fortios.firewall.Policy6
Explore with Pulumi AI
Configure IPv6 policies. Applies to FortiOS Version <= 6.4.0.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Policy6("trname", {
    action: "deny",
    diffservForward: "disable",
    diffservReverse: "disable",
    diffservcodeForward: "000000",
    diffservcodeRev: "000000",
    dsri: "disable",
    dstaddrs: [{
        name: "all",
    }],
    dstaddrNegate: "disable",
    dstintfs: [{
        name: "port3",
    }],
    firewallSessionDirty: "check-all",
    fixedport: "disable",
    inbound: "disable",
    ippool: "disable",
    logtraffic: "disable",
    logtrafficStart: "disable",
    nat: "disable",
    natinbound: "disable",
    natoutbound: "disable",
    outbound: "disable",
    policyid: 1,
    profileProtocolOptions: "default",
    profileType: "single",
    rsso: "disable",
    schedule: "always",
    sendDenyPacket: "disable",
    services: [{
        name: "ALL",
    }],
    serviceNegate: "disable",
    srcaddrs: [{
        name: "all",
    }],
    srcaddrNegate: "disable",
    srcintfs: [{
        name: "port4",
    }],
    sslMirror: "disable",
    status: "enable",
    tcpMssReceiver: 0,
    tcpMssSender: 0,
    tcpSessionWithoutSyn: "disable",
    timeoutSendRst: "disable",
    tos: "0x00",
    tosMask: "0x00",
    tosNegate: "disable",
    utmStatus: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Policy6("trname",
    action="deny",
    diffserv_forward="disable",
    diffserv_reverse="disable",
    diffservcode_forward="000000",
    diffservcode_rev="000000",
    dsri="disable",
    dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
        name="all",
    )],
    dstaddr_negate="disable",
    dstintfs=[fortios.firewall.Policy6DstintfArgs(
        name="port3",
    )],
    firewall_session_dirty="check-all",
    fixedport="disable",
    inbound="disable",
    ippool="disable",
    logtraffic="disable",
    logtraffic_start="disable",
    nat="disable",
    natinbound="disable",
    natoutbound="disable",
    outbound="disable",
    policyid=1,
    profile_protocol_options="default",
    profile_type="single",
    rsso="disable",
    schedule="always",
    send_deny_packet="disable",
    services=[fortios.firewall.Policy6ServiceArgs(
        name="ALL",
    )],
    service_negate="disable",
    srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
        name="all",
    )],
    srcaddr_negate="disable",
    srcintfs=[fortios.firewall.Policy6SrcintfArgs(
        name="port4",
    )],
    ssl_mirror="disable",
    status="enable",
    tcp_mss_receiver=0,
    tcp_mss_sender=0,
    tcp_session_without_syn="disable",
    timeout_send_rst="disable",
    tos="0x00",
    tos_mask="0x00",
    tos_negate="disable",
    utm_status="disable")
package main
import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firewall.NewPolicy6(ctx, "trname", &firewall.Policy6Args{
			Action:              pulumi.String("deny"),
			DiffservForward:     pulumi.String("disable"),
			DiffservReverse:     pulumi.String("disable"),
			DiffservcodeForward: pulumi.String("000000"),
			DiffservcodeRev:     pulumi.String("000000"),
			Dsri:                pulumi.String("disable"),
			Dstaddrs: firewall.Policy6DstaddrArray{
				&firewall.Policy6DstaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			DstaddrNegate: pulumi.String("disable"),
			Dstintfs: firewall.Policy6DstintfArray{
				&firewall.Policy6DstintfArgs{
					Name: pulumi.String("port3"),
				},
			},
			FirewallSessionDirty:   pulumi.String("check-all"),
			Fixedport:              pulumi.String("disable"),
			Inbound:                pulumi.String("disable"),
			Ippool:                 pulumi.String("disable"),
			Logtraffic:             pulumi.String("disable"),
			LogtrafficStart:        pulumi.String("disable"),
			Nat:                    pulumi.String("disable"),
			Natinbound:             pulumi.String("disable"),
			Natoutbound:            pulumi.String("disable"),
			Outbound:               pulumi.String("disable"),
			Policyid:               pulumi.Int(1),
			ProfileProtocolOptions: pulumi.String("default"),
			ProfileType:            pulumi.String("single"),
			Rsso:                   pulumi.String("disable"),
			Schedule:               pulumi.String("always"),
			SendDenyPacket:         pulumi.String("disable"),
			Services: firewall.Policy6ServiceArray{
				&firewall.Policy6ServiceArgs{
					Name: pulumi.String("ALL"),
				},
			},
			ServiceNegate: pulumi.String("disable"),
			Srcaddrs: firewall.Policy6SrcaddrArray{
				&firewall.Policy6SrcaddrArgs{
					Name: pulumi.String("all"),
				},
			},
			SrcaddrNegate: pulumi.String("disable"),
			Srcintfs: firewall.Policy6SrcintfArray{
				&firewall.Policy6SrcintfArgs{
					Name: pulumi.String("port4"),
				},
			},
			SslMirror:            pulumi.String("disable"),
			Status:               pulumi.String("enable"),
			TcpMssReceiver:       pulumi.Int(0),
			TcpMssSender:         pulumi.Int(0),
			TcpSessionWithoutSyn: pulumi.String("disable"),
			TimeoutSendRst:       pulumi.String("disable"),
			Tos:                  pulumi.String("0x00"),
			TosMask:              pulumi.String("0x00"),
			TosNegate:            pulumi.String("disable"),
			UtmStatus:            pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Firewall.Policy6("trname", new()
    {
        Action = "deny",
        DiffservForward = "disable",
        DiffservReverse = "disable",
        DiffservcodeForward = "000000",
        DiffservcodeRev = "000000",
        Dsri = "disable",
        Dstaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstaddrArgs
            {
                Name = "all",
            },
        },
        DstaddrNegate = "disable",
        Dstintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstintfArgs
            {
                Name = "port3",
            },
        },
        FirewallSessionDirty = "check-all",
        Fixedport = "disable",
        Inbound = "disable",
        Ippool = "disable",
        Logtraffic = "disable",
        LogtrafficStart = "disable",
        Nat = "disable",
        Natinbound = "disable",
        Natoutbound = "disable",
        Outbound = "disable",
        Policyid = 1,
        ProfileProtocolOptions = "default",
        ProfileType = "single",
        Rsso = "disable",
        Schedule = "always",
        SendDenyPacket = "disable",
        Services = new[]
        {
            new Fortios.Firewall.Inputs.Policy6ServiceArgs
            {
                Name = "ALL",
            },
        },
        ServiceNegate = "disable",
        Srcaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
            {
                Name = "all",
            },
        },
        SrcaddrNegate = "disable",
        Srcintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcintfArgs
            {
                Name = "port4",
            },
        },
        SslMirror = "disable",
        Status = "enable",
        TcpMssReceiver = 0,
        TcpMssSender = 0,
        TcpSessionWithoutSyn = "disable",
        TimeoutSendRst = "disable",
        Tos = "0x00",
        TosMask = "0x00",
        TosNegate = "disable",
        UtmStatus = "disable",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Policy6;
import com.pulumi.fortios.firewall.Policy6Args;
import com.pulumi.fortios.firewall.inputs.Policy6DstaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6DstintfArgs;
import com.pulumi.fortios.firewall.inputs.Policy6ServiceArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcaddrArgs;
import com.pulumi.fortios.firewall.inputs.Policy6SrcintfArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var trname = new Policy6("trname", Policy6Args.builder()
            .action("deny")
            .diffservForward("disable")
            .diffservReverse("disable")
            .diffservcodeForward("000000")
            .diffservcodeRev("000000")
            .dsri("disable")
            .dstaddrs(Policy6DstaddrArgs.builder()
                .name("all")
                .build())
            .dstaddrNegate("disable")
            .dstintfs(Policy6DstintfArgs.builder()
                .name("port3")
                .build())
            .firewallSessionDirty("check-all")
            .fixedport("disable")
            .inbound("disable")
            .ippool("disable")
            .logtraffic("disable")
            .logtrafficStart("disable")
            .nat("disable")
            .natinbound("disable")
            .natoutbound("disable")
            .outbound("disable")
            .policyid(1)
            .profileProtocolOptions("default")
            .profileType("single")
            .rsso("disable")
            .schedule("always")
            .sendDenyPacket("disable")
            .services(Policy6ServiceArgs.builder()
                .name("ALL")
                .build())
            .serviceNegate("disable")
            .srcaddrs(Policy6SrcaddrArgs.builder()
                .name("all")
                .build())
            .srcaddrNegate("disable")
            .srcintfs(Policy6SrcintfArgs.builder()
                .name("port4")
                .build())
            .sslMirror("disable")
            .status("enable")
            .tcpMssReceiver(0)
            .tcpMssSender(0)
            .tcpSessionWithoutSyn("disable")
            .timeoutSendRst("disable")
            .tos("0x00")
            .tosMask("0x00")
            .tosNegate("disable")
            .utmStatus("disable")
            .build());
    }
}
resources:
  trname:
    type: fortios:firewall:Policy6
    properties:
      action: deny
      diffservForward: disable
      diffservReverse: disable
      diffservcodeForward: '000000'
      diffservcodeRev: '000000'
      dsri: disable
      dstaddrs:
        - name: all
      dstaddrNegate: disable
      dstintfs:
        - name: port3
      firewallSessionDirty: check-all
      fixedport: disable
      inbound: disable
      ippool: disable
      logtraffic: disable
      logtrafficStart: disable
      nat: disable
      natinbound: disable
      natoutbound: disable
      outbound: disable
      policyid: 1
      profileProtocolOptions: default
      profileType: single
      rsso: disable
      schedule: always
      sendDenyPacket: disable
      services:
        - name: ALL
      serviceNegate: disable
      srcaddrs:
        - name: all
      srcaddrNegate: disable
      srcintfs:
        - name: port4
      sslMirror: disable
      status: enable
      tcpMssReceiver: 0
      tcpMssSender: 0
      tcpSessionWithoutSyn: disable
      timeoutSendRst: disable
      tos: 0x00
      tosMask: 0x00
      tosNegate: disable
      utmStatus: disable
Create Policy6 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy6(name: string, args: Policy6Args, opts?: CustomResourceOptions);@overload
def Policy6(resource_name: str,
            args: Policy6Args,
            opts: Optional[ResourceOptions] = None)
@overload
def Policy6(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
            dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
            schedule: Optional[str] = None,
            srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
            srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
            natoutbound: Optional[str] = None,
            ssl_ssh_profile: Optional[str] = None,
            app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
            app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
            application_list: Optional[str] = None,
            applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
            auto_asic_offload: Optional[str] = None,
            av_profile: Optional[str] = None,
            cifs_profile: Optional[str] = None,
            comments: Optional[str] = None,
            custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
            decrypted_traffic_mirror: Optional[str] = None,
            devices: Optional[Sequence[Policy6DeviceArgs]] = None,
            diffserv_forward: Optional[str] = None,
