6 destination address objects.
- dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs List<String>
- Destination address objects.
- dstintfs List<String>
- Destination interface names.
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- global
Label String - Global web-based manager visible label.
- groups List<String>
- Names of group objects.
- http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom List<String>Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs List<String> - Custom Internet Service IPv6 name.
- internet
Service6Groups List<String> - Internet Service IPv6 group name.
- internet
Service6Names List<String> - Internet Service IPv6 name.
- internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringName - Internet Service name.
- internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- log
Http StringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- packages
Firewall StringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Number
- Policy ID.
- poolnames List<String>
- Name of IP pool object.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy String
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule String
- Name of schedule object.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services List<String>
- Name of service objects.
- session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<String>
- IPv6 source address objects.
- srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs List<String>
- Source address objects.
- srcintf String
- Source interface names.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users List<String>
- Names of user objects.
- utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Virtual-Patch-Profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<String>
- ZTNA EMS Tag names.
- ztna
Proxies List<String> - IPv4 ZTNA traffic forward proxy.
- String
- ZTNA tag matching logic. Valid values:
or,and.
Outputs
All input properties are implicitly available as output properties. Additionally, the PackagesFirewallProxypolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PackagesFirewallProxypolicy Resource
Get an existing PackagesFirewallProxypolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PackagesFirewallProxypolicyState, opts?: CustomResourceOptions): PackagesFirewallProxypolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_policy_block: Optional[float] = None,
access_proxies: Optional[Sequence[str]] = None,
access_proxy6: Optional[str] = None,
action: Optional[str] = None,
adom: Optional[str] = None,
application_list: Optional[str] = None,
av_profile: Optional[str] = None,
block_notification: Optional[str] = None,
casb_profile: Optional[str] = None,
cifs_profile: Optional[str] = None,
comments: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
detect_https_in_http_request: Optional[str] = None,
device_ownership: Optional[str] = None,
diameter_filter_profile: Optional[str] = None,
disclaimer: Optional[str] = None,
dlp_profile: Optional[str] = None,
dlp_sensor: Optional[str] = None,
dnsfilter_profiles: Optional[Sequence[str]] = None,
dstaddr6s: Optional[Sequence[str]] = None,
dstaddr_negate: Optional[str] = None,
dstaddrs: Optional[Sequence[str]] = None,
dstintfs: Optional[Sequence[str]] = None,
emailfilter_profile: Optional[str] = None,
file_filter_profile: Optional[str] = None,
global_label: Optional[str] = None,
groups: Optional[Sequence[str]] = None,
http_tunnel_auth: Optional[str] = None,
icap_profile: Optional[str] = None,
internet_service: Optional[str] = None,
internet_service6: Optional[str] = None,
internet_service6_custom_groups: Optional[Sequence[str]] = None,
internet_service6_customs: Optional[Sequence[str]] = None,
internet_service6_groups: Optional[Sequence[str]] = None,
internet_service6_names: Optional[Sequence[str]] = None,
internet_service6_negate: Optional[str] = None,
internet_service_custom: Optional[str] = None,
internet_service_custom_group: Optional[str] = None,
internet_service_group: Optional[str] = None,
internet_service_id: Optional[str] = None,
internet_service_name: Optional[str] = None,
internet_service_negate: Optional[str] = None,
ips_sensor: Optional[str] = None,
ips_voip_filter: Optional[str] = None,
label: Optional[str] = None,
log_http_transaction: Optional[str] = None,
logtraffic: Optional[str] = None,
logtraffic_start: Optional[str] = None,
mms_profile: Optional[str] = None,
name: Optional[str] = None,
packages_firewall_proxypolicy_id: Optional[str] = None,
pkg: Optional[str] = None,
pkg_folder_path: Optional[str] = None,
policyid: Optional[float] = None,
poolnames: Optional[Sequence[str]] = None,
profile_group: Optional[str] = None,
profile_protocol_options: Optional[str] = None,
