fortios.ips.Global
Explore with Pulumi AI
Configure IPS global parameter.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.ips.Global("trname", {
    anomalyMode: "continuous",
    database: "regular",
    deepAppInspDbLimit: 0,
    deepAppInspTimeout: 0,
    engineCount: 0,
    excludeSignatures: "industrial",
    failOpen: "disable",
    intelligentMode: "enable",
    sessionLimitMode: "heuristic",
    socketSize: 0,
    syncSessionTtl: "enable",
    trafficSubmit: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.ips.Global("trname",
    anomaly_mode="continuous",
    database="regular",
    deep_app_insp_db_limit=0,
    deep_app_insp_timeout=0,
    engine_count=0,
    exclude_signatures="industrial",
    fail_open="disable",
    intelligent_mode="enable",
    session_limit_mode="heuristic",
    socket_size=0,
    sync_session_ttl="enable",
    traffic_submit="disable")
package main
import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/ips"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ips.NewGlobal(ctx, "trname", &ips.GlobalArgs{
			AnomalyMode:        pulumi.String("continuous"),
			Database:           pulumi.String("regular"),
			DeepAppInspDbLimit: pulumi.Int(0),
			DeepAppInspTimeout: pulumi.Int(0),
			EngineCount:        pulumi.Int(0),
			ExcludeSignatures:  pulumi.String("industrial"),
			FailOpen:           pulumi.String("disable"),
			IntelligentMode:    pulumi.String("enable"),
			SessionLimitMode:   pulumi.String("heuristic"),
			SocketSize:         pulumi.Int(0),
			SyncSessionTtl:     pulumi.String("enable"),
			TrafficSubmit:      pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Ips.Global("trname", new()
    {
        AnomalyMode = "continuous",
        Database = "regular",
        DeepAppInspDbLimit = 0,
        DeepAppInspTimeout = 0,
        EngineCount = 0,
        ExcludeSignatures = "industrial",
        FailOpen = "disable",
        IntelligentMode = "enable",
        SessionLimitMode = "heuristic",
        SocketSize = 0,
        SyncSessionTtl = "enable",
        TrafficSubmit = "disable",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.ips.Global;
import com.pulumi.fortios.ips.GlobalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var trname = new Global("trname", GlobalArgs.builder()
            .anomalyMode("continuous")
            .database("regular")
            .deepAppInspDbLimit(0)
            .deepAppInspTimeout(0)
            .engineCount(0)
            .excludeSignatures("industrial")
            .failOpen("disable")
            .intelligentMode("enable")
            .sessionLimitMode("heuristic")
            .socketSize(0)
            .syncSessionTtl("enable")
            .trafficSubmit("disable")
            .build());
    }
}
resources:
  trname:
    type: fortios:ips:Global
    properties:
      anomalyMode: continuous
      database: regular
      deepAppInspDbLimit: 0
      deepAppInspTimeout: 0
      engineCount: 0
      excludeSignatures: industrial
      failOpen: disable
      intelligentMode: enable
      sessionLimitMode: heuristic
      socketSize: 0
      syncSessionTtl: enable
      trafficSubmit: disable
Create Global Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Global(name: string, args?: GlobalArgs, opts?: CustomResourceOptions);@overload
def Global(resource_name: str,
           args: Optional[GlobalArgs] = None,
           opts: Optional[ResourceOptions] = None)
@overload
def Global(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           anomaly_mode: Optional[str] = None,
           av_mem_limit: Optional[int] = None,
           cp_accel_mode: Optional[str] = None,
           database: Optional[str] = None,
           deep_app_insp_db_limit: Optional[int] = None,
           deep_app_insp_timeout: Optional[int] = None,
           engine_count: Optional[int] = None,
           exclude_signatures: Optional[str] = None,
           fail_open: Optional[str] = None,
           get_all_tables: Optional[str] = None,
           intelligent_mode: Optional[str] = None,
           ips_reserve_cpu: Optional[str] = None,
           ngfw_max_scan_range: Optional[int] = None,
           np_accel_mode: Optional[str] = None,
           packet_log_queue_depth: Optional[int] = None,
           session_limit_mode: Optional[str] = None,
           skype_client_public_ipaddr: Optional[str] = None,
           socket_size: Optional[int] = None,
           sync_session_ttl: Optional[str] = None,
           tls_active_probe: Optional[GlobalTlsActiveProbeArgs] = None,
           traffic_submit: Optional[str] = None,
           vdomparam: Optional[str] = None)func NewGlobal(ctx *Context, name string, args *GlobalArgs, opts ...ResourceOption) (*Global, error)public Global(string name, GlobalArgs? args = null, CustomResourceOptions? opts = null)
public Global(String name, GlobalArgs args)
public Global(String name, GlobalArgs args, CustomResourceOptions options)
type: fortios:ips:Global
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GlobalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GlobalArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GlobalArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GlobalArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleglobalResourceResourceFromIpsglobal = new Fortios.Ips.Global("exampleglobalResourceResourceFromIpsglobal", new()
{
    AnomalyMode = "string",
    AvMemLimit = 0,
    CpAccelMode = "string",
    Database = "string",
    DeepAppInspDbLimit = 0,