            diffserv_reverse: Optional[str] = None,
            diffservcode_forward: Optional[str] = None,
            diffservcode_rev: Optional[str] = None,
            dlp_sensor: Optional[str] = None,
            dnsfilter_profile: Optional[str] = None,
            dsri: Optional[str] = None,
            dstaddr_negate: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            emailfilter_profile: Optional[str] = None,
            firewall_session_dirty: Optional[str] = None,
            outbound: Optional[str] = None,
            fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
            get_all_tables: Optional[str] = None,
            global_label: Optional[str] = None,
            groups: Optional[Sequence[Policy6GroupArgs]] = None,
            http_policy_redirect: Optional[str] = None,
            icap_profile: Optional[str] = None,
            inbound: Optional[str] = None,
            inspection_mode: Optional[str] = None,
            ippool: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            label: Optional[str] = None,
            logtraffic: Optional[str] = None,
            logtraffic_start: Optional[str] = None,
            name: Optional[str] = None,
            nat: Optional[str] = None,
            natinbound: Optional[str] = None,
            action: Optional[str] = None,
            fixedport: Optional[str] = None,
            anti_replay: Optional[str] = None,
            voip_profile: Optional[str] = None,
            poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
            profile_group: Optional[str] = None,
            profile_protocol_options: Optional[str] = None,
            profile_type: Optional[str] = None,
            replacemsg_override_group: Optional[str] = None,
            rsso: Optional[str] = None,
            send_deny_packet: Optional[str] = None,
            service_negate: Optional[str] = None,
            services: Optional[Sequence[Policy6ServiceArgs]] = None,
            session_ttl: Optional[int] = None,
            spamfilter_profile: Optional[str] = None,
            srcaddr_negate: Optional[str] = None,
            ssh_filter_profile: Optional[str] = None,
            ssh_policy_redirect: Optional[str] = None,
            ssl_mirror: Optional[str] = None,
            ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
            per_ip_shaper: Optional[str] = None,
            status: Optional[str] = None,
            tcp_mss_receiver: Optional[int] = None,
            tcp_mss_sender: Optional[int] = None,
            tcp_session_without_syn: Optional[str] = None,
            timeout_send_rst: Optional[str] = None,
            tos: Optional[str] = None,
            tos_mask: Optional[str] = None,
            tos_negate: Optional[str] = None,
            traffic_shaper: Optional[str] = None,
            traffic_shaper_reverse: Optional[str] = None,
            url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
            users: Optional[Sequence[Policy6UserArgs]] = None,
            utm_status: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vlan_cos_fwd: Optional[int] = None,
            vlan_cos_rev: Optional[int] = None,
            vlan_filter: Optional[str] = None,
            policyid: Optional[int] = None,
            vpntunnel: Optional[str] = None,
            waf_profile: Optional[str] = None,
            webcache: Optional[str] = None,
            webcache_https: Optional[str] = None,
            webfilter_profile: Optional[str] = None,
            webproxy_forward_server: Optional[str] = None,
            webproxy_profile: Optional[str] = None)func NewPolicy6(ctx *Context, name string, args Policy6Args, opts ...ResourceOption) (*Policy6, error)public Policy6(string name, Policy6Args args, CustomResourceOptions? opts = null)
public Policy6(String name, Policy6Args args)
public Policy6(String name, Policy6Args args, CustomResourceOptions options)
type: fortios:firewall:Policy6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args Policy6Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policy6Resource = new Fortios.Firewall.Policy6("policy6Resource", new()
{
    Dstaddrs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DstaddrArgs
        {
            Name = "string",
        },
    },
    Dstintfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DstintfArgs
        {
            Name = "string",
        },
    },
    Schedule = "string",
    Srcaddrs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
        {
            Name = "string",
        },
    },
    Srcintfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SrcintfArgs
        {
            Name = "string",
        },
    },
    Natoutbound = "string",
    SslSshProfile = "string",
    AppCategories = new[]
    {
        new Fortios.Firewall.Inputs.Policy6AppCategoryArgs
        {
            Id = 0,
        },
    },
    AppGroups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6AppGroupArgs
        {
            Name = "string",
        },
    },
    ApplicationList = "string",
    Applications = new[]
    {
        new Fortios.Firewall.Inputs.Policy6ApplicationArgs
        {
            Id = 0,
        },
    },
    AutoAsicOffload = "string",
    AvProfile = "string",
    CifsProfile = "string",
    Comments = "string",
    CustomLogFields = new[]
    {
        new Fortios.Firewall.Inputs.Policy6CustomLogFieldArgs
        {
            FieldId = "string",
        },
    },
    DecryptedTrafficMirror = "string",
    Devices = new[]
    {
        new Fortios.Firewall.Inputs.Policy6DeviceArgs
        {
            Name = "string",
        },
    },
    DiffservForward = "string",
    DiffservReverse = "string",
    DiffservcodeForward = "string",
    DiffservcodeRev = "string",
    DlpSensor = "string",
    DnsfilterProfile = "string",
    Dsri = "string",
    DstaddrNegate = "string",
    DynamicSortSubtable = "string",
    EmailfilterProfile = "string",
    FirewallSessionDirty = "string",
    Outbound = "string",
    FssoGroups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6FssoGroupArgs
        {
            Name = "string",
        },
    },
    GetAllTables = "string",
    GlobalLabel = "string",
    Groups = new[]
    {
        new Fortios.Firewall.Inputs.Policy6GroupArgs
        {
            Name = "string",
        },
    },
    HttpPolicyRedirect = "string",
    IcapProfile = "string",
    Inbound = "string",
    InspectionMode = "string",
    Ippool = "string",
    IpsSensor = "string",
    Label = "string",
    Logtraffic = "string",
    LogtrafficStart = "string",
    Name = "string",
    Nat = "string",
    Natinbound = "string",
    Action = "string",
    Fixedport = "string",
    AntiReplay = "string",
    VoipProfile = "string",
    Poolnames = new[]
    {
        new Fortios.Firewall.Inputs.Policy6PoolnameArgs
        {
            Name = "string",
        },
    },
    ProfileGroup = "string",
    ProfileProtocolOptions = "string",
    ProfileType = "string",
    ReplacemsgOverrideGroup = "string",
    Rsso = "string",
    SendDenyPacket = "string",
    ServiceNegate = "string",
    Services = new[]
    {
        new Fortios.Firewall.Inputs.Policy6ServiceArgs
        {
            Name = "string",
        },
    },
    SessionTtl = 0,
    SpamfilterProfile = "string",
    SrcaddrNegate = "string",
    SshFilterProfile = "string",
    SshPolicyRedirect = "string",
    SslMirror = "string",
    SslMirrorIntfs = new[]
    {
        new Fortios.Firewall.Inputs.Policy6SslMirrorIntfArgs
        {
            Name = "string",
        },
    },
    PerIpShaper = "string",
    Status = "string",
    TcpMssReceiver = 0,
    TcpMssSender = 0,
    TcpSessionWithoutSyn = "string",
    TimeoutSendRst = "string",
    Tos = "string",
    TosMask = "string",
    TosNegate = "string",
    TrafficShaper = "string",
    TrafficShaperReverse = "string",
    UrlCategories = new[]
    {
        new Fortios.Firewall.Inputs.Policy6UrlCategoryArgs
        {
            Id = 0,
        },
    },
    Users = new[]
    {
        new Fortios.Firewall.Inputs.Policy6UserArgs
        {
            Name = "string",
        },
    },
    UtmStatus = "string",
    Uuid = "string",
    Vdomparam = "string",
    VlanCosFwd = 0,
    VlanCosRev = 0,
    VlanFilter = "string",
    Policyid = 0,
    Vpntunnel = "string",
    WafProfile = "string",
    Webcache = "string",
    WebcacheHttps = "string",
    WebfilterProfile = "string",
    WebproxyForwardServer = "string",
    WebproxyProfile = "string",
});
example, err := firewall.NewPolicy6(ctx, "policy6Resource", &firewall.Policy6Args{
	Dstaddrs: firewall.Policy6DstaddrArray{
		&firewall.Policy6DstaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Dstintfs: firewall.Policy6DstintfArray{
		&firewall.Policy6DstintfArgs{
			Name: pulumi.String("string"),
		},
	},
	Schedule: pulumi.String("string"),
	Srcaddrs: firewall.Policy6SrcaddrArray{
		&firewall.Policy6SrcaddrArgs{
			Name: pulumi.String("string"),
		},
	},
	Srcintfs: firewall.Policy6SrcintfArray{
		&firewall.Policy6SrcintfArgs{
			Name: pulumi.String("string"),
		},
	},
	Natoutbound:   pulumi.String("string"),
	SslSshProfile: pulumi.String("string"),
	AppCategories: firewall.Policy6AppCategoryArray{
		&firewall.Policy6AppCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	AppGroups: firewall.Policy6AppGroupArray{
		&firewall.Policy6AppGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	ApplicationList: pulumi.String("string"),
	Applications: firewall.Policy6ApplicationArray{
		&firewall.Policy6ApplicationArgs{
			Id: pulumi.Int(0),
		},
	},
	AutoAsicOffload: pulumi.String("string"),
	AvProfile:       pulumi.String("string"),
	CifsProfile:     pulumi.String("string"),
	Comments:        pulumi.String("string"),
	CustomLogFields: firewall.Policy6CustomLogFieldArray{
		&firewall.Policy6CustomLogFieldArgs{
			FieldId: pulumi.String("string"),
		},
	},
	DecryptedTrafficMirror: pulumi.String("string"),
	Devices: firewall.Policy6DeviceArray{
		&firewall.Policy6DeviceArgs{
			Name: pulumi.String("string"),
		},
	},
	DiffservForward:      pulumi.String("string"),
	DiffservReverse:      pulumi.String("string"),
	DiffservcodeForward:  pulumi.String("string"),
	DiffservcodeRev:      pulumi.String("string"),
	DlpSensor:            pulumi.String("string"),
	DnsfilterProfile:     pulumi.String("string"),
	Dsri:                 pulumi.String("string"),
	DstaddrNegate:        pulumi.String("string"),
	DynamicSortSubtable:  pulumi.String("string"),
	EmailfilterProfile:   pulumi.String("string"),
	FirewallSessionDirty: pulumi.String("string"),
	Outbound:             pulumi.String("string"),
	FssoGroups: firewall.Policy6FssoGroupArray{
		&firewall.Policy6FssoGroupArgs{
			Name: pulumi.String("string"),
		},
	},
	GetAllTables: pulumi.String("string"),
	GlobalLabel:  pulumi.String("string"),
	Groups: firewall.Policy6GroupArray{
		&firewall.Policy6GroupArgs{
			Name: pulumi.String("string"),
		},
	},
	HttpPolicyRedirect: pulumi.String("string"),
	IcapProfile:        pulumi.String("string"),
	Inbound:            pulumi.String("string"),
	InspectionMode:     pulumi.String("string"),
	Ippool:             pulumi.String("string"),
	IpsSensor:          pulumi.String("string"),
	Label:              pulumi.String("string"),
	Logtraffic:         pulumi.String("string"),
	LogtrafficStart:    pulumi.String("string"),
	Name:               pulumi.String("string"),
	Nat:                pulumi.String("string"),
	Natinbound:         pulumi.String("string"),
	Action:             pulumi.String("string"),
	Fixedport:          pulumi.String("string"),
	AntiReplay:         pulumi.String("string"),
	VoipProfile:        pulumi.String("string"),
	Poolnames: firewall.Policy6PoolnameArray{
		&firewall.Policy6PoolnameArgs{
			Name: pulumi.String("string"),
		},
	},
	ProfileGroup:            pulumi.String("string"),
	ProfileProtocolOptions:  pulumi.String("string"),
	ProfileType:             pulumi.String("string"),
	ReplacemsgOverrideGroup: pulumi.String("string"),
	Rsso:                    pulumi.String("string"),