profile_type: Optional[str] = None,
proxy: Optional[str] = None,
redirect_url: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
sctp_filter_profile: Optional[str] = None,
service_negate: Optional[str] = None,
services: Optional[Sequence[str]] = None,
session_ttl: Optional[float] = None,
spamfilter_profile: Optional[str] = None,
srcaddr6s: Optional[Sequence[str]] = None,
srcaddr_negate: Optional[str] = None,
srcaddrs: Optional[Sequence[str]] = None,
srcintf: Optional[str] = None,
ssh_filter_profile: Optional[str] = None,
ssh_policy_redirect: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
transparent: Optional[str] = None,
users: Optional[Sequence[str]] = None,
utm_status: Optional[str] = None,
uuid: Optional[str] = None,
videofilter_profile: Optional[str] = None,
virtual_patch_profile: Optional[str] = None,
voip_profile: Optional[str] = None,
waf_profile: Optional[str] = None,
webcache: Optional[str] = None,
webcache_https: Optional[str] = None,
webfilter_profile: Optional[str] = None,
webproxy_forward_server: Optional[str] = None,
webproxy_profile: Optional[str] = None,
ztna_ems_tags: Optional[Sequence[str]] = None,
ztna_proxies: Optional[Sequence[str]] = None,
ztna_tags_match_logic: Optional[str] = None) -> PackagesFirewallProxypolicyfunc GetPackagesFirewallProxypolicy(ctx *Context, name string, id IDInput, state *PackagesFirewallProxypolicyState, opts ...ResourceOption) (*PackagesFirewallProxypolicy, error)public static PackagesFirewallProxypolicy Get(string name, Input<string> id, PackagesFirewallProxypolicyState? state, CustomResourceOptions? opts = null)public static PackagesFirewallProxypolicy get(String name, Output<String> id, PackagesFirewallProxypolicyState state, CustomResourceOptions options)resources: _: type: fortimanager:PackagesFirewallProxypolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Proxies List<string> - Access Proxy.
- Access
Proxy6 string - IPv6 access proxy.
- Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profiles List<string> - Name of an existing DNS filter profile.
- Dstaddr6s List<string>
- IPv6 destination address objects.
- Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - Dstaddrs List<string>
- Destination address objects.
- Dstintfs List<string>
- Destination interface names.
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Global
Label string - Global web-based manager visible label.
- Groups List<string>
- Names of group objects.
- Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - Internet
Service6Custom List<string>Groups - Custom Internet Service IPv6 group name.
- Internet
Service6Customs List<string> - Custom Internet Service IPv6 name.
- Internet
Service6Groups List<string> - Internet Service IPv6 group name.
- Internet
Service6Names List<string> - Internet Service IPv6 name.
- Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringName - Internet Service name.
- Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid double
- Policy ID.
- Poolnames List<string>
- Name of IP pool object.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - Schedule string
- Name of schedule object.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - Services List<string>
- Name of service objects.
- Session
Ttl double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s List<string>
- IPv6 source address objects.
- Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - Srcaddrs List<string>
- Source address objects.
- Srcintf string
- Source interface names.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - Users List<string>
- Names of user objects.
- Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Virtual-Patch-Profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- List<string>
- ZTNA EMS Tag names.
- Ztna
Proxies List<string> - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and. - _
policy doubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- Access
Proxies []string - Access Proxy.
- Access
Proxy6 string - IPv6 access proxy.
- Action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Application
List string - Name of an existing Application list.
- Av
Profile string - Name of an existing Antivirus profile.
- Block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - Casb
Profile string - Name of an existing CASB profile.
- Cifs
Profile string - Name of an existing CIFS profile.
- Comments string
- Optional comments.
- Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - Device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - Diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- Disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - Dlp
Profile string - Name of an existing DLP profile.
- Dlp
Sensor string - Name of an existing DLP sensor.