    DeepAppInspTimeout = 0,
    EngineCount = 0,
    ExcludeSignatures = "string",
    FailOpen = "string",
    GetAllTables = "string",
    IntelligentMode = "string",
    IpsReserveCpu = "string",
    NgfwMaxScanRange = 0,
    NpAccelMode = "string",
    PacketLogQueueDepth = 0,
    SessionLimitMode = "string",
    SkypeClientPublicIpaddr = "string",
    SocketSize = 0,
    SyncSessionTtl = "string",
    TlsActiveProbe = new Fortios.Ips.Inputs.GlobalTlsActiveProbeArgs
    {
        Interface = "string",
        InterfaceSelectMethod = "string",
        SourceIp = "string",
        SourceIp6 = "string",
        Vdom = "string",
    },
    TrafficSubmit = "string",
    Vdomparam = "string",
});
example, err := ips.NewGlobal(ctx, "exampleglobalResourceResourceFromIpsglobal", &ips.GlobalArgs{
	AnomalyMode:             pulumi.String("string"),
	AvMemLimit:              pulumi.Int(0),
	CpAccelMode:             pulumi.String("string"),
	Database:                pulumi.String("string"),
	DeepAppInspDbLimit:      pulumi.Int(0),
	DeepAppInspTimeout:      pulumi.Int(0),
	EngineCount:             pulumi.Int(0),
	ExcludeSignatures:       pulumi.String("string"),
	FailOpen:                pulumi.String("string"),
	GetAllTables:            pulumi.String("string"),
	IntelligentMode:         pulumi.String("string"),
	IpsReserveCpu:           pulumi.String("string"),
	NgfwMaxScanRange:        pulumi.Int(0),
	NpAccelMode:             pulumi.String("string"),
	PacketLogQueueDepth:     pulumi.Int(0),
	SessionLimitMode:        pulumi.String("string"),
	SkypeClientPublicIpaddr: pulumi.String("string"),
	SocketSize:              pulumi.Int(0),
	SyncSessionTtl:          pulumi.String("string"),
	TlsActiveProbe: &ips.GlobalTlsActiveProbeArgs{
		Interface:             pulumi.String("string"),
		InterfaceSelectMethod: pulumi.String("string"),
		SourceIp:              pulumi.String("string"),
		SourceIp6:             pulumi.String("string"),
		Vdom:                  pulumi.String("string"),
	},
	TrafficSubmit: pulumi.String("string"),
	Vdomparam:     pulumi.String("string"),
})
var exampleglobalResourceResourceFromIpsglobal = new com.pulumiverse.fortios.ips.Global("exampleglobalResourceResourceFromIpsglobal", com.pulumiverse.fortios.ips.GlobalArgs.builder()
    .anomalyMode("string")
    .avMemLimit(0)
    .cpAccelMode("string")
    .database("string")
    .deepAppInspDbLimit(0)
    .deepAppInspTimeout(0)
    .engineCount(0)
    .excludeSignatures("string")
    .failOpen("string")
    .getAllTables("string")
    .intelligentMode("string")
    .ipsReserveCpu("string")
    .ngfwMaxScanRange(0)
    .npAccelMode("string")
    .packetLogQueueDepth(0)
    .sessionLimitMode("string")
    .skypeClientPublicIpaddr("string")
    .socketSize(0)
    .syncSessionTtl("string")
    .tlsActiveProbe(GlobalTlsActiveProbeArgs.builder()
        .interface_("string")
        .interfaceSelectMethod("string")
        .sourceIp("string")
        .sourceIp6("string")
        .vdom("string")
        .build())
    .trafficSubmit("string")
    .vdomparam("string")
    .build());
exampleglobal_resource_resource_from_ipsglobal = fortios.ips.Global("exampleglobalResourceResourceFromIpsglobal",
    anomaly_mode="string",
    av_mem_limit=0,
    cp_accel_mode="string",
    database="string",
    deep_app_insp_db_limit=0,
    deep_app_insp_timeout=0,
    engine_count=0,
    exclude_signatures="string",
    fail_open="string",
    get_all_tables="string",
    intelligent_mode="string",
    ips_reserve_cpu="string",
    ngfw_max_scan_range=0,
    np_accel_mode="string",
    packet_log_queue_depth=0,
    session_limit_mode="string",
    skype_client_public_ipaddr="string",
    socket_size=0,
    sync_session_ttl="string",
    tls_active_probe={
        "interface": "string",
        "interface_select_method": "string",
        "source_ip": "string",
        "source_ip6": "string",
        "vdom": "string",
    },
    traffic_submit="string",
    vdomparam="string")
const exampleglobalResourceResourceFromIpsglobal = new fortios.ips.Global("exampleglobalResourceResourceFromIpsglobal", {
    anomalyMode: "string",
    avMemLimit: 0,
    cpAccelMode: "string",
    database: "string",
    deepAppInspDbLimit: 0,
    deepAppInspTimeout: 0,
    engineCount: 0,
    excludeSignatures: "string",
    failOpen: "string",
    getAllTables: "string",
    intelligentMode: "string",
    ipsReserveCpu: "string",
    ngfwMaxScanRange: 0,
    npAccelMode: "string",
    packetLogQueueDepth: 0,
    sessionLimitMode: "string",
    skypeClientPublicIpaddr: "string",
    socketSize: 0,
    syncSessionTtl: "string",
    tlsActiveProbe: {
        "interface": "string",
        interfaceSelectMethod: "string",
        sourceIp: "string",
        sourceIp6: "string",
        vdom: "string",
    },
    trafficSubmit: "string",
    vdomparam: "string",
});
type: fortios:ips:Global
properties:
    anomalyMode: string
    avMemLimit: 0
    cpAccelMode: string
    database: string
    deepAppInspDbLimit: 0
    deepAppInspTimeout: 0
    engineCount: 0
    excludeSignatures: string
    failOpen: string
    getAllTables: string
    intelligentMode: string
    ipsReserveCpu: string
    ngfwMaxScanRange: 0
    npAccelMode: string
    packetLogQueueDepth: 0
    sessionLimitMode: string
    skypeClientPublicIpaddr: string
    socketSize: 0
    syncSessionTtl: string
    tlsActiveProbe:
        interface: string
        interfaceSelectMethod: string
        sourceIp: string
        sourceIp6: string
        vdom: string
    trafficSubmit: string
    vdomparam: string
Global Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Global resource accepts the following input properties:
- AnomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- AvMem intLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- CpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- Database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- DeepApp intInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- DeepApp intInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- EngineCount int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- ExcludeSignatures string
- Excluded signatures.
- FailOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- IntelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- IpsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- NgfwMax intScan Range 
- NGFW policy-mode app detection threshold.
- NpAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- PacketLog intQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- SessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- SkypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- SocketSize int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- SyncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- TlsActive Pulumiverse.Probe Fortios. Ips. Inputs. Global Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- TrafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- AnomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- AvMem intLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- CpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- Database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- DeepApp intInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- DeepApp intInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- EngineCount int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- ExcludeSignatures string
- Excluded signatures.
- FailOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- IntelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- IpsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- NgfwMax intScan Range 
- NGFW policy-mode app detection threshold.
- NpAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- PacketLog intQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- SessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- SkypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- SocketSize int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- SyncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- TlsActive GlobalProbe Tls Active Probe Args 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- TrafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode String
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem IntegerLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel StringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database String
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp IntegerInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp IntegerInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount Integer
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures String
- Excluded signatures.
- failOpen String
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode String
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve StringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax IntegerScan Range 
- NGFW policy-mode app detection threshold.
- npAccel StringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog IntegerQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit StringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient StringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize Integer
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession StringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive GlobalProbe Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit String
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem numberLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp numberInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp numberInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount number
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures string
- Excluded signatures.
- failOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax numberScan Range 
- NGFW policy-mode app detection threshold.
- npAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog numberQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize number
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive GlobalProbe Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomaly_mode str
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- av_mem_ intlimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cp_accel_ strmode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database str
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deep_app_ intinsp_ db_ limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deep_app_ intinsp_ timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engine_count int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- exclude_signatures str
- Excluded signatures.
- fail_open str
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligent_mode str
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ips_reserve_ strcpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfw_max_ intscan_ range 
- NGFW policy-mode app detection threshold.
- np_accel_ strmode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packet_log_ intqueue_ depth 
- Packet/pcap log queue depth per IPS engine.
- session_limit_ strmode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skype_client_ strpublic_ ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socket_size int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- sync_session_ strttl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tls_active_ Globalprobe Tls Active Probe Args 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- traffic_submit str
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode String
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem NumberLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel StringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database String
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp NumberInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp NumberInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount Number
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures String
- Excluded signatures.
- failOpen String
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode String
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve StringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax NumberScan Range 
- NGFW policy-mode app detection threshold.
- npAccel StringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog NumberQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit StringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient StringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize Number
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession StringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive Property MapProbe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit String
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Global resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Global Resource
Get an existing Global resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GlobalState, opts?: CustomResourceOptions): Global@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        anomaly_mode: Optional[str] = None,
        av_mem_limit: Optional[int] = None,
        cp_accel_mode: Optional[str] = None,
        database: Optional[str] = None,
        deep_app_insp_db_limit: Optional[int] = None,
        deep_app_insp_timeout: Optional[int] = None,
        engine_count: Optional[int] = None,
        exclude_signatures: Optional[str] = None,
        fail_open: Optional[str] = None,
        get_all_tables: Optional[str] = None,
        intelligent_mode: Optional[str] = None,
        ips_reserve_cpu: Optional[str] = None,
        ngfw_max_scan_range: Optional[int] = None,
        np_accel_mode: Optional[str] = None,
        packet_log_queue_depth: Optional[int] = None,
        session_limit_mode: Optional[str] = None,
        skype_client_public_ipaddr: Optional[str] = None,
        socket_size: Optional[int] = None,
        sync_session_ttl: Optional[str] = None,
        tls_active_probe: Optional[GlobalTlsActiveProbeArgs] = None,
        traffic_submit: Optional[str] = None,
        vdomparam: Optional[str] = None) -> Globalfunc GetGlobal(ctx *Context, name string, id IDInput, state *GlobalState, opts ...ResourceOption) (*Global, error)public static Global Get(string name, Input<string> id, GlobalState? state, CustomResourceOptions? opts = null)public static Global get(String name, Output<String> id, GlobalState state, CustomResourceOptions options)resources:  _:    type: fortios:ips:Global    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AnomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- AvMem intLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- CpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- Database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- DeepApp intInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- DeepApp intInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- EngineCount int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- ExcludeSignatures string
- Excluded signatures.
- FailOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- IntelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- IpsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- NgfwMax intScan Range 
- NGFW policy-mode app detection threshold.
- NpAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- PacketLog intQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- SessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- SkypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- SocketSize int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- SyncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- TlsActive Pulumiverse.Probe Fortios. Ips. Inputs. Global Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- TrafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- AnomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- AvMem intLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- CpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- Database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- DeepApp intInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- DeepApp intInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- EngineCount int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- ExcludeSignatures string
- Excluded signatures.
- FailOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- GetAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- IntelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- IpsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- NgfwMax intScan Range 
- NGFW policy-mode app detection threshold.
- NpAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- PacketLog intQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- SessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- SkypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- SocketSize int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- SyncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- TlsActive GlobalProbe Tls Active Probe Args 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- TrafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode String
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem IntegerLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel StringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database String
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp IntegerInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp IntegerInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount Integer
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures String
- Excluded signatures.
- failOpen String
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode String
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve StringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax IntegerScan Range 
- NGFW policy-mode app detection threshold.
- npAccel StringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog IntegerQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit StringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient StringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize Integer
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession StringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive GlobalProbe Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit String
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode string
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem numberLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel stringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database string
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp numberInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp numberInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount number
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures string
- Excluded signatures.
- failOpen string
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll stringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode string
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve stringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax numberScan Range 
- NGFW policy-mode app detection threshold.
- npAccel stringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog numberQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit stringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient stringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize number
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession stringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive GlobalProbe Tls Active Probe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit string
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomaly_mode str
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- av_mem_ intlimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cp_accel_ strmode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database str
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deep_app_ intinsp_ db_ limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deep_app_ intinsp_ timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engine_count int
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- exclude_signatures str
- Excluded signatures.
- fail_open str
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- get_all_ strtables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligent_mode str
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ips_reserve_ strcpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfw_max_ intscan_ range 
- NGFW policy-mode app detection threshold.
- np_accel_ strmode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packet_log_ intqueue_ depth 
- Packet/pcap log queue depth per IPS engine.
- session_limit_ strmode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skype_client_ strpublic_ ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socket_size int
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- sync_session_ strttl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tls_active_ Globalprobe Tls Active Probe Args 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- traffic_submit str
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- anomalyMode String
- Global blocking mode for rate-based anomalies. Valid values: periodical,continuous.
- avMem NumberLimit 
- Maximum percentage of system memory allowed for use on AV scanning (10 - 50, default = zero). To disable set to zero. When disabled, there is no limit on the AV memory usage.
- cpAccel StringMode 
- IPS Pattern matching acceleration/offloading to CPx processors. Valid values: none,basic,advanced.
- database String
- Regular or extended IPS database. Regular protects against the latest common and in-the-wild attacks. Extended includes protection from legacy attacks. Valid values: regular,extended.
- deepApp NumberInsp Db Limit 
- Limit on number of entries in deep application inspection database (1 - 2147483647, use recommended setting = 0).
- deepApp NumberInsp Timeout 
- Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting).
- engineCount Number
- Number of IPS engines running. If set to the default value of 0, FortiOS sets the number to optimize performance depending on the number of CPU cores.
- excludeSignatures String
- Excluded signatures.
- failOpen String
- Enable to allow traffic if the IPS process crashes. Default is disable and IPS traffic is blocked when the IPS process crashes. Valid values: enable,disable.
- getAll StringTables 
- Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- intelligentMode String
- Enable/disable IPS adaptive scanning (intelligent mode). Intelligent mode optimizes the scanning method for the type of traffic. Valid values: enable,disable.
- ipsReserve StringCpu 
- Enable/disable IPS daemon's use of CPUs other than CPU 0 Valid values: disable,enable.
- ngfwMax NumberScan Range 
- NGFW policy-mode app detection threshold.
- npAccel StringMode 
- Acceleration mode for IPS processing by NPx processors. Valid values: none,basic.
- packetLog NumberQueue Depth 
- Packet/pcap log queue depth per IPS engine.
- sessionLimit StringMode 
- Method of counting concurrent sessions used by session limit anomalies. Choose between greater accuracy (accurate) or improved performance (heuristics). Valid values: accurate,heuristic.
- skypeClient StringPublic Ipaddr 
- Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas.
- socketSize Number
- IPS socket buffer size. Max and default value depend on available memory. Can be changed to tune performance.
- syncSession StringTtl 
- Enable/disable use of kernel session TTL for IPS sessions. Valid values: enable,disable.
- tlsActive Property MapProbe 
- TLS active probe configuration. The structure of tls_active_probeblock is documented below.
- trafficSubmit String
- Enable/disable submitting attack data found by this FortiGate to FortiGuard. Valid values: enable,disable.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
GlobalTlsActiveProbe, GlobalTlsActiveProbeArgs        
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- SourceIp string
- Source IP address used for TLS active probe.
- SourceIp6 string
- Source IPv6 address used for TLS active probe.
- Vdom string
- Virtual domain name for TLS active probe.
- Interface string
- Specify outgoing interface to reach server.
- InterfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- SourceIp string
- Source IP address used for TLS active probe.
- SourceIp6 string
- Source IPv6 address used for TLS active probe.
- Vdom string
- Virtual domain name for TLS active probe.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- interface_ String
- Specify outgoing interface to reach server.
- sourceIp String
- Source IP address used for TLS active probe.
- sourceIp6 String
- Source IPv6 address used for TLS active probe.
- vdom String
- Virtual domain name for TLS active probe.
- interface string
- Specify outgoing interface to reach server.
- interfaceSelect stringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- sourceIp string
- Source IP address used for TLS active probe.
- sourceIp6 string
- Source IPv6 address used for TLS active probe.
- vdom string
- Virtual domain name for TLS active probe.
- interface str
- Specify outgoing interface to reach server.
- interface_select_ strmethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- source_ip str
- Source IP address used for TLS active probe.
- source_ip6 str
- Source IPv6 address used for TLS active probe.
- vdom str
- Virtual domain name for TLS active probe.
- interface String
- Specify outgoing interface to reach server.
- interfaceSelect StringMethod 
- Specify how to select outgoing interface to reach server. Valid values: auto,sdwan,specify.
- sourceIp String
- Source IP address used for TLS active probe.
- sourceIp6 String
- Source IPv6 address used for TLS active probe.
- vdom String
- Virtual domain name for TLS active probe.
Import
Ips Global can be imported using any of these accepted formats:
$ pulumi import fortios:ips/global:Global labelname IpsGlobal
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:ips/global:Global labelname IpsGlobal
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the fortiosTerraform Provider.