	SendDenyPacket:          pulumi.String("string"),
	ServiceNegate:           pulumi.String("string"),
	Services: firewall.Policy6ServiceArray{
		&firewall.Policy6ServiceArgs{
			Name: pulumi.String("string"),
		},
	},
	SessionTtl:        pulumi.Int(0),
	SpamfilterProfile: pulumi.String("string"),
	SrcaddrNegate:     pulumi.String("string"),
	SshFilterProfile:  pulumi.String("string"),
	SshPolicyRedirect: pulumi.String("string"),
	SslMirror:         pulumi.String("string"),
	SslMirrorIntfs: firewall.Policy6SslMirrorIntfArray{
		&firewall.Policy6SslMirrorIntfArgs{
			Name: pulumi.String("string"),
		},
	},
	PerIpShaper:          pulumi.String("string"),
	Status:               pulumi.String("string"),
	TcpMssReceiver:       pulumi.Int(0),
	TcpMssSender:         pulumi.Int(0),
	TcpSessionWithoutSyn: pulumi.String("string"),
	TimeoutSendRst:       pulumi.String("string"),
	Tos:                  pulumi.String("string"),
	TosMask:              pulumi.String("string"),
	TosNegate:            pulumi.String("string"),
	TrafficShaper:        pulumi.String("string"),
	TrafficShaperReverse: pulumi.String("string"),
	UrlCategories: firewall.Policy6UrlCategoryArray{
		&firewall.Policy6UrlCategoryArgs{
			Id: pulumi.Int(0),
		},
	},
	Users: firewall.Policy6UserArray{
		&firewall.Policy6UserArgs{
			Name: pulumi.String("string"),
		},
	},
	UtmStatus:             pulumi.String("string"),
	Uuid:                  pulumi.String("string"),
	Vdomparam:             pulumi.String("string"),
	VlanCosFwd:            pulumi.Int(0),
	VlanCosRev:            pulumi.Int(0),
	VlanFilter:            pulumi.String("string"),
	Policyid:              pulumi.Int(0),
	Vpntunnel:             pulumi.String("string"),
	WafProfile:            pulumi.String("string"),
	Webcache:              pulumi.String("string"),
	WebcacheHttps:         pulumi.String("string"),
	WebfilterProfile:      pulumi.String("string"),
	WebproxyForwardServer: pulumi.String("string"),
	WebproxyProfile:       pulumi.String("string"),
})
var policy6Resource = new com.pulumiverse.fortios.firewall.Policy6("policy6Resource", com.pulumiverse.fortios.firewall.Policy6Args.builder()
    .dstaddrs(Policy6DstaddrArgs.builder()
        .name("string")
        .build())
    .dstintfs(Policy6DstintfArgs.builder()
        .name("string")
        .build())
    .schedule("string")
    .srcaddrs(Policy6SrcaddrArgs.builder()
        .name("string")
        .build())
    .srcintfs(Policy6SrcintfArgs.builder()
        .name("string")
        .build())
    .natoutbound("string")
    .sslSshProfile("string")
    .appCategories(Policy6AppCategoryArgs.builder()
        .id(0)
        .build())
    .appGroups(Policy6AppGroupArgs.builder()
        .name("string")
        .build())
    .applicationList("string")
    .applications(Policy6ApplicationArgs.builder()
        .id(0)
        .build())
    .autoAsicOffload("string")
    .avProfile("string")
    .cifsProfile("string")
    .comments("string")
    .customLogFields(Policy6CustomLogFieldArgs.builder()
        .fieldId("string")
        .build())
    .decryptedTrafficMirror("string")
    .devices(Policy6DeviceArgs.builder()
        .name("string")
        .build())
    .diffservForward("string")
    .diffservReverse("string")
    .diffservcodeForward("string")
    .diffservcodeRev("string")
    .dlpSensor("string")
    .dnsfilterProfile("string")
    .dsri("string")
    .dstaddrNegate("string")
    .dynamicSortSubtable("string")
    .emailfilterProfile("string")
    .firewallSessionDirty("string")
    .outbound("string")
    .fssoGroups(Policy6FssoGroupArgs.builder()
        .name("string")
        .build())
    .getAllTables("string")
    .globalLabel("string")
    .groups(Policy6GroupArgs.builder()
        .name("string")
        .build())
    .httpPolicyRedirect("string")
    .icapProfile("string")
    .inbound("string")
    .inspectionMode("string")
    .ippool("string")
    .ipsSensor("string")
    .label("string")
    .logtraffic("string")
    .logtrafficStart("string")
    .name("string")
    .nat("string")
    .natinbound("string")
    .action("string")
    .fixedport("string")
    .antiReplay("string")
    .voipProfile("string")
    .poolnames(Policy6PoolnameArgs.builder()
        .name("string")
        .build())
    .profileGroup("string")
    .profileProtocolOptions("string")
    .profileType("string")
    .replacemsgOverrideGroup("string")
    .rsso("string")
    .sendDenyPacket("string")
    .serviceNegate("string")
    .services(Policy6ServiceArgs.builder()
        .name("string")
        .build())
    .sessionTtl(0)
    .spamfilterProfile("string")
    .srcaddrNegate("string")
    .sshFilterProfile("string")
    .sshPolicyRedirect("string")
    .sslMirror("string")
    .sslMirrorIntfs(Policy6SslMirrorIntfArgs.builder()
        .name("string")
        .build())
    .perIpShaper("string")
    .status("string")
    .tcpMssReceiver(0)
    .tcpMssSender(0)
    .tcpSessionWithoutSyn("string")
    .timeoutSendRst("string")
    .tos("string")
    .tosMask("string")
    .tosNegate("string")
    .trafficShaper("string")
    .trafficShaperReverse("string")
    .urlCategories(Policy6UrlCategoryArgs.builder()
        .id(0)
        .build())
    .users(Policy6UserArgs.builder()
        .name("string")
        .build())
    .utmStatus("string")
    .uuid("string")
    .vdomparam("string")
    .vlanCosFwd(0)
    .vlanCosRev(0)
    .vlanFilter("string")
    .policyid(0)
    .vpntunnel("string")
    .wafProfile("string")
    .webcache("string")
    .webcacheHttps("string")
    .webfilterProfile("string")
    .webproxyForwardServer("string")
    .webproxyProfile("string")
    .build());
policy6_resource = fortios.firewall.Policy6("policy6Resource",
    dstaddrs=[{
        "name": "string",
    }],
    dstintfs=[{
        "name": "string",
    }],
    schedule="string",
    srcaddrs=[{
        "name": "string",
    }],
    srcintfs=[{
        "name": "string",
    }],
    natoutbound="string",
    ssl_ssh_profile="string",
    app_categories=[{
        "id": 0,
    }],
    app_groups=[{
        "name": "string",
    }],
    application_list="string",
    applications=[{
        "id": 0,
    }],
    auto_asic_offload="string",
    av_profile="string",
    cifs_profile="string",
    comments="string",
    custom_log_fields=[{
        "field_id": "string",
    }],
    decrypted_traffic_mirror="string",
    devices=[{
        "name": "string",
    }],
    diffserv_forward="string",
    diffserv_reverse="string",
    diffservcode_forward="string",
    diffservcode_rev="string",
    dlp_sensor="string",
    dnsfilter_profile="string",
    dsri="string",
    dstaddr_negate="string",
    dynamic_sort_subtable="string",
    emailfilter_profile="string",
    firewall_session_dirty="string",
    outbound="string",
    fsso_groups=[{
        "name": "string",
    }],
    get_all_tables="string",
    global_label="string",
    groups=[{
        "name": "string",
    }],
    http_policy_redirect="string",
    icap_profile="string",
    inbound="string",
    inspection_mode="string",
    ippool="string",
    ips_sensor="string",
    label="string",
    logtraffic="string",
    logtraffic_start="string",
    name="string",
    nat="string",
    natinbound="string",
    action="string",
    fixedport="string",
    anti_replay="string",
    voip_profile="string",
    poolnames=[{
        "name": "string",
    }],
    profile_group="string",
    profile_protocol_options="string",
    profile_type="string",
    replacemsg_override_group="string",
    rsso="string",
    send_deny_packet="string",
    service_negate="string",
    services=[{
        "name": "string",
    }],
    session_ttl=0,
    spamfilter_profile="string",
    srcaddr_negate="string",
    ssh_filter_profile="string",
    ssh_policy_redirect="string",
    ssl_mirror="string",
    ssl_mirror_intfs=[{
        "name": "string",
    }],
    per_ip_shaper="string",
    status="string",
    tcp_mss_receiver=0,
    tcp_mss_sender=0,
    tcp_session_without_syn="string",
    timeout_send_rst="string",
    tos="string",
    tos_mask="string",
    tos_negate="string",
    traffic_shaper="string",
    traffic_shaper_reverse="string",
    url_categories=[{
        "id": 0,
    }],
    users=[{
        "name": "string",
    }],
    utm_status="string",
    uuid="string",
    vdomparam="string",
    vlan_cos_fwd=0,
    vlan_cos_rev=0,
    vlan_filter="string",
    policyid=0,
    vpntunnel="string",
    waf_profile="string",
    webcache="string",
    webcache_https="string",
    webfilter_profile="string",
    webproxy_forward_server="string",
    webproxy_profile="string")
const policy6Resource = new fortios.firewall.Policy6("policy6Resource", {
    dstaddrs: [{
        name: "string",
    }],
    dstintfs: [{
        name: "string",
    }],
    schedule: "string",
    srcaddrs: [{
        name: "string",
    }],
    srcintfs: [{
        name: "string",
    }],
    natoutbound: "string",
    sslSshProfile: "string",
    appCategories: [{
        id: 0,
    }],
    appGroups: [{
        name: "string",
    }],
    applicationList: "string",
    applications: [{
        id: 0,
    }],
    autoAsicOffload: "string",
    avProfile: "string",
    cifsProfile: "string",
    comments: "string",
    customLogFields: [{
        fieldId: "string",
    }],
    decryptedTrafficMirror: "string",
    devices: [{
        name: "string",
    }],
    diffservForward: "string",
    diffservReverse: "string",
    diffservcodeForward: "string",
    diffservcodeRev: "string",
    dlpSensor: "string",
    dnsfilterProfile: "string",
    dsri: "string",
    dstaddrNegate: "string",
    dynamicSortSubtable: "string",
    emailfilterProfile: "string",
    firewallSessionDirty: "string",
    outbound: "string",
    fssoGroups: [{
        name: "string",
    }],
    getAllTables: "string",
    globalLabel: "string",
    groups: [{
        name: "string",
    }],
    httpPolicyRedirect: "string",
    icapProfile: "string",
    inbound: "string",
    inspectionMode: "string",
    ippool: "string",
    ipsSensor: "string",
    label: "string",
    logtraffic: "string",
    logtrafficStart: "string",
    name: "string",
    nat: "string",
    natinbound: "string",
    action: "string",
    fixedport: "string",
    antiReplay: "string",
    voipProfile: "string",
    poolnames: [{
        name: "string",
    }],
    profileGroup: "string",
    profileProtocolOptions: "string",
    profileType: "string",
    replacemsgOverrideGroup: "string",
    rsso: "string",
    sendDenyPacket: "string",
    serviceNegate: "string",
    services: [{
        name: "string",
    }],
    sessionTtl: 0,
    spamfilterProfile: "string",
    srcaddrNegate: "string",
    sshFilterProfile: "string",
    sshPolicyRedirect: "string",
    sslMirror: "string",
    sslMirrorIntfs: [{
        name: "string",
    }],
    perIpShaper: "string",
    status: "string",
    tcpMssReceiver: 0,
    tcpMssSender: 0,
    tcpSessionWithoutSyn: "string",
    timeoutSendRst: "string",
    tos: "string",
    tosMask: "string",
    tosNegate: "string",
    trafficShaper: "string",
    trafficShaperReverse: "string",
    urlCategories: [{
        id: 0,
    }],
    users: [{
        name: "string",
    }],
    utmStatus: "string",
    uuid: "string",
    vdomparam: "string",
    vlanCosFwd: 0,
    vlanCosRev: 0,
    vlanFilter: "string",
    policyid: 0,
    vpntunnel: "string",
    wafProfile: "string",
    webcache: "string",
    webcacheHttps: "string",
    webfilterProfile: "string",
    webproxyForwardServer: "string",
    webproxyProfile: "string",
});
type: fortios:firewall:Policy6
properties:
    action: string
    antiReplay: string
    appCategories:
        - id: 0
    appGroups:
        - name: string
    applicationList: string
    applications:
        - id: 0
    autoAsicOffload: string
    avProfile: string
    cifsProfile: string
    comments: string
    customLogFields:
        - fieldId: string
    decryptedTrafficMirror: string
    devices:
        - name: string