- Dnsfilter
Profiles []string - Name of an existing DNS filter profile.
- Dstaddr6s []string
- IPv6 destination address objects.
- Dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - Dstaddrs []string
- Destination address objects.
- Dstintfs []string
- Destination interface names.
- Emailfilter
Profile string - Name of an existing email filter profile.
- File
Filter stringProfile - Name of an existing file-filter profile.
- Global
Label string - Global web-based manager visible label.
- Groups []string
- Names of group objects.
- Http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - Icap
Profile string - Name of an existing ICAP profile.
- Internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - Internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - Internet
Service6Custom []stringGroups - Custom Internet Service IPv6 group name.
- Internet
Service6Customs []string - Custom Internet Service IPv6 name.
- Internet
Service6Groups []string - Internet Service IPv6 group name.
- Internet
Service6Names []string - Internet Service IPv6 name.
- Internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - Internet
Service stringCustom - Custom Internet Service name.
- Internet
Service stringCustom Group - Custom Internet Service group name.
- Internet
Service stringGroup - Internet Service group name.
- Internet
Service stringId - Internet Service ID.
- Internet
Service stringName - Internet Service name.
- Internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - Ips
Sensor string - Name of an existing IPS sensor.
- Ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- Label string
- VDOM-specific GUI visible label.
- Log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - Logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - Logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - Mms
Profile string - Name of an existing MMS profile.
- Name string
- Policy name.
- Packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- Pkg string
- Package.
- Pkg
Folder stringPath - Pkg Folder Path.
- Policyid float64
- Policy ID.
- Poolnames []string
- Name of IP pool object.
- Profile
Group string - Name of profile group.
- Profile
Protocol stringOptions - Name of an existing Protocol options profile.
- Profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - Proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - Redirect
Url string - Redirect URL for further explicit web proxy processing.
- Replacemsg
Override stringGroup - Authentication replacement message override group.
- Scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - Schedule string
- Name of schedule object.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- Service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - Services []string
- Name of service objects.
- Session
Ttl float64 - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- Spamfilter
Profile string - Name of an existing Spam filter profile.
- Srcaddr6s []string
- IPv6 source address objects.
- Srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - Srcaddrs []string
- Source address objects.
- Srcintf string
- Source interface names.
- Ssh
Filter stringProfile - Name of an existing SSH filter profile.
- Ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - Ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- Status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - Transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - Users []string
- Names of user objects.
- Utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Videofilter
Profile string - Name of an existing VideoFilter profile.
- Virtual
Patch stringProfile - Virtual-Patch-Profile.
- Voip
Profile string - Name of an existing VoIP profile.
- Waf
Profile string - Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web caching. Valid values:
disable,enable. - Webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - Webfilter
Profile string - Name of an existing Web filter profile.
- Webproxy
Forward stringServer - Web proxy forward server name.
- Webproxy
Profile string - Name of web proxy profile.
- []string
- ZTNA EMS Tag names.
- Ztna
Proxies []string - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and. - _
policy float64Block - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- _
policy DoubleBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies List<String> - Access Proxy.
- access
Proxy6 String - IPv6 access proxy.
- action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddr6s List<String>
- IPv6 destination address objects.
- dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs List<String>
- Destination address objects.
- dstintfs List<String>
- Destination interface names.
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- global
Label String - Global web-based manager visible label.
- groups List<String>
- Names of group objects.
- http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom List<String>Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs List<String> - Custom Internet Service IPv6 name.
- internet
Service6Groups List<String> - Internet Service IPv6 group name.
- internet
Service6Names List<String> - Internet Service IPv6 name.
- internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringName - Internet Service name.
- internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- log
Http StringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- packages
Firewall StringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Double
- Policy ID.
- poolnames List<String>
- Name of IP pool object.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy String
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule String
- Name of schedule object.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services List<String>
- Name of service objects.
- session
Ttl Double - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<String>
- IPv6 source address objects.
- srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs List<String>
- Source address objects.
- srcintf String
- Source interface names.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users List<String>
- Names of user objects.
- utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Virtual-Patch-Profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<String>
- ZTNA EMS Tag names.
- ztna
Proxies List<String> - IPv4 ZTNA traffic forward proxy.
- String
- ZTNA tag matching logic. Valid values:
or,and.
- _
policy numberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies string[] - Access Proxy.
- access
Proxy6 string - IPv6 access proxy.
- action string
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List string - Name of an existing Application list.
- av
Profile string - Name of an existing Antivirus profile.
- block
Notification string - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile string - Name of an existing CASB profile.
- cifs
Profile string - Name of an existing CIFS profile.
- comments string
- Optional comments.
- decrypted
Traffic stringMirror - Decrypted traffic mirror.
- detect
Https stringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership string - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter stringProfile - Name of an existing Diameter filter profile.
- disclaimer string
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile string - Name of an existing DLP profile.
- dlp
Sensor string - Name of an existing DLP sensor.
- dnsfilter
Profiles string[] - Name of an existing DNS filter profile.
- dstaddr6s string[]
- IPv6 destination address objects.
- dstaddr
Negate string - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs string[]
- Destination address objects.
- dstintfs string[]
- Destination interface names.
- emailfilter
Profile string - Name of an existing email filter profile.
- file
Filter stringProfile - Name of an existing file-filter profile.
- global
Label string - Global web-based manager visible label.
- groups string[]
- Names of group objects.
- http
Tunnel stringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile string - Name of an existing ICAP profile.
- internet
Service string - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 string - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom string[]Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs string[] - Custom Internet Service IPv6 name.
- internet
Service6Groups string[] - Internet Service IPv6 group name.
- internet
Service6Names string[] - Internet Service IPv6 name.
- internet
Service6Negate string - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service stringCustom - Custom Internet Service name.
- internet
Service stringCustom Group - Custom Internet Service group name.
- internet
Service stringGroup - Internet Service group name.
- internet
Service stringId - Internet Service ID.
- internet
Service stringName - Internet Service name.
- internet
Service stringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor string - Name of an existing IPS sensor.
- ips
Voip stringFilter - Name of an existing VoIP (ips) profile.
- label string
- VDOM-specific GUI visible label.
- log
Http stringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic string
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start string - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile string - Name of an existing MMS profile.
- name string
- Policy name.
- packages
Firewall stringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg string
- Package.
- pkg
Folder stringPath - Pkg Folder Path.
- policyid number
- Policy ID.
- poolnames string[]
- Name of IP pool object.
- profile
Group string - Name of profile group.
- profile
Protocol stringOptions - Name of an existing Protocol options profile.
- profile
Type string - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy string
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url string - Redirect URL for further explicit web proxy processing.
- replacemsg
Override stringGroup - Authentication replacement message override group.
- scan
Botnet stringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule string
- Name of schedule object.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter stringProfile - Name of an existing SCTP filter profile.
- service
Negate string - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services string[]
- Name of service objects.
- session
Ttl number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile string - Name of an existing Spam filter profile.
- srcaddr6s string[]
- IPv6 source address objects.
- srcaddr
Negate string - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs string[]
- Source address objects.
- srcintf string
- Source interface names.
- ssh
Filter stringProfile - Name of an existing SSH filter profile.
- ssh
Policy stringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh stringProfile - Name of an existing SSL SSH profile.
- status string
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent string
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users string[]
- Names of user objects.
- utm
Status string - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile string - Name of an existing VideoFilter profile.
- virtual
Patch stringProfile - Virtual-Patch-Profile.
- voip
Profile string - Name of an existing VoIP profile.
- waf
Profile string - Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https string - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile string - Name of an existing Web filter profile.
- webproxy
Forward stringServer - Web proxy forward server name.