    diffservForward: string
    diffservReverse: string
    diffservcodeForward: string
    diffservcodeRev: string
    dlpSensor: string
    dnsfilterProfile: string
    dsri: string
    dstaddrNegate: string
    dstaddrs:
        - name: string
    dstintfs:
        - name: string
    dynamicSortSubtable: string
    emailfilterProfile: string
    firewallSessionDirty: string
    fixedport: string
    fssoGroups:
        - name: string
    getAllTables: string
    globalLabel: string
    groups:
        - name: string
    httpPolicyRedirect: string
    icapProfile: string
    inbound: string
    inspectionMode: string
    ippool: string
    ipsSensor: string
    label: string
    logtraffic: string
    logtrafficStart: string
    name: string
    nat: string
    natinbound: string
    natoutbound: string
    outbound: string
    perIpShaper: string
    policyid: 0
    poolnames:
        - name: string
    profileGroup: string
    profileProtocolOptions: string
    profileType: string
    replacemsgOverrideGroup: string
    rsso: string
    schedule: string
    sendDenyPacket: string
    serviceNegate: string
    services:
        - name: string
    sessionTtl: 0
    spamfilterProfile: string
    srcaddrNegate: string
    srcaddrs:
        - name: string
    srcintfs:
        - name: string
    sshFilterProfile: string
    sshPolicyRedirect: string
    sslMirror: string
    sslMirrorIntfs:
        - name: string
    sslSshProfile: string
    status: string
    tcpMssReceiver: 0
    tcpMssSender: 0
    tcpSessionWithoutSyn: string
    timeoutSendRst: string
    tos: string
    tosMask: string
    tosNegate: string
    trafficShaper: string
    trafficShaperReverse: string
    urlCategories:
        - id: 0
    users:
        - name: string
    utmStatus: string
    uuid: string
    vdomparam: string
    vlanCosFwd: 0
    vlanCosRev: 0
    vlanFilter: string
    voipProfile: string
    vpntunnel: string
    wafProfile: string
    webcache: string
    webcacheHttps: string
    webfilterProfile: string
    webproxyForwardServer: string
    webproxyProfile: string
Policy6 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy6 resource accepts the following input properties:
- Dstaddrs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Dstaddr> 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- Dstintfs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Dstintf> 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- Schedule string
- Schedule name.
- Srcaddrs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Srcaddr> 
- Source address and address group names. The structure of srcaddrblock is documented below.
- Srcintfs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Srcintf> 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- Action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- AntiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- AppCategories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Category> 
- Application category ID list. The structure of app_categoryblock is documented below.
- AppGroups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Group> 
- Application group names. The structure of app_groupblock is documented below.
- ApplicationList string
- Name of an existing Application list.
- Applications
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Application> 
- Application ID list. The structure of applicationblock is documented below.
- AutoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- AvProfile string
- Name of an existing Antivirus profile.
- CifsProfile string
- Name of an existing CIFS profile.
- Comments string
- Comment.
- CustomLog List<Pulumiverse.Fields Fortios. Firewall. Inputs. Policy6Custom Log Field> 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- DecryptedTraffic stringMirror 
- Decrypted traffic mirror.
- Devices
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Device> 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- DiffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- DiffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- DiffservcodeForward string
- Change packet's DiffServ to this value.
- DiffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- DlpSensor string
- Name of an existing DLP sensor.
- DnsfilterProfile string
- Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- DstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- EmailfilterProfile string
- Name of an existing email filter profile.
- FirewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- FssoGroups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Fsso Group> 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GlobalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- Groups
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Group> 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- HttpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- IcapProfile string
- Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- InspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- Ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- IpsSensor string
- Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- LogtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values: enable,disable.
- Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- PerIp stringShaper 
- Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Poolname> 
- IP Pool names. The structure of poolnameblock is documented below.
- ProfileGroup string
- Name of profile group.
- ProfileProtocol stringOptions 
- Name of an existing Protocol options profile.
- ProfileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- ReplacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- SendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- ServiceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- Services
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Service> 
- Service and service group names. The structure of serviceblock is documented below.
- SessionTtl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- SpamfilterProfile string
- Name of an existing Spam filter profile.
- SrcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- SshFilter stringProfile 
- Name of an existing SSH filter profile.
- SshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- SslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- SslMirror List<Pulumiverse.Intfs Fortios. Firewall. Inputs. Policy6Ssl Mirror Intf> 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- SslSsh stringProfile 
- Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values: enable,disable.
- TcpMss intReceiver 
- Receiver TCP maximum segment size (MSS).
- TcpMss intSender 
- Sender TCP maximum segment size (MSS).
- TcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- TimeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- Tos string
- ToS (Type of Service) value used for comparison.
- TosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- TosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- TrafficShaper string
- Reverse traffic shaper.
- TrafficShaper stringReverse 
- Reverse traffic shaper.
- UrlCategories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Url Category> 
- URL category ID list. The structure of url_categoryblock is documented below.
- Users
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6User> 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- UtmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanCos intFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanCos intRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanFilter string
- Set VLAN filters.
- VoipProfile string
- Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- WafProfile string
- Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values: enable,disable.
- WebcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- WebfilterProfile string
- Name of an existing Web filter profile.
- WebproxyForward stringServer 
- Web proxy forward server name.
- WebproxyProfile string
- Webproxy profile name.
- Dstaddrs
[]Policy6DstaddrArgs 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- Dstintfs
[]Policy6DstintfArgs 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- Schedule string
- Schedule name.
- Srcaddrs
[]Policy6SrcaddrArgs 
- Source address and address group names. The structure of srcaddrblock is documented below.
- Srcintfs
[]Policy6SrcintfArgs 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- Action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- AntiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- AppCategories []Policy6AppCategory Args 
- Application category ID list. The structure of app_categoryblock is documented below.
- AppGroups []Policy6AppGroup Args 
- Application group names. The structure of app_groupblock is documented below.
- ApplicationList string
- Name of an existing Application list.
- Applications
[]Policy6ApplicationArgs 
- Application ID list. The structure of applicationblock is documented below.
- AutoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- AvProfile string
- Name of an existing Antivirus profile.
- CifsProfile string
- Name of an existing CIFS profile.
- Comments string
- Comment.
- CustomLog []Policy6CustomFields Log Field Args 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- DecryptedTraffic stringMirror 
- Decrypted traffic mirror.
- Devices
[]Policy6DeviceArgs 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- DiffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- DiffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- DiffservcodeForward string
- Change packet's DiffServ to this value.
- DiffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- DlpSensor string
- Name of an existing DLP sensor.
- DnsfilterProfile string
- Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- DstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- EmailfilterProfile string
- Name of an existing email filter profile.
- FirewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- FssoGroups []Policy6FssoGroup Args 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GlobalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- Groups
[]Policy6GroupArgs 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- HttpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- IcapProfile string
- Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- InspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- Ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- IpsSensor string
- Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- LogtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values: enable,disable.
- Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- PerIp stringShaper 
- Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
[]Policy6PoolnameArgs 
- IP Pool names. The structure of poolnameblock is documented below.
- ProfileGroup string
- Name of profile group.
- ProfileProtocol stringOptions 
- Name of an existing Protocol options profile.
- ProfileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- ReplacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- SendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- ServiceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- Services
[]Policy6ServiceArgs 
- Service and service group names. The structure of serviceblock is documented below.
- SessionTtl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- SpamfilterProfile string
- Name of an existing Spam filter profile.
- SrcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- SshFilter stringProfile 
- Name of an existing SSH filter profile.
- SshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- SslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- SslMirror []Policy6SslIntfs Mirror Intf Args 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- SslSsh stringProfile 
- Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values: enable,disable.
- TcpMss intReceiver 
- Receiver TCP maximum segment size (MSS).