- webproxy
Profile string - Name of web proxy profile.
- string[]
- ZTNA EMS Tag names.
- ztna
Proxies string[] - IPv4 ZTNA traffic forward proxy.
- string
- ZTNA tag matching logic. Valid values:
or,and.
- _
policy_ floatblock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access_
proxies Sequence[str] - Access Proxy.
- access_
proxy6 str - IPv6 access proxy.
- action str
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application_
list str - Name of an existing Application list.
- av_
profile str - Name of an existing Antivirus profile.
- block_
notification str - Enable/disable block notification. Valid values:
disable,enable. - casb_
profile str - Name of an existing CASB profile.
- cifs_
profile str - Name of an existing CIFS profile.
- comments str
- Optional comments.
- decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- detect_
https_ strin_ http_ request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device_
ownership str - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter_
filter_ strprofile - Name of an existing Diameter filter profile.
- disclaimer str
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp_
profile str - Name of an existing DLP profile.
- dlp_
sensor str - Name of an existing DLP sensor.
- dnsfilter_
profiles Sequence[str] - Name of an existing DNS filter profile.
- dstaddr6s Sequence[str]
- IPv6 destination address objects.
- dstaddr_
negate str - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs Sequence[str]
- Destination address objects.
- dstintfs Sequence[str]
- Destination interface names.
- emailfilter_
profile str - Name of an existing email filter profile.
- file_
filter_ strprofile - Name of an existing file-filter profile.
- global_
label str - Global web-based manager visible label.
- groups Sequence[str]
- Names of group objects.
- http_
tunnel_ strauth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap_
profile str - Name of an existing ICAP profile.
- internet_
service str - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet_
service6 str - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet_
service6_ Sequence[str]custom_ groups - Custom Internet Service IPv6 group name.
- internet_
service6_ Sequence[str]customs - Custom Internet Service IPv6 name.
- internet_
service6_ Sequence[str]groups - Internet Service IPv6 group name.
- internet_
service6_ Sequence[str]names - Internet Service IPv6 name.
- internet_
service6_ strnegate - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet_
service_ strcustom - Custom Internet Service name.
- internet_
service_ strcustom_ group - Custom Internet Service group name.
- internet_
service_ strgroup - Internet Service group name.
- internet_
service_ strid - Internet Service ID.
- internet_
service_ strname - Internet Service name.
- internet_
service_ strnegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips_
sensor str - Name of an existing IPS sensor.
- ips_
voip_ strfilter - Name of an existing VoIP (ips) profile.
- label str
- VDOM-specific GUI visible label.
- log_
http_ strtransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic str
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic_
start str - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms_
profile str - Name of an existing MMS profile.
- name str
- Policy name.
- packages_
firewall_ strproxypolicy_ id - an identifier for the resource with format {{policyid}}.
- pkg str
- Package.
- pkg_
folder_ strpath - Pkg Folder Path.
- policyid float
- Policy ID.
- poolnames Sequence[str]
- Name of IP pool object.
- profile_
group str - Name of profile group.
- profile_
protocol_ stroptions - Name of an existing Protocol options profile.
- profile_
type str - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy str
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect_
url str - Redirect URL for further explicit web proxy processing.
- replacemsg_
override_ strgroup - Authentication replacement message override group.
- scan_
botnet_ strconnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule str
- Name of schedule object.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp_
filter_ strprofile - Name of an existing SCTP filter profile.
- service_
negate str - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services Sequence[str]
- Name of service objects.
- session_
ttl float - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter_
profile str - Name of an existing Spam filter profile.
- srcaddr6s Sequence[str]
- IPv6 source address objects.
- srcaddr_
negate str - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs Sequence[str]
- Source address objects.
- srcintf str
- Source interface names.
- ssh_
filter_ strprofile - Name of an existing SSH filter profile.
- ssh_
policy_ strredirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl_
ssh_ strprofile - Name of an existing SSL SSH profile.
- status str
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent str
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users Sequence[str]
- Names of user objects.
- utm_
status str - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter_
profile str - Name of an existing VideoFilter profile.
- virtual_
patch_ strprofile - Virtual-Patch-Profile.
- voip_
profile str - Name of an existing VoIP profile.
- waf_
profile str - Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web caching. Valid values:
disable,enable. - webcache_
https str - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter_
profile str - Name of an existing Web filter profile.
- webproxy_
forward_ strserver - Web proxy forward server name.
- webproxy_
profile str - Name of web proxy profile.
- Sequence[str]
- ZTNA EMS Tag names.
- ztna_
proxies Sequence[str] - IPv4 ZTNA traffic forward proxy.
- str
- ZTNA tag matching logic. Valid values:
or,and.
- _
policy NumberBlock - Assigned policy block. When this attribute is set, the policy represent a policy block, and all other attributes are ignored. This attribute is not available when configuring policy inside a policy block.
- access
Proxies List<String> - Access Proxy.
- access
Proxy6 String - IPv6 access proxy.
- action String
- Accept or deny traffic matching the policy parameters. Valid values:
accept,deny,redirect. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - application
List String - Name of an existing Application list.
- av
Profile String - Name of an existing Antivirus profile.
- block
Notification String - Enable/disable block notification. Valid values:
disable,enable. - casb
Profile String - Name of an existing CASB profile.
- cifs
Profile String - Name of an existing CIFS profile.
- comments String
- Optional comments.
- decrypted
Traffic StringMirror - Decrypted traffic mirror.
- detect
Https StringIn Http Request - Enable/disable detection of HTTPS in HTTP request. Valid values:
disable,enable. - device
Ownership String - When enabled, the ownership enforcement will be done at policy level. Valid values:
disable,enable. - diameter
Filter StringProfile - Name of an existing Diameter filter profile.
- disclaimer String
- Web proxy disclaimer setting: by domain, policy, or user. Valid values:
disable,domain,policy,user. - dlp
Profile String - Name of an existing DLP profile.
- dlp
Sensor String - Name of an existing DLP sensor.
- dnsfilter
Profiles List<String> - Name of an existing DNS filter profile.
- dstaddr6s List<String>
- IPv6 destination address objects.
- dstaddr
Negate String - When enabled, destination addresses match against any address EXCEPT the specified destination addresses. Valid values:
disable,enable. - dstaddrs List<String>
- Destination address objects.
- dstintfs List<String>
- Destination interface names.
- emailfilter
Profile String - Name of an existing email filter profile.
- file
Filter StringProfile - Name of an existing file-filter profile.
- global
Label String - Global web-based manager visible label.
- groups List<String>
- Names of group objects.
- http
Tunnel StringAuth - Enable/disable HTTP tunnel authentication. Valid values:
disable,enable. - icap
Profile String - Name of an existing ICAP profile.
- internet
Service String - Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. Valid values:
disable,enable. - internet
Service6 String - Enable/disable use of Internet Services IPv6 for this policy. If enabled, destination IPv6 address and service are not used. Valid values:
disable,enable. - internet
Service6Custom List<String>Groups - Custom Internet Service IPv6 group name.
- internet
Service6Customs List<String> - Custom Internet Service IPv6 name.
- internet
Service6Groups List<String> - Internet Service IPv6 group name.
- internet
Service6Names List<String> - Internet Service IPv6 name.
- internet
Service6Negate String - When enabled, Internet Services match against any internet service IPv6 EXCEPT the selected Internet Service IPv6. Valid values:
disable,enable. - internet
Service StringCustom - Custom Internet Service name.
- internet
Service StringCustom Group - Custom Internet Service group name.
- internet
Service StringGroup - Internet Service group name.
- internet
Service StringId - Internet Service ID.
- internet
Service StringName - Internet Service name.