- TcpMss intSender 
- Sender TCP maximum segment size (MSS).
- TcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- TimeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- Tos string
- ToS (Type of Service) value used for comparison.
- TosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- TosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- TrafficShaper string
- Reverse traffic shaper.
- TrafficShaper stringReverse 
- Reverse traffic shaper.
- UrlCategories []Policy6UrlCategory Args 
- URL category ID list. The structure of url_categoryblock is documented below.
- Users
[]Policy6UserArgs 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- UtmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanCos intFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanCos intRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanFilter string
- Set VLAN filters.
- VoipProfile string
- Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- WafProfile string
- Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values: enable,disable.
- WebcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- WebfilterProfile string
- Name of an existing Web filter profile.
- WebproxyForward stringServer 
- Web proxy forward server name.
- WebproxyProfile string
- Webproxy profile name.
- dstaddrs List<Policy6Dstaddr>
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs List<Policy6Dstintf>
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- schedule String
- Schedule name.
- srcaddrs List<Policy6Srcaddr>
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs List<Policy6Srcintf>
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- action String
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay String
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories List<Policy6AppCategory> 
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups List<Policy6AppGroup> 
- Application group names. The structure of app_groupblock is documented below.
- applicationList String
- Name of an existing Application list.
- applications List<Policy6Application>
- Application ID list. The structure of applicationblock is documented below.
- autoAsic StringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile String
- Name of an existing Antivirus profile.
- cifsProfile String
- Name of an existing CIFS profile.
- comments String
- Comment.
- customLog List<Policy6CustomFields Log Field> 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic StringMirror 
- Decrypted traffic mirror.
- devices List<Policy6Device>
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward String
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse String
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward String
- Change packet's DiffServ to this value.
- diffservcodeRev String
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor String
- Name of an existing DLP sensor.
- dnsfilterProfile String
- Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate String
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile String
- Name of an existing email filter profile.
- firewallSession StringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups List<Policy6FssoGroup> 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel String
- Label for the policy that appears when the GUI is in Global View mode.
- groups List<Policy6Group>
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy StringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile String
- Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode String
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool String
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor String
- Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart String
- Record logs when a session starts. Valid values: enable,disable.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp StringShaper 
- Per-IP traffic shaper.
- policyid Integer
- Policy ID.
- poolnames List<Policy6Poolname>
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup String
- Name of profile group.
- profileProtocol StringOptions 
- Name of an existing Protocol options profile.
- profileType String
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride StringGroup 
- Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- sendDeny StringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate String
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services List<Policy6Service>
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl Integer
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile String
- Name of an existing Spam filter profile.
- srcaddrNegate String
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- sshFilter StringProfile 
- Name of an existing SSH filter profile.
- sshPolicy StringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror String
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror List<Policy6SslIntfs Mirror Intf> 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh StringProfile 
- Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss IntegerReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss IntegerSender 
- Sender TCP maximum segment size (MSS).
- tcpSession StringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend StringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos String
- ToS (Type of Service) value used for comparison.
- tosMask String
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate String
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper String
- Reverse traffic shaper.
- trafficShaper StringReverse 
- Reverse traffic shaper.
- urlCategories List<Policy6UrlCategory> 
- URL category ID list. The structure of url_categoryblock is documented below.
- users List<Policy6User>
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus String
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos IntegerFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos IntegerRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter String
- Set VLAN filters.
- voipProfile String
- Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile String
- Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps String
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile String
- Name of an existing Web filter profile.
- webproxyForward StringServer 
- Web proxy forward server name.
- webproxyProfile String
- Webproxy profile name.
- dstaddrs Policy6Dstaddr[]
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs Policy6Dstintf[]
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- schedule string
- Schedule name.
- srcaddrs Policy6Srcaddr[]
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs Policy6Srcintf[]
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories Policy6AppCategory[] 
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups Policy6AppGroup[] 
- Application group names. The structure of app_groupblock is documented below.
- applicationList string
- Name of an existing Application list.
- applications Policy6Application[]
- Application ID list. The structure of applicationblock is documented below.
- autoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile string
- Name of an existing Antivirus profile.
- cifsProfile string
- Name of an existing CIFS profile.
- comments string
- Comment.
- customLog Policy6CustomFields Log Field[] 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic stringMirror 
- Decrypted traffic mirror.
- devices Policy6Device[]
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward string
- Change packet's DiffServ to this value.
- diffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor string
- Name of an existing DLP sensor.
- dnsfilterProfile string
- Name of an existing DNS filter profile.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile string
- Name of an existing email filter profile.
- firewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups Policy6FssoGroup[] 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- groups Policy6Group[]
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile string
- Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor string
- Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp stringShaper 
- Per-IP traffic shaper.
- policyid number
- Policy ID.
- poolnames Policy6Poolname[]
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup string
- Name of profile group.
- profileProtocol stringOptions 
- Name of an existing Protocol options profile.
- profileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- sendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services Policy6Service[]
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl number
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile string
- Name of an existing Spam filter profile.
- srcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- sshFilter stringProfile 
- Name of an existing SSH filter profile.
- sshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror Policy6SslIntfs Mirror Intf[] 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh stringProfile 
- Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss numberReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss numberSender 
- Sender TCP maximum segment size (MSS).
- tcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos string
- ToS (Type of Service) value used for comparison.
- tosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper string
- Reverse traffic shaper.
- trafficShaper stringReverse 
- Reverse traffic shaper.
- urlCategories Policy6UrlCategory[] 
- URL category ID list. The structure of url_categoryblock is documented below.
- users Policy6User[]
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos numberFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos numberRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter string
- Set VLAN filters.
- voipProfile string
- Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile string
- Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile string
- Name of an existing Web filter profile.
- webproxyForward stringServer 
- Web proxy forward server name.
- webproxyProfile string
- Webproxy profile name.
- dstaddrs
Sequence[Policy6DstaddrArgs] 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs
Sequence[Policy6DstintfArgs] 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- schedule str
- Schedule name.
- srcaddrs
Sequence[Policy6SrcaddrArgs] 
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs
Sequence[Policy6SrcintfArgs] 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- action str
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- anti_replay str
- Enable/disable anti-replay check. Valid values: enable,disable.
- app_categories Sequence[Policy6AppCategory Args] 
- Application category ID list. The structure of app_categoryblock is documented below.
- app_groups Sequence[Policy6AppGroup Args] 
- Application group names. The structure of app_groupblock is documented below.
- application_list str
- Name of an existing Application list.
- applications
Sequence[Policy6ApplicationArgs] 
- Application ID list. The structure of applicationblock is documented below.
- auto_asic_ stroffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- av_profile str
- Name of an existing Antivirus profile.
- cifs_profile str
- Name of an existing CIFS profile.
- comments str
- Comment.
- custom_log_ Sequence[Policy6Customfields Log Field Args] 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decrypted_traffic_ strmirror 
- Decrypted traffic mirror.
- devices
Sequence[Policy6DeviceArgs] 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffserv_forward str
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffserv_reverse str
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcode_forward str
- Change packet's DiffServ to this value.
- diffservcode_rev str
- Change packet's reverse (reply) DiffServ to this value.
- dlp_sensor str
- Name of an existing DLP sensor.
- dnsfilter_profile str
- Name of an existing DNS filter profile.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddr_negate str
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_profile str
- Name of an existing email filter profile.
- firewall_session_ strdirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fsso_groups Sequence[Policy6FssoGroup Args] 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_label str
- Label for the policy that appears when the GUI is in Global View mode.
- groups
Sequence[Policy6GroupArgs] 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- http_policy_ strredirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icap_profile str
- Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspection_mode str
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool str
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ips_sensor str
- Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtraffic_start str
- Record logs when a session starts. Valid values: enable,disable.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- per_ip_ strshaper 
- Per-IP traffic shaper.
- policyid int
- Policy ID.
- poolnames
Sequence[Policy6PoolnameArgs] 
- IP Pool names. The structure of poolnameblock is documented below.
- profile_group str
- Name of profile group.
- profile_protocol_ stroptions 
- Name of an existing Protocol options profile.
- profile_type str
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsg_override_ strgroup 
- Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- send_deny_ strpacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- service_negate str
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services
Sequence[Policy6ServiceArgs] 
- Service and service group names. The structure of serviceblock is documented below.
- session_ttl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_profile str
- Name of an existing Spam filter profile.
- srcaddr_negate str
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- ssh_filter_ strprofile 
- Name of an existing SSH filter profile.
- ssh_policy_ strredirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- ssl_mirror str
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- ssl_mirror_ Sequence[Policy6Sslintfs Mirror Intf Args] 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- ssl_ssh_ strprofile 
- Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values: enable,disable.
- tcp_mss_ intreceiver 
- Receiver TCP maximum segment size (MSS).
- tcp_mss_ intsender 
- Sender TCP maximum segment size (MSS).
- tcp_session_ strwithout_ syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeout_send_ strrst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos str
- ToS (Type of Service) value used for comparison.
- tos_mask str
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_negate str
- Enable negated TOS match. Valid values: enable,disable.
- traffic_shaper str
- Reverse traffic shaper.
- traffic_shaper_ strreverse 
- Reverse traffic shaper.
- url_categories Sequence[Policy6UrlCategory Args] 
- URL category ID list. The structure of url_categoryblock is documented below.
- users
Sequence[Policy6UserArgs] 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utm_status str
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_cos_ intfwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_cos_ intrev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_filter str
- Set VLAN filters.
- voip_profile str
- Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_profile str
- Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values: enable,disable.
- webcache_https str
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilter_profile str
- Name of an existing Web filter profile.
- webproxy_forward_ strserver 
- Web proxy forward server name.
- webproxy_profile str
- Webproxy profile name.
- dstaddrs List<Property Map>
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- schedule String
- Schedule name.
- srcaddrs List<Property Map>
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- action String
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay String
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories List<Property Map>
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups List<Property Map>
- Application group names. The structure of app_groupblock is documented below.
- applicationList String
- Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of applicationblock is documented below.
- autoAsic StringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile String
- Name of an existing Antivirus profile.
- cifsProfile String
- Name of an existing CIFS profile.
- comments String
- Comment.
- customLog List<Property Map>Fields 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic StringMirror 
- Decrypted traffic mirror.
- devices List<Property Map>
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward String
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse String
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward String
- Change packet's DiffServ to this value.
- diffservcodeRev String
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor String
- Name of an existing DLP sensor.
- dnsfilterProfile String
- Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate String
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile String
- Name of an existing email filter profile.
- firewallSession StringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups List<Property Map>
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel String
- Label for the policy that appears when the GUI is in Global View mode.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy StringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile String
- Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode String
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool String
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor String
- Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart String
- Record logs when a session starts. Valid values: enable,disable.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp StringShaper 
- Per-IP traffic shaper.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup String
- Name of profile group.
- profileProtocol StringOptions 
- Name of an existing Protocol options profile.
- profileType String
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride StringGroup 
- Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- sendDeny StringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate String
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services List<Property Map>
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl Number
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile String
- Name of an existing Spam filter profile.
- srcaddrNegate String
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- sshFilter StringProfile 
- Name of an existing SSH filter profile.
- sshPolicy StringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror String
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror List<Property Map>Intfs 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh StringProfile 
- Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss NumberReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss NumberSender 
- Sender TCP maximum segment size (MSS).
- tcpSession StringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend StringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos String
- ToS (Type of Service) value used for comparison.
- tosMask String
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate String
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper String
- Reverse traffic shaper.
- trafficShaper StringReverse 
- Reverse traffic shaper.
- urlCategories List<Property Map>
- URL category ID list. The structure of url_categoryblock is documented below.
- users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus String
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos NumberFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos NumberRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter String
- Set VLAN filters.
- voipProfile String
- Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile String
- Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps String
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile String
- Name of an existing Web filter profile.
- webproxyForward StringServer 
- Web proxy forward server name.
- webproxyProfile String
- Webproxy profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy6 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Policy6 Resource
Get an existing Policy6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: Policy6State, opts?: CustomResourceOptions): Policy6@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        anti_replay: Optional[str] = None,
        app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
        app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
        application_list: Optional[str] = None,
        applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
        auto_asic_offload: Optional[str] = None,
        av_profile: Optional[str] = None,
        cifs_profile: Optional[str] = None,
        comments: Optional[str] = None,
        custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
        decrypted_traffic_mirror: Optional[str] = None,
        devices: Optional[Sequence[Policy6DeviceArgs]] = None,
        diffserv_forward: Optional[str] = None,
        diffserv_reverse: Optional[str] = None,
        diffservcode_forward: Optional[str] = None,
        diffservcode_rev: Optional[str] = None,
        dlp_sensor: Optional[str] = None,
        dnsfilter_profile: Optional[str] = None,
        dsri: Optional[str] = None,
        dstaddr_negate: Optional[str] = None,
        dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
        dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        emailfilter_profile: Optional[str] = None,
        firewall_session_dirty: Optional[str] = None,
        fixedport: Optional[str] = None,
        fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
        get_all_tables: Optional[str] = None,
        global_label: Optional[str] = None,
        groups: Optional[Sequence[Policy6GroupArgs]] = None,
        http_policy_redirect: Optional[str] = None,
        icap_profile: Optional[str] = None,
        inbound: Optional[str] = None,
        inspection_mode: Optional[str] = None,
        ippool: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        label: Optional[str] = None,
        logtraffic: Optional[str] = None,
        logtraffic_start: Optional[str] = None,
        name: Optional[str] = None,
        nat: Optional[str] = None,
        natinbound: Optional[str] = None,
        natoutbound: Optional[str] = None,
        outbound: Optional[str] = None,
        per_ip_shaper: Optional[str] = None,
        policyid: Optional[int] = None,
        poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
        profile_group: Optional[str] = None,
        profile_protocol_options: Optional[str] = None,
        profile_type: Optional[str] = None,
        replacemsg_override_group: Optional[str] = None,
        rsso: Optional[str] = None,
        schedule: Optional[str] = None,
        send_deny_packet: Optional[str] = None,
        service_negate: Optional[str] = None,
        services: Optional[Sequence[Policy6ServiceArgs]] = None,
        session_ttl: Optional[int] = None,
        spamfilter_profile: Optional[str] = None,
        srcaddr_negate: Optional[str] = None,
        srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
        srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
        ssh_filter_profile: Optional[str] = None,
        ssh_policy_redirect: Optional[str] = None,
        ssl_mirror: Optional[str] = None,
        ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
        ssl_ssh_profile: Optional[str] = None,
        status: Optional[str] = None,
        tcp_mss_receiver: Optional[int] = None,
        tcp_mss_sender: Optional[int] = None,
        tcp_session_without_syn: Optional[str] = None,
        timeout_send_rst: Optional[str] = None,
        tos: Optional[str] = None,
        tos_mask: Optional[str] = None,
        tos_negate: Optional[str] = None,
        traffic_shaper: Optional[str] = None,
        traffic_shaper_reverse: Optional[str] = None,
        url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
        users: Optional[Sequence[Policy6UserArgs]] = None,
        utm_status: Optional[str] = None,
        uuid: Optional[str] = None,
        vdomparam: Optional[str] = None,
        vlan_cos_fwd: Optional[int] = None,
        vlan_cos_rev: Optional[int] = None,
        vlan_filter: Optional[str] = None,
        voip_profile: Optional[str] = None,
        vpntunnel: Optional[str] = None,
        waf_profile: Optional[str] = None,
        webcache: Optional[str] = None,
        webcache_https: Optional[str] = None,
        webfilter_profile: Optional[str] = None,
        webproxy_forward_server: Optional[str] = None,
        webproxy_profile: Optional[str] = None) -> Policy6func GetPolicy6(ctx *Context, name string, id IDInput, state *Policy6State, opts ...ResourceOption) (*Policy6, error)public static Policy6 Get(string name, Input<string> id, Policy6State? state, CustomResourceOptions? opts = null)public static Policy6 get(String name, Output<String> id, Policy6State state, CustomResourceOptions options)resources:  _:    type: fortios:firewall:Policy6    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- AntiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- AppCategories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Category> 
- Application category ID list. The structure of app_categoryblock is documented below.
- AppGroups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6App Group> 
- Application group names. The structure of app_groupblock is documented below.
- ApplicationList string
- Name of an existing Application list.
- Applications
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Application> 
- Application ID list. The structure of applicationblock is documented below.
- AutoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- AvProfile string
- Name of an existing Antivirus profile.
- CifsProfile string
- Name of an existing CIFS profile.
- Comments string
- Comment.
- CustomLog List<Pulumiverse.Fields Fortios. Firewall. Inputs. Policy6Custom Log Field> 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- DecryptedTraffic stringMirror 
- Decrypted traffic mirror.
- Devices
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Device> 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- DiffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- DiffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- DiffservcodeForward string
- Change packet's DiffServ to this value.
- DiffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- DlpSensor string
- Name of an existing DLP sensor.
- DnsfilterProfile string
- Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- DstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- Dstaddrs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Dstaddr> 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- Dstintfs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Dstintf> 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- EmailfilterProfile string
- Name of an existing email filter profile.
- FirewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- FssoGroups List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Fsso Group> 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GlobalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- Groups
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Group> 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- HttpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- IcapProfile string
- Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- InspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- Ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- IpsSensor string
- Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- LogtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values: enable,disable.
- Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- PerIp stringShaper 
- Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Poolname> 
- IP Pool names. The structure of poolnameblock is documented below.
- ProfileGroup string
- Name of profile group.
- ProfileProtocol stringOptions 
- Name of an existing Protocol options profile.
- ProfileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- ReplacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- Schedule string
- Schedule name.
- SendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- ServiceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- Services
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Service> 
- Service and service group names. The structure of serviceblock is documented below.
- SessionTtl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- SpamfilterProfile string
- Name of an existing Spam filter profile.
- SrcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- Srcaddrs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Srcaddr> 
- Source address and address group names. The structure of srcaddrblock is documented below.
- Srcintfs
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Srcintf> 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- SshFilter stringProfile 
- Name of an existing SSH filter profile.
- SshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- SslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- SslMirror List<Pulumiverse.Intfs Fortios. Firewall. Inputs. Policy6Ssl Mirror Intf> 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- SslSsh stringProfile 
- Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values: enable,disable.
- TcpMss intReceiver 
- Receiver TCP maximum segment size (MSS).
- TcpMss intSender 
- Sender TCP maximum segment size (MSS).
- TcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- TimeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- Tos string
- ToS (Type of Service) value used for comparison.
- TosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- TosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- TrafficShaper string
- Reverse traffic shaper.
- TrafficShaper stringReverse 
- Reverse traffic shaper.
- UrlCategories List<Pulumiverse.Fortios. Firewall. Inputs. Policy6Url Category> 
- URL category ID list. The structure of url_categoryblock is documented below.
- Users
List<Pulumiverse.Fortios. Firewall. Inputs. Policy6User> 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- UtmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanCos intFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanCos intRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanFilter string
- Set VLAN filters.
- VoipProfile string
- Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- WafProfile string
- Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values: enable,disable.
- WebcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- WebfilterProfile string
- Name of an existing Web filter profile.
- WebproxyForward stringServer 
- Web proxy forward server name.
- WebproxyProfile string
- Webproxy profile name.
- Action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- AntiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- AppCategories []Policy6AppCategory Args 
- Application category ID list. The structure of app_categoryblock is documented below.
- AppGroups []Policy6AppGroup Args 
- Application group names. The structure of app_groupblock is documented below.
- ApplicationList string
- Name of an existing Application list.
- Applications
[]Policy6ApplicationArgs 
- Application ID list. The structure of applicationblock is documented below.
- AutoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- AvProfile string
- Name of an existing Antivirus profile.
- CifsProfile string
- Name of an existing CIFS profile.
- Comments string
- Comment.
- CustomLog []Policy6CustomFields Log Field Args 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- DecryptedTraffic stringMirror 
- Decrypted traffic mirror.
- Devices
[]Policy6DeviceArgs 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- DiffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- DiffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- DiffservcodeForward string
- Change packet's DiffServ to this value.
- DiffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- DlpSensor string
- Name of an existing DLP sensor.
- DnsfilterProfile string
- Name of an existing DNS filter profile.
- Dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- DstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- Dstaddrs
[]Policy6DstaddrArgs 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- Dstintfs
[]Policy6DstintfArgs 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- DynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- EmailfilterProfile string
- Name of an existing email filter profile.
- FirewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- Fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- FssoGroups []Policy6FssoGroup Args 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- GlobalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- Groups
[]Policy6GroupArgs 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- HttpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- IcapProfile string
- Name of an existing ICAP profile.
- Inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- InspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- Ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- IpsSensor string
- Name of an existing IPS sensor.
- Label string
- Label for the policy that appears when the GUI is in Section View mode.
- Logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- LogtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- Name string
- Policy name.
- Nat string
- Enable/disable source NAT. Valid values: enable,disable.
- Natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- Natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- Outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- PerIp stringShaper 
- Per-IP traffic shaper.
- Policyid int
- Policy ID.
- Poolnames
[]Policy6PoolnameArgs 
- IP Pool names. The structure of poolnameblock is documented below.
- ProfileGroup string
- Name of profile group.
- ProfileProtocol stringOptions 
- Name of an existing Protocol options profile.
- ProfileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- ReplacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- Rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- Schedule string
- Schedule name.
- SendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- ServiceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- Services
[]Policy6ServiceArgs 
- Service and service group names. The structure of serviceblock is documented below.
- SessionTtl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- SpamfilterProfile string
- Name of an existing Spam filter profile.
- SrcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- Srcaddrs
[]Policy6SrcaddrArgs 
- Source address and address group names. The structure of srcaddrblock is documented below.
- Srcintfs
[]Policy6SrcintfArgs 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- SshFilter stringProfile 
- Name of an existing SSH filter profile.
- SshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- SslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- SslMirror []Policy6SslIntfs Mirror Intf Args 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- SslSsh stringProfile 
- Name of an existing SSL SSH profile.
- Status string
- Enable or disable this policy. Valid values: enable,disable.
- TcpMss intReceiver 
- Receiver TCP maximum segment size (MSS).
- TcpMss intSender 
- Sender TCP maximum segment size (MSS).
- TcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- TimeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- Tos string
- ToS (Type of Service) value used for comparison.
- TosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- TosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- TrafficShaper string
- Reverse traffic shaper.
- TrafficShaper stringReverse 
- Reverse traffic shaper.
- UrlCategories []Policy6UrlCategory Args 
- URL category ID list. The structure of url_categoryblock is documented below.
- Users
[]Policy6UserArgs 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- UtmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- VlanCos intFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanCos intRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- VlanFilter string
- Set VLAN filters.
- VoipProfile string
- Name of an existing VoIP profile.
- Vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- WafProfile string
- Name of an existing Web application firewall profile.
- Webcache string
- Enable/disable web cache. Valid values: enable,disable.
- WebcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- WebfilterProfile string
- Name of an existing Web filter profile.
- WebproxyForward stringServer 
- Web proxy forward server name.
- WebproxyProfile string
- Webproxy profile name.
- action String
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay String
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories List<Policy6AppCategory> 
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups List<Policy6AppGroup> 
- Application group names. The structure of app_groupblock is documented below.
- applicationList String
- Name of an existing Application list.
- applications List<Policy6Application>
- Application ID list. The structure of applicationblock is documented below.
- autoAsic StringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile String
- Name of an existing Antivirus profile.
- cifsProfile String
- Name of an existing CIFS profile.
- comments String
- Comment.
- customLog List<Policy6CustomFields Log Field> 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic StringMirror 
- Decrypted traffic mirror.
- devices List<Policy6Device>
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward String
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse String
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward String
- Change packet's DiffServ to this value.
- diffservcodeRev String
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor String
- Name of an existing DLP sensor.
- dnsfilterProfile String
- Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate String
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dstaddrs List<Policy6Dstaddr>
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs List<Policy6Dstintf>
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile String
- Name of an existing email filter profile.
- firewallSession StringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups List<Policy6FssoGroup> 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel String
- Label for the policy that appears when the GUI is in Global View mode.
- groups List<Policy6Group>
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy StringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile String
- Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode String
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool String
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor String
- Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart String
- Record logs when a session starts. Valid values: enable,disable.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp StringShaper 
- Per-IP traffic shaper.
- policyid Integer
- Policy ID.
- poolnames List<Policy6Poolname>
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup String
- Name of profile group.
- profileProtocol StringOptions 
- Name of an existing Protocol options profile.
- profileType String
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride StringGroup 
- Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- schedule String
- Schedule name.
- sendDeny StringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate String
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services List<Policy6Service>
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl Integer
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile String
- Name of an existing Spam filter profile.
- srcaddrNegate String
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- srcaddrs List<Policy6Srcaddr>
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs List<Policy6Srcintf>
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- sshFilter StringProfile 
- Name of an existing SSH filter profile.
- sshPolicy StringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror String
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror List<Policy6SslIntfs Mirror Intf> 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh StringProfile 
- Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss IntegerReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss IntegerSender 
- Sender TCP maximum segment size (MSS).
- tcpSession StringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend StringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos String
- ToS (Type of Service) value used for comparison.
- tosMask String
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate String
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper String
- Reverse traffic shaper.
- trafficShaper StringReverse 
- Reverse traffic shaper.
- urlCategories List<Policy6UrlCategory> 
- URL category ID list. The structure of url_categoryblock is documented below.
- users List<Policy6User>
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus String
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos IntegerFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos IntegerRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter String
- Set VLAN filters.
- voipProfile String
- Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile String
- Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps String
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile String
- Name of an existing Web filter profile.
- webproxyForward StringServer 
- Web proxy forward server name.
- webproxyProfile String
- Webproxy profile name.
- action string
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay string
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories Policy6AppCategory[] 
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups Policy6AppGroup[] 
- Application group names. The structure of app_groupblock is documented below.
- applicationList string
- Name of an existing Application list.
- applications Policy6Application[]
- Application ID list. The structure of applicationblock is documented below.
- autoAsic stringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile string
- Name of an existing Antivirus profile.
- cifsProfile string
- Name of an existing CIFS profile.
- comments string
- Comment.
- customLog Policy6CustomFields Log Field[] 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic stringMirror 
- Decrypted traffic mirror.
- devices Policy6Device[]
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward string
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse string
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward string
- Change packet's DiffServ to this value.
- diffservcodeRev string
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor string
- Name of an existing DLP sensor.
- dnsfilterProfile string
- Name of an existing DNS filter profile.
- dsri string
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate string
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dstaddrs Policy6Dstaddr[]
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs Policy6Dstintf[]
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- dynamicSort stringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile string
- Name of an existing email filter profile.
- firewallSession stringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport string
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups Policy6FssoGroup[] 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel string
- Label for the policy that appears when the GUI is in Global View mode.
- groups Policy6Group[]
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy stringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile string
- Name of an existing ICAP profile.
- inbound string
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode string
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool string
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor string
- Name of an existing IPS sensor.
- label string
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic string
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart string
- Record logs when a session starts. Valid values: enable,disable.
- name string
- Policy name.
- nat string
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound string
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound string
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound string
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp stringShaper 
- Per-IP traffic shaper.
- policyid number
- Policy ID.
- poolnames Policy6Poolname[]
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup string
- Name of profile group.
- profileProtocol stringOptions 
- Name of an existing Protocol options profile.
- profileType string
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride stringGroup 
- Override the default replacement message group for this policy.
- rsso string
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- schedule string
- Schedule name.
- sendDeny stringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate string
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services Policy6Service[]
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl number
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile string
- Name of an existing Spam filter profile.
- srcaddrNegate string
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- srcaddrs Policy6Srcaddr[]
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs Policy6Srcintf[]
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- sshFilter stringProfile 
- Name of an existing SSH filter profile.
- sshPolicy stringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror string
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror Policy6SslIntfs Mirror Intf[] 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh stringProfile 
- Name of an existing SSL SSH profile.
- status string
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss numberReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss numberSender 
- Sender TCP maximum segment size (MSS).
- tcpSession stringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend stringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos string
- ToS (Type of Service) value used for comparison.
- tosMask string
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate string
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper string
- Reverse traffic shaper.
- trafficShaper stringReverse 
- Reverse traffic shaper.
- urlCategories Policy6UrlCategory[] 
- URL category ID list. The structure of url_categoryblock is documented below.
- users Policy6User[]
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus string
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos numberFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos numberRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter string
- Set VLAN filters.
- voipProfile string
- Name of an existing VoIP profile.
- vpntunnel string
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile string
- Name of an existing Web application firewall profile.
- webcache string
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps string
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile string
- Name of an existing Web filter profile.
- webproxyForward stringServer 
- Web proxy forward server name.
- webproxyProfile string
- Webproxy profile name.
- action str
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- anti_replay str
- Enable/disable anti-replay check. Valid values: enable,disable.
- app_categories Sequence[Policy6AppCategory Args] 
- Application category ID list. The structure of app_categoryblock is documented below.
- app_groups Sequence[Policy6AppGroup Args] 
- Application group names. The structure of app_groupblock is documented below.
- application_list str
- Name of an existing Application list.
- applications
Sequence[Policy6ApplicationArgs] 
- Application ID list. The structure of applicationblock is documented below.
- auto_asic_ stroffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- av_profile str
- Name of an existing Antivirus profile.
- cifs_profile str
- Name of an existing CIFS profile.
- comments str
- Comment.
- custom_log_ Sequence[Policy6Customfields Log Field Args] 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decrypted_traffic_ strmirror 
- Decrypted traffic mirror.
- devices
Sequence[Policy6DeviceArgs] 
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffserv_forward str
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffserv_reverse str
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcode_forward str
- Change packet's DiffServ to this value.
- diffservcode_rev str
- Change packet's reverse (reply) DiffServ to this value.
- dlp_sensor str
- Name of an existing DLP sensor.
- dnsfilter_profile str
- Name of an existing DNS filter profile.
- dsri str
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddr_negate str
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dstaddrs
Sequence[Policy6DstaddrArgs] 
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs
Sequence[Policy6DstintfArgs] 
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- dynamic_sort_ strsubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilter_profile str
- Name of an existing email filter profile.
- firewall_session_ strdirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport str
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fsso_groups Sequence[Policy6FssoGroup Args] 
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- global_label str
- Label for the policy that appears when the GUI is in Global View mode.
- groups
Sequence[Policy6GroupArgs] 
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- http_policy_ strredirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icap_profile str
- Name of an existing ICAP profile.
- inbound str
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspection_mode str
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool str
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ips_sensor str
- Name of an existing IPS sensor.
- label str
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic str
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtraffic_start str
- Record logs when a session starts. Valid values: enable,disable.
- name str
- Policy name.
- nat str
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound str
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound str
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound str
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- per_ip_ strshaper 
- Per-IP traffic shaper.
- policyid int
- Policy ID.
- poolnames
Sequence[Policy6PoolnameArgs] 
- IP Pool names. The structure of poolnameblock is documented below.
- profile_group str
- Name of profile group.
- profile_protocol_ stroptions 
- Name of an existing Protocol options profile.
- profile_type str
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsg_override_ strgroup 
- Override the default replacement message group for this policy.
- rsso str
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- schedule str
- Schedule name.
- send_deny_ strpacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- service_negate str
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services
Sequence[Policy6ServiceArgs] 
- Service and service group names. The structure of serviceblock is documented below.
- session_ttl int
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilter_profile str
- Name of an existing Spam filter profile.
- srcaddr_negate str
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- srcaddrs
Sequence[Policy6SrcaddrArgs] 
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs
Sequence[Policy6SrcintfArgs] 
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- ssh_filter_ strprofile 
- Name of an existing SSH filter profile.
- ssh_policy_ strredirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- ssl_mirror str
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- ssl_mirror_ Sequence[Policy6Sslintfs Mirror Intf Args] 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- ssl_ssh_ strprofile 
- Name of an existing SSL SSH profile.
- status str
- Enable or disable this policy. Valid values: enable,disable.
- tcp_mss_ intreceiver 
- Receiver TCP maximum segment size (MSS).
- tcp_mss_ intsender 
- Sender TCP maximum segment size (MSS).
- tcp_session_ strwithout_ syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeout_send_ strrst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos str
- ToS (Type of Service) value used for comparison.
- tos_mask str
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tos_negate str
- Enable negated TOS match. Valid values: enable,disable.
- traffic_shaper str
- Reverse traffic shaper.
- traffic_shaper_ strreverse 
- Reverse traffic shaper.
- url_categories Sequence[Policy6UrlCategory Args] 
- URL category ID list. The structure of url_categoryblock is documented below.
- users
Sequence[Policy6UserArgs] 
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utm_status str
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_cos_ intfwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_cos_ intrev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlan_filter str
- Set VLAN filters.
- voip_profile str
- Name of an existing VoIP profile.
- vpntunnel str
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- waf_profile str
- Name of an existing Web application firewall profile.
- webcache str
- Enable/disable web cache. Valid values: enable,disable.
- webcache_https str
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilter_profile str
- Name of an existing Web filter profile.
- webproxy_forward_ strserver 
- Web proxy forward server name.
- webproxy_profile str
- Webproxy profile name.
- action String
- Policy action (allow/deny/ipsec). Valid values: accept,deny,ipsec.
- antiReplay String
- Enable/disable anti-replay check. Valid values: enable,disable.
- appCategories List<Property Map>
- Application category ID list. The structure of app_categoryblock is documented below.
- appGroups List<Property Map>
- Application group names. The structure of app_groupblock is documented below.
- applicationList String
- Name of an existing Application list.
- applications List<Property Map>
- Application ID list. The structure of applicationblock is documented below.
- autoAsic StringOffload 
- Enable/disable policy traffic ASIC offloading. Valid values: enable,disable.
- avProfile String
- Name of an existing Antivirus profile.
- cifsProfile String
- Name of an existing CIFS profile.
- comments String
- Comment.
- customLog List<Property Map>Fields 
- Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fieldsblock is documented below.
- decryptedTraffic StringMirror 
- Decrypted traffic mirror.
- devices List<Property Map>
- Names of devices or device groups that can be matched by the policy. The structure of devicesblock is documented below.
- diffservForward String
- Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable,disable.
- diffservReverse String
- Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable,disable.
- diffservcodeForward String
- Change packet's DiffServ to this value.
- diffservcodeRev String
- Change packet's reverse (reply) DiffServ to this value.
- dlpSensor String
- Name of an existing DLP sensor.
- dnsfilterProfile String
- Name of an existing DNS filter profile.
- dsri String
- Enable DSRI to ignore HTTP server responses. Valid values: enable,disable.
- dstaddrNegate String
- When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable,disable.
- dstaddrs List<Property Map>
- Destination address and address group names. The structure of dstaddrblock is documented below.
- dstintfs List<Property Map>
- Outgoing (egress) interface. The structure of dstintfblock is documented below.
- dynamicSort StringSubtable 
- Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- emailfilterProfile String
- Name of an existing email filter profile.
- firewallSession StringDirty 
- How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all,check-new.
- fixedport String
- Enable to prevent source NAT from changing a session's source port. Valid values: enable,disable.
- fssoGroups List<Property Map>
- Names of FSSO groups. The structure of fsso_groupsblock is documented below.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- globalLabel String
- Label for the policy that appears when the GUI is in Global View mode.
- groups List<Property Map>
- Names of user groups that can authenticate with this policy. The structure of groupsblock is documented below.
- httpPolicy StringRedirect 
- Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable,disable.
- icapProfile String
- Name of an existing ICAP profile.
- inbound String
- Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable,disable.
- inspectionMode String
- Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy,flow.
- ippool String
- Enable to use IP Pools for source NAT. Valid values: enable,disable.
- ipsSensor String
- Name of an existing IPS sensor.
- label String
- Label for the policy that appears when the GUI is in Section View mode.
- logtraffic String
- Enable or disable logging. Log all sessions or security profile sessions. Valid values: all,utm,disable.
- logtrafficStart String
- Record logs when a session starts. Valid values: enable,disable.
- name String
- Policy name.
- nat String
- Enable/disable source NAT. Valid values: enable,disable.
- natinbound String
- Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable,disable.
- natoutbound String
- Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable,disable.
- outbound String
- Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable,disable.
- perIp StringShaper 
- Per-IP traffic shaper.
- policyid Number
- Policy ID.
- poolnames List<Property Map>
- IP Pool names. The structure of poolnameblock is documented below.
- profileGroup String
- Name of profile group.
- profileProtocol StringOptions 
- Name of an existing Protocol options profile.
- profileType String
- Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single,group.
- replacemsgOverride StringGroup 
- Override the default replacement message group for this policy.
- rsso String
- Enable/disable RADIUS single sign-on (RSSO). Valid values: enable,disable.
- schedule String
- Schedule name.
- sendDeny StringPacket 
- Enable/disable return of deny-packet. Valid values: enable,disable.
- serviceNegate String
- When enabled service specifies what the service must NOT be. Valid values: enable,disable.
- services List<Property Map>
- Service and service group names. The structure of serviceblock is documented below.
- sessionTtl Number
- Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
- spamfilterProfile String
- Name of an existing Spam filter profile.
- srcaddrNegate String
- When enabled srcaddr specifies what the source address must NOT be. Valid values: enable,disable.
- srcaddrs List<Property Map>
- Source address and address group names. The structure of srcaddrblock is documented below.
- srcintfs List<Property Map>
- Incoming (ingress) interface. The structure of srcintfblock is documented below.
- sshFilter StringProfile 
- Name of an existing SSH filter profile.
- sshPolicy StringRedirect 
- Redirect SSH traffic to matching transparent proxy policy. Valid values: enable,disable.
- sslMirror String
- Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable,disable.
- sslMirror List<Property Map>Intfs 
- SSL mirror interface name. The structure of ssl_mirror_intfblock is documented below.
- sslSsh StringProfile 
- Name of an existing SSL SSH profile.
- status String
- Enable or disable this policy. Valid values: enable,disable.
- tcpMss NumberReceiver 
- Receiver TCP maximum segment size (MSS).
- tcpMss NumberSender 
- Sender TCP maximum segment size (MSS).
- tcpSession StringWithout Syn 
- Enable/disable creation of TCP session without SYN flag. Valid values: all,data-only,disable.
- timeoutSend StringRst 
- Enable/disable sending RST packets when TCP sessions expire. Valid values: enable,disable.
- tos String
- ToS (Type of Service) value used for comparison.
- tosMask String
- Non-zero bit positions are used for comparison while zero bit positions are ignored.
- tosNegate String
- Enable negated TOS match. Valid values: enable,disable.
- trafficShaper String
- Reverse traffic shaper.
- trafficShaper StringReverse 
- Reverse traffic shaper.
- urlCategories List<Property Map>
- URL category ID list. The structure of url_categoryblock is documented below.
- users List<Property Map>
- Names of individual users that can authenticate with this policy. The structure of usersblock is documented below.
- utmStatus String
- Enable AV/web/ips protection profile. Valid values: enable,disable.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlanCos NumberFwd 
- VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanCos NumberRev 
- VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
- vlanFilter String
- Set VLAN filters.
- voipProfile String
- Name of an existing VoIP profile.
- vpntunnel String
- Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
- wafProfile String
- Name of an existing Web application firewall profile.
- webcache String
- Enable/disable web cache. Valid values: enable,disable.
- webcacheHttps String
- Enable/disable web cache for HTTPS. Valid values: disable,enable.
- webfilterProfile String
- Name of an existing Web filter profile.
- webproxyForward StringServer 
- Web proxy forward server name.
- webproxyProfile String
- Webproxy profile name.
Supporting Types
Policy6AppCategory, Policy6AppCategoryArgs    
- Id int
- Category IDs.
- Id int
- Category IDs.
- id Integer
- Category IDs.
- id number
- Category IDs.
- id int
- Category IDs.
- id Number
- Category IDs.
Policy6AppGroup, Policy6AppGroupArgs    
- Name string
- Application group names.
- Name string
- Application group names.
- name String
- Application group names.
- name string
- Application group names.
- name str
- Application group names.
- name String
- Application group names.
Policy6Application, Policy6ApplicationArgs  
- Id int
- Application IDs.
- Id int
- Application IDs.
- id Integer
- Application IDs.
- id number
- Application IDs.
- id int
- Application IDs.
- id Number
- Application IDs.
Policy6CustomLogField, Policy6CustomLogFieldArgs      
- FieldId string
- Custom log field.
- FieldId string
- Custom log field.
- fieldId String
- Custom log field.
- fieldId string
- Custom log field.
- field_id str
- Custom log field.
- fieldId String
- Custom log field.
Policy6Device, Policy6DeviceArgs  
- Name string
- Device or group name.
- Name string
- Device or group name.
- name String
- Device or group name.
- name string
- Device or group name.
- name str
- Device or group name.
- name String
- Device or group name.
Policy6Dstaddr, Policy6DstaddrArgs  
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Dstintf, Policy6DstintfArgs  
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6FssoGroup, Policy6FssoGroupArgs    
- Name string
- Names of FSSO groups.
- Name string
- Names of FSSO groups.
- name String
- Names of FSSO groups.
- name string
- Names of FSSO groups.
- name str
- Names of FSSO groups.
- name String
- Names of FSSO groups.
Policy6Group, Policy6GroupArgs  
- Name string
- Group name.
- Name string
- Group name.
- name String
- Group name.
- name string
- Group name.
- name str
- Group name.
- name String
- Group name.
Policy6Poolname, Policy6PoolnameArgs  
- Name string
- IP pool name.
- Name string
- IP pool name.
- name String
- IP pool name.
- name string
- IP pool name.
- name str
- IP pool name.
- name String
- IP pool name.
Policy6Service, Policy6ServiceArgs  
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Srcaddr, Policy6SrcaddrArgs  
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
Policy6Srcintf, Policy6SrcintfArgs  
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6SslMirrorIntf, Policy6SslMirrorIntfArgs      
- Name string
- Interface name.
- Name string
- Interface name.
- name String
- Interface name.
- name string
- Interface name.
- name str
- Interface name.
- name String
- Interface name.
Policy6UrlCategory, Policy6UrlCategoryArgs    
- Id int
- URL category ID.
- Id int
- URL category ID.
- id Integer
- URL category ID.
- id number
- URL category ID.
- id int
- URL category ID.
- id Number
- URL category ID.
Policy6User, Policy6UserArgs  
- Name string
- Names of individual users that can authenticate with this policy.
- Name string
- Names of individual users that can authenticate with this policy.
- name String
- Names of individual users that can authenticate with this policy.
- name string
- Names of individual users that can authenticate with this policy.
- name str
- Names of individual users that can authenticate with this policy.
- name String
- Names of individual users that can authenticate with this policy.
Import
Firewall Policy6 can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the fortiosTerraform Provider.