- internet
Service StringNegate - When enabled, Internet Services match against any internet service EXCEPT the selected Internet Service. Valid values:
disable,enable. - ips
Sensor String - Name of an existing IPS sensor.
- ips
Voip StringFilter - Name of an existing VoIP (ips) profile.
- label String
- VDOM-specific GUI visible label.
- log
Http StringTransaction - Enable/disable HTTP transaction log. Valid values:
disable,enable. - logtraffic String
- Enable/disable logging traffic through the policy. Valid values:
disable,all,utm. - logtraffic
Start String - Enable/disable policy log traffic start. Valid values:
disable,enable. - mms
Profile String - Name of an existing MMS profile.
- name String
- Policy name.
- packages
Firewall StringProxypolicy Id - an identifier for the resource with format {{policyid}}.
- pkg String
- Package.
- pkg
Folder StringPath - Pkg Folder Path.
- policyid Number
- Policy ID.
- poolnames List<String>
- Name of IP pool object.
- profile
Group String - Name of profile group.
- profile
Protocol StringOptions - Name of an existing Protocol options profile.
- profile
Type String - Determine whether the firewall policy allows security profile groups or single profiles only. Valid values:
single,group. - proxy String
- Type of explicit proxy. Valid values:
explicit-web,transparent-web,ftp,wanopt,ssh,ssh-tunnel. - redirect
Url String - Redirect URL for further explicit web proxy processing.
- replacemsg
Override StringGroup - Authentication replacement message override group.
- scan
Botnet StringConnections - Enable/disable scanning of connections to Botnet servers. Valid values:
disable,block,monitor. - schedule String
- Name of schedule object.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - sctp
Filter StringProfile - Name of an existing SCTP filter profile.
- service
Negate String - When enabled, services match against any service EXCEPT the specified destination services. Valid values:
disable,enable. - services List<String>
- Name of service objects.
- session
Ttl Number - TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
- spamfilter
Profile String - Name of an existing Spam filter profile.
- srcaddr6s List<String>
- IPv6 source address objects.
- srcaddr
Negate String - When enabled, source addresses match against any address EXCEPT the specified source addresses. Valid values:
disable,enable. - srcaddrs List<String>
- Source address objects.
- srcintf String
- Source interface names.
- ssh
Filter StringProfile - Name of an existing SSH filter profile.
- ssh
Policy StringRedirect - Redirect SSH traffic to matching transparent proxy policy. Valid values:
disable,enable. - ssl
Ssh StringProfile - Name of an existing SSL SSH profile.
- status String
- Enable/disable the active status of the policy. Valid values:
disable,enable. - transparent String
- Enable to use the IP address of the client to connect to the server. Valid values:
disable,enable. - users List<String>
- Names of user objects.
- utm
Status String - Enable the use of UTM profiles/sensors/lists. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- videofilter
Profile String - Name of an existing VideoFilter profile.
- virtual
Patch StringProfile - Virtual-Patch-Profile.
- voip
Profile String - Name of an existing VoIP profile.
- waf
Profile String - Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web caching. Valid values:
disable,enable. - webcache
Https String - Enable/disable web caching for HTTPS (Requires deep-inspection enabled in ssl-ssh-profile). Valid values:
disable,enable. - webfilter
Profile String - Name of an existing Web filter profile.
- webproxy
Forward StringServer - Web proxy forward server name.
- webproxy
Profile String - Name of web proxy profile.
- List<String>
- ZTNA EMS Tag names.
- ztna
Proxies List<String> - IPv4 ZTNA traffic forward proxy.
- String
- ZTNA tag matching logic. Valid values:
or,and.
Import
Packages FirewallProxyPolicy can be imported using any of these accepted formats:
Set import_options = [“pkg_folder_path=YOUR_VALUE”, “pkg=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/packagesFirewallProxypolicy:PackagesFirewallProxypolicy labelname {{policyid}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev