1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Policy6
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

fortios.firewall.Policy6

Explore with Pulumi AI

fortios logo
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

    Configure IPv6 policies. Applies to FortiOS Version <= 6.4.0.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.firewall.Policy6("trname", {
        action: "deny",
        diffservForward: "disable",
        diffservReverse: "disable",
        diffservcodeForward: "000000",
        diffservcodeRev: "000000",
        dsri: "disable",
        dstaddrs: [{
            name: "all",
        }],
        dstaddrNegate: "disable",
        dstintfs: [{
            name: "port3",
        }],
        firewallSessionDirty: "check-all",
        fixedport: "disable",
        inbound: "disable",
        ippool: "disable",
        logtraffic: "disable",
        logtrafficStart: "disable",
        nat: "disable",
        natinbound: "disable",
        natoutbound: "disable",
        outbound: "disable",
        policyid: 1,
        profileProtocolOptions: "default",
        profileType: "single",
        rsso: "disable",
        schedule: "always",
        sendDenyPacket: "disable",
        services: [{
            name: "ALL",
        }],
        serviceNegate: "disable",
        srcaddrs: [{
            name: "all",
        }],
        srcaddrNegate: "disable",
        srcintfs: [{
            name: "port4",
        }],
        sslMirror: "disable",
        status: "enable",
        tcpMssReceiver: 0,
        tcpMssSender: 0,
        tcpSessionWithoutSyn: "disable",
        timeoutSendRst: "disable",
        tos: "0x00",
        tosMask: "0x00",
        tosNegate: "disable",
        utmStatus: "disable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.firewall.Policy6("trname",
        action="deny",
        diffserv_forward="disable",
        diffserv_reverse="disable",
        diffservcode_forward="000000",
        diffservcode_rev="000000",
        dsri="disable",
        dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
            name="all",
        )],
        dstaddr_negate="disable",
        dstintfs=[fortios.firewall.Policy6DstintfArgs(
            name="port3",
        )],
        firewall_session_dirty="check-all",
        fixedport="disable",
        inbound="disable",
        ippool="disable",
        logtraffic="disable",
        logtraffic_start="disable",
        nat="disable",
        natinbound="disable",
        natoutbound="disable",
        outbound="disable",
        policyid=1,
        profile_protocol_options="default",
        profile_type="single",
        rsso="disable",
        schedule="always",
        send_deny_packet="disable",
        services=[fortios.firewall.Policy6ServiceArgs(
            name="ALL",
        )],
        service_negate="disable",
        srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
            name="all",
        )],
        srcaddr_negate="disable",
        srcintfs=[fortios.firewall.Policy6SrcintfArgs(
            name="port4",
        )],
        ssl_mirror="disable",
        status="enable",
        tcp_mss_receiver=0,
        tcp_mss_sender=0,
        tcp_session_without_syn="disable",
        timeout_send_rst="disable",
        tos="0x00",
        tos_mask="0x00",
        tos_negate="disable",
        utm_status="disable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewPolicy6(ctx, "trname", &firewall.Policy6Args{
    			Action:              pulumi.String("deny"),
    			DiffservForward:     pulumi.String("disable"),
    			DiffservReverse:     pulumi.String("disable"),
    			DiffservcodeForward: pulumi.String("000000"),
    			DiffservcodeRev:     pulumi.String("000000"),
    			Dsri:                pulumi.String("disable"),
    			Dstaddrs: firewall.Policy6DstaddrArray{
    				&firewall.Policy6DstaddrArgs{
    					Name: pulumi.String("all"),
    				},
    			},
    			DstaddrNegate: pulumi.String("disable"),
    			Dstintfs: firewall.Policy6DstintfArray{
    				&firewall.Policy6DstintfArgs{
    					Name: pulumi.String("port3"),
    				},
    			},
    			FirewallSessionDirty:   pulumi.String("check-all"),
    			Fixedport:              pulumi.String("disable"),
    			Inbound:                pulumi.String("disable"),
    			Ippool:                 pulumi.String("disable"),
    			Logtraffic:             pulumi.String("disable"),
    			LogtrafficStart:        pulumi.String("disable"),
    			Nat:                    pulumi.String("disable"),
    			Natinbound:             pulumi.String("disable"),
    			Natoutbound:            pulumi.String("disable"),
    			Outbound:               pulumi.String("disable"),
    			Policyid:               pulumi.Int(1),
    			ProfileProtocolOptions: pulumi.String("default"),
    			ProfileType:            pulumi.String("single"),
    			Rsso:                   pulumi.String("disable"),
    			Schedule:               pulumi.String("always"),
    			SendDenyPacket:         pulumi.String("disable"),
    			Services: firewall.Policy6ServiceArray{
    				&firewall.Policy6ServiceArgs{
    					Name: pulumi.String("ALL"),
    				},
    			},
    			ServiceNegate: pulumi.String("disable"),
    			Srcaddrs: firewall.Policy6SrcaddrArray{
    				&firewall.Policy6SrcaddrArgs{
    					Name: pulumi.String("all"),
    				},
    			},
    			SrcaddrNegate: pulumi.String("disable"),
    			Srcintfs: firewall.Policy6SrcintfArray{
    				&firewall.Policy6SrcintfArgs{
    					Name: pulumi.String("port4"),
    				},
    			},
    			SslMirror:            pulumi.String("disable"),
    			Status:               pulumi.String("enable"),
    			TcpMssReceiver:       pulumi.Int(0),
    			TcpMssSender:         pulumi.Int(0),
    			TcpSessionWithoutSyn: pulumi.String("disable"),
    			TimeoutSendRst:       pulumi.String("disable"),
    			Tos:                  pulumi.String("0x00"),
    			TosMask:              pulumi.String("0x00"),
    			TosNegate:            pulumi.String("disable"),
    			UtmStatus:            pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Firewall.Policy6("trname", new()
        {
            Action = "deny",
            DiffservForward = "disable",
            DiffservReverse = "disable",
            DiffservcodeForward = "000000",
            DiffservcodeRev = "000000",
            Dsri = "disable",
            Dstaddrs = new[]
            {
                new Fortios.Firewall.Inputs.Policy6DstaddrArgs
                {
                    Name = "all",
                },
            },
            DstaddrNegate = "disable",
            Dstintfs = new[]
            {
                new Fortios.Firewall.Inputs.Policy6DstintfArgs
                {
                    Name = "port3",
                },
            },
            FirewallSessionDirty = "check-all",
            Fixedport = "disable",
            Inbound = "disable",
            Ippool = "disable",
            Logtraffic = "disable",
            LogtrafficStart = "disable",
            Nat = "disable",
            Natinbound = "disable",
            Natoutbound = "disable",
            Outbound = "disable",
            Policyid = 1,
            ProfileProtocolOptions = "default",
            ProfileType = "single",
            Rsso = "disable",
            Schedule = "always",
            SendDenyPacket = "disable",
            Services = new[]
            {
                new Fortios.Firewall.Inputs.Policy6ServiceArgs
                {
                    Name = "ALL",
                },
            },
            ServiceNegate = "disable",
            Srcaddrs = new[]
            {
                new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
                {
                    Name = "all",
                },
            },
            SrcaddrNegate = "disable",
            Srcintfs = new[]
            {
                new Fortios.Firewall.Inputs.Policy6SrcintfArgs
                {
                    Name = "port4",
                },
            },
            SslMirror = "disable",
            Status = "enable",
            TcpMssReceiver = 0,
            TcpMssSender = 0,
            TcpSessionWithoutSyn = "disable",
            TimeoutSendRst = "disable",
            Tos = "0x00",
            TosMask = "0x00",
            TosNegate = "disable",
            UtmStatus = "disable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Policy6;
    import com.pulumi.fortios.firewall.Policy6Args;
    import com.pulumi.fortios.firewall.inputs.Policy6DstaddrArgs;
    import com.pulumi.fortios.firewall.inputs.Policy6DstintfArgs;
    import com.pulumi.fortios.firewall.inputs.Policy6ServiceArgs;
    import com.pulumi.fortios.firewall.inputs.Policy6SrcaddrArgs;
    import com.pulumi.fortios.firewall.inputs.Policy6SrcintfArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Policy6("trname", Policy6Args.builder()        
                .action("deny")
                .diffservForward("disable")
                .diffservReverse("disable")
                .diffservcodeForward("000000")
                .diffservcodeRev("000000")
                .dsri("disable")
                .dstaddrs(Policy6DstaddrArgs.builder()
                    .name("all")
                    .build())
                .dstaddrNegate("disable")
                .dstintfs(Policy6DstintfArgs.builder()
                    .name("port3")
                    .build())
                .firewallSessionDirty("check-all")
                .fixedport("disable")
                .inbound("disable")
                .ippool("disable")
                .logtraffic("disable")
                .logtrafficStart("disable")
                .nat("disable")
                .natinbound("disable")
                .natoutbound("disable")
                .outbound("disable")
                .policyid(1)
                .profileProtocolOptions("default")
                .profileType("single")
                .rsso("disable")
                .schedule("always")
                .sendDenyPacket("disable")
                .services(Policy6ServiceArgs.builder()
                    .name("ALL")
                    .build())
                .serviceNegate("disable")
                .srcaddrs(Policy6SrcaddrArgs.builder()
                    .name("all")
                    .build())
                .srcaddrNegate("disable")
                .srcintfs(Policy6SrcintfArgs.builder()
                    .name("port4")
                    .build())
                .sslMirror("disable")
                .status("enable")
                .tcpMssReceiver(0)
                .tcpMssSender(0)
                .tcpSessionWithoutSyn("disable")
                .timeoutSendRst("disable")
                .tos("0x00")
                .tosMask("0x00")
                .tosNegate("disable")
                .utmStatus("disable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:firewall:Policy6
        properties:
          action: deny
          diffservForward: disable
          diffservReverse: disable
          diffservcodeForward: '000000'
          diffservcodeRev: '000000'
          dsri: disable
          dstaddrs:
            - name: all
          dstaddrNegate: disable
          dstintfs:
            - name: port3
          firewallSessionDirty: check-all
          fixedport: disable
          inbound: disable
          ippool: disable
          logtraffic: disable
          logtrafficStart: disable
          nat: disable
          natinbound: disable
          natoutbound: disable
          outbound: disable
          policyid: 1
          profileProtocolOptions: default
          profileType: single
          rsso: disable
          schedule: always
          sendDenyPacket: disable
          services:
            - name: ALL
          serviceNegate: disable
          srcaddrs:
            - name: all
          srcaddrNegate: disable
          srcintfs:
            - name: port4
          sslMirror: disable
          status: enable
          tcpMssReceiver: 0
          tcpMssSender: 0
          tcpSessionWithoutSyn: disable
          timeoutSendRst: disable
          tos: 0x00
          tosMask: 0x00
          tosNegate: disable
          utmStatus: disable
    

    Create Policy6 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Policy6(name: string, args: Policy6Args, opts?: CustomResourceOptions);
    @overload
    def Policy6(resource_name: str,
                args: Policy6Args,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def Policy6(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
                dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
                schedule: Optional[str] = None,
                srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
                srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
                natoutbound: Optional[str] = None,
                fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
                app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
                app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
                application_list: Optional[str] = None,
                applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
                auto_asic_offload: Optional[str] = None,
                av_profile: Optional[str] = None,
                cifs_profile: Optional[str] = None,
                comments: Optional[str] = None,
                custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
                decrypted_traffic_mirror: Optional[str] = None,
                devices: Optional[Sequence[Policy6DeviceArgs]] = None,
                diffserv_forward: Optional[str] = None,
                diffserv_reverse: Optional[str] = None,
                diffservcode_forward: Optional[str] = None,
                diffservcode_rev: Optional[str] = None,
                dlp_sensor: Optional[str] = None,
                dnsfilter_profile: Optional[str] = None,
                outbound: Optional[str] = None,
                dstaddr_negate: Optional[str] = None,
                dynamic_sort_subtable: Optional[str] = None,
                emailfilter_profile: Optional[str] = None,
                firewall_session_dirty: Optional[str] = None,
                fixedport: Optional[str] = None,
                per_ip_shaper: Optional[str] = None,
                get_all_tables: Optional[str] = None,
                global_label: Optional[str] = None,
                groups: Optional[Sequence[Policy6GroupArgs]] = None,
                http_policy_redirect: Optional[str] = None,
                icap_profile: Optional[str] = None,
                inbound: Optional[str] = None,
                inspection_mode: Optional[str] = None,
                ippool: Optional[str] = None,
                ips_sensor: Optional[str] = None,
                label: Optional[str] = None,
                logtraffic: Optional[str] = None,
                logtraffic_start: Optional[str] = None,
                name: Optional[str] = None,
                nat: Optional[str] = None,
                natinbound: Optional[str] = None,
                action: Optional[str] = None,
                dsri: Optional[str] = None,
                anti_replay: Optional[str] = None,
                webproxy_forward_server: Optional[str] = None,
                poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
                profile_group: Optional[str] = None,
                profile_protocol_options: Optional[str] = None,
                profile_type: Optional[str] = None,
                replacemsg_override_group: Optional[str] = None,
                rsso: Optional[str] = None,
                send_deny_packet: Optional[str] = None,
                service_negate: Optional[str] = None,
                services: Optional[Sequence[Policy6ServiceArgs]] = None,
                session_ttl: Optional[int] = None,
                spamfilter_profile: Optional[str] = None,
                srcaddr_negate: Optional[str] = None,
                ssh_filter_profile: Optional[str] = None,
                ssh_policy_redirect: Optional[str] = None,
                ssl_mirror: Optional[str] = None,
                ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
                ssl_ssh_profile: Optional[str] = None,
                status: Optional[str] = None,
                tcp_mss_receiver: Optional[int] = None,
                tcp_mss_sender: Optional[int] = None,
                tcp_session_without_syn: Optional[str] = None,
                timeout_send_rst: Optional[str] = None,
                tos: Optional[str] = None,
                tos_mask: Optional[str] = None,
                tos_negate: Optional[str] = None,
                traffic_shaper: Optional[str] = None,
                traffic_shaper_reverse: Optional[str] = None,
                url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
                users: Optional[Sequence[Policy6UserArgs]] = None,
                utm_status: Optional[str] = None,
                uuid: Optional[str] = None,
                vdomparam: Optional[str] = None,
                vlan_cos_fwd: Optional[int] = None,
                vlan_cos_rev: Optional[int] = None,
                vlan_filter: Optional[str] = None,
                voip_profile: Optional[str] = None,
                vpntunnel: Optional[str] = None,
                waf_profile: Optional[str] = None,
                webcache: Optional[str] = None,
                webcache_https: Optional[str] = None,
                webfilter_profile: Optional[str] = None,
                policyid: Optional[int] = None,
                webproxy_profile: Optional[str] = None)
    func NewPolicy6(ctx *Context, name string, args Policy6Args, opts ...ResourceOption) (*Policy6, error)
    public Policy6(string name, Policy6Args args, CustomResourceOptions? opts = null)
    public Policy6(String name, Policy6Args args)
    public Policy6(String name, Policy6Args args, CustomResourceOptions options)
    
    type: fortios:firewall:Policy6
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args Policy6Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args Policy6Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args Policy6Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args Policy6Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args Policy6Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var policy6Resource = new Fortios.Firewall.Policy6("policy6Resource", new()
    {
        Dstaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstaddrArgs
            {
                Name = "string",
            },
        },
        Dstintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DstintfArgs
            {
                Name = "string",
            },
        },
        Schedule = "string",
        Srcaddrs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcaddrArgs
            {
                Name = "string",
            },
        },
        Srcintfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SrcintfArgs
            {
                Name = "string",
            },
        },
        Natoutbound = "string",
        FssoGroups = new[]
        {
            new Fortios.Firewall.Inputs.Policy6FssoGroupArgs
            {
                Name = "string",
            },
        },
        AppCategories = new[]
        {
            new Fortios.Firewall.Inputs.Policy6AppCategoryArgs
            {
                Id = 0,
            },
        },
        AppGroups = new[]
        {
            new Fortios.Firewall.Inputs.Policy6AppGroupArgs
            {
                Name = "string",
            },
        },
        ApplicationList = "string",
        Applications = new[]
        {
            new Fortios.Firewall.Inputs.Policy6ApplicationArgs
            {
                Id = 0,
            },
        },
        AutoAsicOffload = "string",
        AvProfile = "string",
        CifsProfile = "string",
        Comments = "string",
        CustomLogFields = new[]
        {
            new Fortios.Firewall.Inputs.Policy6CustomLogFieldArgs
            {
                FieldId = "string",
            },
        },
        DecryptedTrafficMirror = "string",
        Devices = new[]
        {
            new Fortios.Firewall.Inputs.Policy6DeviceArgs
            {
                Name = "string",
            },
        },
        DiffservForward = "string",
        DiffservReverse = "string",
        DiffservcodeForward = "string",
        DiffservcodeRev = "string",
        DlpSensor = "string",
        DnsfilterProfile = "string",
        Outbound = "string",
        DstaddrNegate = "string",
        DynamicSortSubtable = "string",
        EmailfilterProfile = "string",
        FirewallSessionDirty = "string",
        Fixedport = "string",
        PerIpShaper = "string",
        GetAllTables = "string",
        GlobalLabel = "string",
        Groups = new[]
        {
            new Fortios.Firewall.Inputs.Policy6GroupArgs
            {
                Name = "string",
            },
        },
        HttpPolicyRedirect = "string",
        IcapProfile = "string",
        Inbound = "string",
        InspectionMode = "string",
        Ippool = "string",
        IpsSensor = "string",
        Label = "string",
        Logtraffic = "string",
        LogtrafficStart = "string",
        Name = "string",
        Nat = "string",
        Natinbound = "string",
        Action = "string",
        Dsri = "string",
        AntiReplay = "string",
        WebproxyForwardServer = "string",
        Poolnames = new[]
        {
            new Fortios.Firewall.Inputs.Policy6PoolnameArgs
            {
                Name = "string",
            },
        },
        ProfileGroup = "string",
        ProfileProtocolOptions = "string",
        ProfileType = "string",
        ReplacemsgOverrideGroup = "string",
        Rsso = "string",
        SendDenyPacket = "string",
        ServiceNegate = "string",
        Services = new[]
        {
            new Fortios.Firewall.Inputs.Policy6ServiceArgs
            {
                Name = "string",
            },
        },
        SessionTtl = 0,
        SpamfilterProfile = "string",
        SrcaddrNegate = "string",
        SshFilterProfile = "string",
        SshPolicyRedirect = "string",
        SslMirror = "string",
        SslMirrorIntfs = new[]
        {
            new Fortios.Firewall.Inputs.Policy6SslMirrorIntfArgs
            {
                Name = "string",
            },
        },
        SslSshProfile = "string",
        Status = "string",
        TcpMssReceiver = 0,
        TcpMssSender = 0,
        TcpSessionWithoutSyn = "string",
        TimeoutSendRst = "string",
        Tos = "string",
        TosMask = "string",
        TosNegate = "string",
        TrafficShaper = "string",
        TrafficShaperReverse = "string",
        UrlCategories = new[]
        {
            new Fortios.Firewall.Inputs.Policy6UrlCategoryArgs
            {
                Id = 0,
            },
        },
        Users = new[]
        {
            new Fortios.Firewall.Inputs.Policy6UserArgs
            {
                Name = "string",
            },
        },
        UtmStatus = "string",
        Uuid = "string",
        Vdomparam = "string",
        VlanCosFwd = 0,
        VlanCosRev = 0,
        VlanFilter = "string",
        VoipProfile = "string",
        Vpntunnel = "string",
        WafProfile = "string",
        Webcache = "string",
        WebcacheHttps = "string",
        WebfilterProfile = "string",
        Policyid = 0,
        WebproxyProfile = "string",
    });
    
    example, err := firewall.NewPolicy6(ctx, "policy6Resource", &firewall.Policy6Args{
    	Dstaddrs: firewall.Policy6DstaddrArray{
    		&firewall.Policy6DstaddrArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Dstintfs: firewall.Policy6DstintfArray{
    		&firewall.Policy6DstintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Schedule: pulumi.String("string"),
    	Srcaddrs: firewall.Policy6SrcaddrArray{
    		&firewall.Policy6SrcaddrArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Srcintfs: firewall.Policy6SrcintfArray{
    		&firewall.Policy6SrcintfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Natoutbound: pulumi.String("string"),
    	FssoGroups: firewall.Policy6FssoGroupArray{
    		&firewall.Policy6FssoGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	AppCategories: firewall.Policy6AppCategoryArray{
    		&firewall.Policy6AppCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AppGroups: firewall.Policy6AppGroupArray{
    		&firewall.Policy6AppGroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	ApplicationList: pulumi.String("string"),
    	Applications: firewall.Policy6ApplicationArray{
    		&firewall.Policy6ApplicationArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	AutoAsicOffload: pulumi.String("string"),
    	AvProfile:       pulumi.String("string"),
    	CifsProfile:     pulumi.String("string"),
    	Comments:        pulumi.String("string"),
    	CustomLogFields: firewall.Policy6CustomLogFieldArray{
    		&firewall.Policy6CustomLogFieldArgs{
    			FieldId: pulumi.String("string"),
    		},
    	},
    	DecryptedTrafficMirror: pulumi.String("string"),
    	Devices: firewall.Policy6DeviceArray{
    		&firewall.Policy6DeviceArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	DiffservForward:      pulumi.String("string"),
    	DiffservReverse:      pulumi.String("string"),
    	DiffservcodeForward:  pulumi.String("string"),
    	DiffservcodeRev:      pulumi.String("string"),
    	DlpSensor:            pulumi.String("string"),
    	DnsfilterProfile:     pulumi.String("string"),
    	Outbound:             pulumi.String("string"),
    	DstaddrNegate:        pulumi.String("string"),
    	DynamicSortSubtable:  pulumi.String("string"),
    	EmailfilterProfile:   pulumi.String("string"),
    	FirewallSessionDirty: pulumi.String("string"),
    	Fixedport:            pulumi.String("string"),
    	PerIpShaper:          pulumi.String("string"),
    	GetAllTables:         pulumi.String("string"),
    	GlobalLabel:          pulumi.String("string"),
    	Groups: firewall.Policy6GroupArray{
    		&firewall.Policy6GroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	HttpPolicyRedirect:    pulumi.String("string"),
    	IcapProfile:           pulumi.String("string"),
    	Inbound:               pulumi.String("string"),
    	InspectionMode:        pulumi.String("string"),
    	Ippool:                pulumi.String("string"),
    	IpsSensor:             pulumi.String("string"),
    	Label:                 pulumi.String("string"),
    	Logtraffic:            pulumi.String("string"),
    	LogtrafficStart:       pulumi.String("string"),
    	Name:                  pulumi.String("string"),
    	Nat:                   pulumi.String("string"),
    	Natinbound:            pulumi.String("string"),
    	Action:                pulumi.String("string"),
    	Dsri:                  pulumi.String("string"),
    	AntiReplay:            pulumi.String("string"),
    	WebproxyForwardServer: pulumi.String("string"),
    	Poolnames: firewall.Policy6PoolnameArray{
    		&firewall.Policy6PoolnameArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	ProfileGroup:            pulumi.String("string"),
    	ProfileProtocolOptions:  pulumi.String("string"),
    	ProfileType:             pulumi.String("string"),
    	ReplacemsgOverrideGroup: pulumi.String("string"),
    	Rsso:                    pulumi.String("string"),
    	SendDenyPacket:          pulumi.String("string"),
    	ServiceNegate:           pulumi.String("string"),
    	Services: firewall.Policy6ServiceArray{
    		&firewall.Policy6ServiceArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SessionTtl:        pulumi.Int(0),
    	SpamfilterProfile: pulumi.String("string"),
    	SrcaddrNegate:     pulumi.String("string"),
    	SshFilterProfile:  pulumi.String("string"),
    	SshPolicyRedirect: pulumi.String("string"),
    	SslMirror:         pulumi.String("string"),
    	SslMirrorIntfs: firewall.Policy6SslMirrorIntfArray{
    		&firewall.Policy6SslMirrorIntfArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SslSshProfile:        pulumi.String("string"),
    	Status:               pulumi.String("string"),
    	TcpMssReceiver:       pulumi.Int(0),
    	TcpMssSender:         pulumi.Int(0),
    	TcpSessionWithoutSyn: pulumi.String("string"),
    	TimeoutSendRst:       pulumi.String("string"),
    	Tos:                  pulumi.String("string"),
    	TosMask:              pulumi.String("string"),
    	TosNegate:            pulumi.String("string"),
    	TrafficShaper:        pulumi.String("string"),
    	TrafficShaperReverse: pulumi.String("string"),
    	UrlCategories: firewall.Policy6UrlCategoryArray{
    		&firewall.Policy6UrlCategoryArgs{
    			Id: pulumi.Int(0),
    		},
    	},
    	Users: firewall.Policy6UserArray{
    		&firewall.Policy6UserArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	UtmStatus:        pulumi.String("string"),
    	Uuid:             pulumi.String("string"),
    	Vdomparam:        pulumi.String("string"),
    	VlanCosFwd:       pulumi.Int(0),
    	VlanCosRev:       pulumi.Int(0),
    	VlanFilter:       pulumi.String("string"),
    	VoipProfile:      pulumi.String("string"),
    	Vpntunnel:        pulumi.String("string"),
    	WafProfile:       pulumi.String("string"),
    	Webcache:         pulumi.String("string"),
    	WebcacheHttps:    pulumi.String("string"),
    	WebfilterProfile: pulumi.String("string"),
    	Policyid:         pulumi.Int(0),
    	WebproxyProfile:  pulumi.String("string"),
    })
    
    var policy6Resource = new Policy6("policy6Resource", Policy6Args.builder()
        .dstaddrs(Policy6DstaddrArgs.builder()
            .name("string")
            .build())
        .dstintfs(Policy6DstintfArgs.builder()
            .name("string")
            .build())
        .schedule("string")
        .srcaddrs(Policy6SrcaddrArgs.builder()
            .name("string")
            .build())
        .srcintfs(Policy6SrcintfArgs.builder()
            .name("string")
            .build())
        .natoutbound("string")
        .fssoGroups(Policy6FssoGroupArgs.builder()
            .name("string")
            .build())
        .appCategories(Policy6AppCategoryArgs.builder()
            .id(0)
            .build())
        .appGroups(Policy6AppGroupArgs.builder()
            .name("string")
            .build())
        .applicationList("string")
        .applications(Policy6ApplicationArgs.builder()
            .id(0)
            .build())
        .autoAsicOffload("string")
        .avProfile("string")
        .cifsProfile("string")
        .comments("string")
        .customLogFields(Policy6CustomLogFieldArgs.builder()
            .fieldId("string")
            .build())
        .decryptedTrafficMirror("string")
        .devices(Policy6DeviceArgs.builder()
            .name("string")
            .build())
        .diffservForward("string")
        .diffservReverse("string")
        .diffservcodeForward("string")
        .diffservcodeRev("string")
        .dlpSensor("string")
        .dnsfilterProfile("string")
        .outbound("string")
        .dstaddrNegate("string")
        .dynamicSortSubtable("string")
        .emailfilterProfile("string")
        .firewallSessionDirty("string")
        .fixedport("string")
        .perIpShaper("string")
        .getAllTables("string")
        .globalLabel("string")
        .groups(Policy6GroupArgs.builder()
            .name("string")
            .build())
        .httpPolicyRedirect("string")
        .icapProfile("string")
        .inbound("string")
        .inspectionMode("string")
        .ippool("string")
        .ipsSensor("string")
        .label("string")
        .logtraffic("string")
        .logtrafficStart("string")
        .name("string")
        .nat("string")
        .natinbound("string")
        .action("string")
        .dsri("string")
        .antiReplay("string")
        .webproxyForwardServer("string")
        .poolnames(Policy6PoolnameArgs.builder()
            .name("string")
            .build())
        .profileGroup("string")
        .profileProtocolOptions("string")
        .profileType("string")
        .replacemsgOverrideGroup("string")
        .rsso("string")
        .sendDenyPacket("string")
        .serviceNegate("string")
        .services(Policy6ServiceArgs.builder()
            .name("string")
            .build())
        .sessionTtl(0)
        .spamfilterProfile("string")
        .srcaddrNegate("string")
        .sshFilterProfile("string")
        .sshPolicyRedirect("string")
        .sslMirror("string")
        .sslMirrorIntfs(Policy6SslMirrorIntfArgs.builder()
            .name("string")
            .build())
        .sslSshProfile("string")
        .status("string")
        .tcpMssReceiver(0)
        .tcpMssSender(0)
        .tcpSessionWithoutSyn("string")
        .timeoutSendRst("string")
        .tos("string")
        .tosMask("string")
        .tosNegate("string")
        .trafficShaper("string")
        .trafficShaperReverse("string")
        .urlCategories(Policy6UrlCategoryArgs.builder()
            .id(0)
            .build())
        .users(Policy6UserArgs.builder()
            .name("string")
            .build())
        .utmStatus("string")
        .uuid("string")
        .vdomparam("string")
        .vlanCosFwd(0)
        .vlanCosRev(0)
        .vlanFilter("string")
        .voipProfile("string")
        .vpntunnel("string")
        .wafProfile("string")
        .webcache("string")
        .webcacheHttps("string")
        .webfilterProfile("string")
        .policyid(0)
        .webproxyProfile("string")
        .build());
    
    policy6_resource = fortios.firewall.Policy6("policy6Resource",
        dstaddrs=[fortios.firewall.Policy6DstaddrArgs(
            name="string",
        )],
        dstintfs=[fortios.firewall.Policy6DstintfArgs(
            name="string",
        )],
        schedule="string",
        srcaddrs=[fortios.firewall.Policy6SrcaddrArgs(
            name="string",
        )],
        srcintfs=[fortios.firewall.Policy6SrcintfArgs(
            name="string",
        )],
        natoutbound="string",
        fsso_groups=[fortios.firewall.Policy6FssoGroupArgs(
            name="string",
        )],
        app_categories=[fortios.firewall.Policy6AppCategoryArgs(
            id=0,
        )],
        app_groups=[fortios.firewall.Policy6AppGroupArgs(
            name="string",
        )],
        application_list="string",
        applications=[fortios.firewall.Policy6ApplicationArgs(
            id=0,
        )],
        auto_asic_offload="string",
        av_profile="string",
        cifs_profile="string",
        comments="string",
        custom_log_fields=[fortios.firewall.Policy6CustomLogFieldArgs(
            field_id="string",
        )],
        decrypted_traffic_mirror="string",
        devices=[fortios.firewall.Policy6DeviceArgs(
            name="string",
        )],
        diffserv_forward="string",
        diffserv_reverse="string",
        diffservcode_forward="string",
        diffservcode_rev="string",
        dlp_sensor="string",
        dnsfilter_profile="string",
        outbound="string",
        dstaddr_negate="string",
        dynamic_sort_subtable="string",
        emailfilter_profile="string",
        firewall_session_dirty="string",
        fixedport="string",
        per_ip_shaper="string",
        get_all_tables="string",
        global_label="string",
        groups=[fortios.firewall.Policy6GroupArgs(
            name="string",
        )],
        http_policy_redirect="string",
        icap_profile="string",
        inbound="string",
        inspection_mode="string",
        ippool="string",
        ips_sensor="string",
        label="string",
        logtraffic="string",
        logtraffic_start="string",
        name="string",
        nat="string",
        natinbound="string",
        action="string",
        dsri="string",
        anti_replay="string",
        webproxy_forward_server="string",
        poolnames=[fortios.firewall.Policy6PoolnameArgs(
            name="string",
        )],
        profile_group="string",
        profile_protocol_options="string",
        profile_type="string",
        replacemsg_override_group="string",
        rsso="string",
        send_deny_packet="string",
        service_negate="string",
        services=[fortios.firewall.Policy6ServiceArgs(
            name="string",
        )],
        session_ttl=0,
        spamfilter_profile="string",
        srcaddr_negate="string",
        ssh_filter_profile="string",
        ssh_policy_redirect="string",
        ssl_mirror="string",
        ssl_mirror_intfs=[fortios.firewall.Policy6SslMirrorIntfArgs(
            name="string",
        )],
        ssl_ssh_profile="string",
        status="string",
        tcp_mss_receiver=0,
        tcp_mss_sender=0,
        tcp_session_without_syn="string",
        timeout_send_rst="string",
        tos="string",
        tos_mask="string",
        tos_negate="string",
        traffic_shaper="string",
        traffic_shaper_reverse="string",
        url_categories=[fortios.firewall.Policy6UrlCategoryArgs(
            id=0,
        )],
        users=[fortios.firewall.Policy6UserArgs(
            name="string",
        )],
        utm_status="string",
        uuid="string",
        vdomparam="string",
        vlan_cos_fwd=0,
        vlan_cos_rev=0,
        vlan_filter="string",
        voip_profile="string",
        vpntunnel="string",
        waf_profile="string",
        webcache="string",
        webcache_https="string",
        webfilter_profile="string",
        policyid=0,
        webproxy_profile="string")
    
    const policy6Resource = new fortios.firewall.Policy6("policy6Resource", {
        dstaddrs: [{
            name: "string",
        }],
        dstintfs: [{
            name: "string",
        }],
        schedule: "string",
        srcaddrs: [{
            name: "string",
        }],
        srcintfs: [{
            name: "string",
        }],
        natoutbound: "string",
        fssoGroups: [{
            name: "string",
        }],
        appCategories: [{
            id: 0,
        }],
        appGroups: [{
            name: "string",
        }],
        applicationList: "string",
        applications: [{
            id: 0,
        }],
        autoAsicOffload: "string",
        avProfile: "string",
        cifsProfile: "string",
        comments: "string",
        customLogFields: [{
            fieldId: "string",
        }],
        decryptedTrafficMirror: "string",
        devices: [{
            name: "string",
        }],
        diffservForward: "string",
        diffservReverse: "string",
        diffservcodeForward: "string",
        diffservcodeRev: "string",
        dlpSensor: "string",
        dnsfilterProfile: "string",
        outbound: "string",
        dstaddrNegate: "string",
        dynamicSortSubtable: "string",
        emailfilterProfile: "string",
        firewallSessionDirty: "string",
        fixedport: "string",
        perIpShaper: "string",
        getAllTables: "string",
        globalLabel: "string",
        groups: [{
            name: "string",
        }],
        httpPolicyRedirect: "string",
        icapProfile: "string",
        inbound: "string",
        inspectionMode: "string",
        ippool: "string",
        ipsSensor: "string",
        label: "string",
        logtraffic: "string",
        logtrafficStart: "string",
        name: "string",
        nat: "string",
        natinbound: "string",
        action: "string",
        dsri: "string",
        antiReplay: "string",
        webproxyForwardServer: "string",
        poolnames: [{
            name: "string",
        }],
        profileGroup: "string",
        profileProtocolOptions: "string",
        profileType: "string",
        replacemsgOverrideGroup: "string",
        rsso: "string",
        sendDenyPacket: "string",
        serviceNegate: "string",
        services: [{
            name: "string",
        }],
        sessionTtl: 0,
        spamfilterProfile: "string",
        srcaddrNegate: "string",
        sshFilterProfile: "string",
        sshPolicyRedirect: "string",
        sslMirror: "string",
        sslMirrorIntfs: [{
            name: "string",
        }],
        sslSshProfile: "string",
        status: "string",
        tcpMssReceiver: 0,
        tcpMssSender: 0,
        tcpSessionWithoutSyn: "string",
        timeoutSendRst: "string",
        tos: "string",
        tosMask: "string",
        tosNegate: "string",
        trafficShaper: "string",
        trafficShaperReverse: "string",
        urlCategories: [{
            id: 0,
        }],
        users: [{
            name: "string",
        }],
        utmStatus: "string",
        uuid: "string",
        vdomparam: "string",
        vlanCosFwd: 0,
        vlanCosRev: 0,
        vlanFilter: "string",
        voipProfile: "string",
        vpntunnel: "string",
        wafProfile: "string",
        webcache: "string",
        webcacheHttps: "string",
        webfilterProfile: "string",
        policyid: 0,
        webproxyProfile: "string",
    });
    
    type: fortios:firewall:Policy6
    properties:
        action: string
        antiReplay: string
        appCategories:
            - id: 0
        appGroups:
            - name: string
        applicationList: string
        applications:
            - id: 0
        autoAsicOffload: string
        avProfile: string
        cifsProfile: string
        comments: string
        customLogFields:
            - fieldId: string
        decryptedTrafficMirror: string
        devices:
            - name: string
        diffservForward: string
        diffservReverse: string
        diffservcodeForward: string
        diffservcodeRev: string
        dlpSensor: string
        dnsfilterProfile: string
        dsri: string
        dstaddrNegate: string
        dstaddrs:
            - name: string
        dstintfs:
            - name: string
        dynamicSortSubtable: string
        emailfilterProfile: string
        firewallSessionDirty: string
        fixedport: string
        fssoGroups:
            - name: string
        getAllTables: string
        globalLabel: string
        groups:
            - name: string
        httpPolicyRedirect: string
        icapProfile: string
        inbound: string
        inspectionMode: string
        ippool: string
        ipsSensor: string
        label: string
        logtraffic: string
        logtrafficStart: string
        name: string
        nat: string
        natinbound: string
        natoutbound: string
        outbound: string
        perIpShaper: string
        policyid: 0
        poolnames:
            - name: string
        profileGroup: string
        profileProtocolOptions: string
        profileType: string
        replacemsgOverrideGroup: string
        rsso: string
        schedule: string
        sendDenyPacket: string
        serviceNegate: string
        services:
            - name: string
        sessionTtl: 0
        spamfilterProfile: string
        srcaddrNegate: string
        srcaddrs:
            - name: string
        srcintfs:
            - name: string
        sshFilterProfile: string
        sshPolicyRedirect: string
        sslMirror: string
        sslMirrorIntfs:
            - name: string
        sslSshProfile: string
        status: string
        tcpMssReceiver: 0
        tcpMssSender: 0
        tcpSessionWithoutSyn: string
        timeoutSendRst: string
        tos: string
        tosMask: string
        tosNegate: string
        trafficShaper: string
        trafficShaperReverse: string
        urlCategories:
            - id: 0
        users:
            - name: string
        utmStatus: string
        uuid: string
        vdomparam: string
        vlanCosFwd: 0
        vlanCosRev: 0
        vlanFilter: string
        voipProfile: string
        vpntunnel: string
        wafProfile: string
        webcache: string
        webcacheHttps: string
        webfilterProfile: string
        webproxyForwardServer: string
        webproxyProfile: string
    

    Policy6 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Policy6 resource accepts the following input properties:

    Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstaddr>
    Destination address and address group names. The structure of dstaddr block is documented below.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    Schedule string
    Schedule name.
    Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcaddr>
    Source address and address group names. The structure of srcaddr block is documented below.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AntiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Application>
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    CustomLogFields List<Pulumiverse.Fortios.Firewall.Inputs.Policy6CustomLogField>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    DecryptedTrafficMirror string
    Decrypted traffic mirror.
    Devices List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Device>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    FirewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6FssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GlobalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    Groups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Group>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Label string
    Label for the policy that appears when the GUI is in Section View mode.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    Natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolnames List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Poolname>
    IP Pool names. The structure of poolname block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    ReplacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    Rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    SendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Service>
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    SslMirrorIntfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6SslMirrorIntf>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    TimeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    Tos string
    ToS (Type of Service) value used for comparison.
    TosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    TosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    TrafficShaper string
    Reverse traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6UrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    Users List<Pulumiverse.Fortios.Firewall.Inputs.Policy6User>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanCosFwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanCosRev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanFilter string
    Set VLAN filters.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Web proxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    Dstaddrs []Policy6DstaddrArgs
    Destination address and address group names. The structure of dstaddr block is documented below.
    Dstintfs []Policy6DstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    Schedule string
    Schedule name.
    Srcaddrs []Policy6SrcaddrArgs
    Source address and address group names. The structure of srcaddr block is documented below.
    Srcintfs []Policy6SrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AntiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    AppCategories []Policy6AppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []Policy6AppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []Policy6ApplicationArgs
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    CustomLogFields []Policy6CustomLogFieldArgs
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    DecryptedTrafficMirror string
    Decrypted traffic mirror.
    Devices []Policy6DeviceArgs
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    FirewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups []Policy6FssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GlobalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    Groups []Policy6GroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Label string
    Label for the policy that appears when the GUI is in Section View mode.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    Natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolnames []Policy6PoolnameArgs
    IP Pool names. The structure of poolname block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    ReplacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    Rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    SendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []Policy6ServiceArgs
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    SslMirrorIntfs []Policy6SslMirrorIntfArgs
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    TimeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    Tos string
    ToS (Type of Service) value used for comparison.
    TosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    TosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    TrafficShaper string
    Reverse traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories []Policy6UrlCategoryArgs
    URL category ID list. The structure of url_category block is documented below.
    Users []Policy6UserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanCosFwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanCosRev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanFilter string
    Set VLAN filters.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Web proxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    dstaddrs List<Policy6Dstaddr>
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Policy6Dstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    schedule String
    Schedule name.
    srcaddrs List<Policy6Srcaddr>
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Policy6Srcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay String
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories List<Policy6AppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Policy6AppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Policy6Application>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    customLogFields List<Policy6CustomLogField>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror String
    Decrypted traffic mirror.
    devices List<Policy6Device>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dsri String
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    firewallSessionDirty String
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Policy6FssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel String
    Label for the policy that appears when the GUI is in Global View mode.
    groups List<Policy6Group>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    label String
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound String
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound String
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Integer
    Policy ID.
    poolnames List<Policy6Poolname>
    IP Pool names. The structure of poolname block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup String
    Override the default replacement message group for this policy.
    rsso String
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    sendDenyPacket String
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Policy6Service>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Integer
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror String
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs List<Policy6SslMirrorIntf>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Integer
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Integer
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn String
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst String
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos String
    ToS (Type of Service) value used for comparison.
    tosMask String
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate String
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper String
    Reverse traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Policy6UrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    users List<Policy6User>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd Integer
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev Integer
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter String
    Set VLAN filters.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Web proxy forward server name.
    webproxyProfile String
    Webproxy profile name.
    dstaddrs Policy6Dstaddr[]
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs Policy6Dstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    schedule string
    Schedule name.
    srcaddrs Policy6Srcaddr[]
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs Policy6Srcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories Policy6AppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups Policy6AppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications Policy6Application[]
    Application ID list. The structure of application block is documented below.
    autoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile string
    Name of an existing Antivirus profile.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    customLogFields Policy6CustomLogField[]
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror string
    Decrypted traffic mirror.
    devices Policy6Device[]
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward string
    Change packet's DiffServ to this value.
    diffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    firewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups Policy6FssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    groups Policy6Group[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile string
    Name of an existing ICAP profile.
    inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    label string
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat string
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper string
    Per-IP traffic shaper.
    policyid number
    Policy ID.
    poolnames Policy6Poolname[]
    IP Pool names. The structure of poolname block is documented below.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    sendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Policy6Service[]
    Service and service group names. The structure of service block is documented below.
    sessionTtl number
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile string
    Name of an existing Spam filter profile.
    srcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs Policy6SslMirrorIntf[]
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender number
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos string
    ToS (Type of Service) value used for comparison.
    tosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper string
    Reverse traffic shaper.
    trafficShaperReverse string
    Reverse traffic shaper.
    urlCategories Policy6UrlCategory[]
    URL category ID list. The structure of url_category block is documented below.
    users Policy6User[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd number
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev number
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter string
    Set VLAN filters.
    voipProfile string
    Name of an existing VoIP profile.
    vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile string
    Name of an existing Web application firewall profile.
    webcache string
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile string
    Name of an existing Web filter profile.
    webproxyForwardServer string
    Web proxy forward server name.
    webproxyProfile string
    Webproxy profile name.
    dstaddrs Sequence[Policy6DstaddrArgs]
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs Sequence[Policy6DstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    schedule str
    Schedule name.
    srcaddrs Sequence[Policy6SrcaddrArgs]
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs Sequence[Policy6SrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    action str
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    anti_replay str
    Enable/disable anti-replay check. Valid values: enable, disable.
    app_categories Sequence[Policy6AppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[Policy6AppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[Policy6ApplicationArgs]
    Application ID list. The structure of application block is documented below.
    auto_asic_offload str
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    av_profile str
    Name of an existing Antivirus profile.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    custom_log_fields Sequence[Policy6CustomLogFieldArgs]
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decrypted_traffic_mirror str
    Decrypted traffic mirror.
    devices Sequence[Policy6DeviceArgs]
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffserv_forward str
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffserv_reverse str
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcode_forward str
    Change packet's DiffServ to this value.
    diffservcode_rev str
    Change packet's reverse (reply) DiffServ to this value.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dsri str
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddr_negate str
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    firewall_session_dirty str
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport str
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fsso_groups Sequence[Policy6FssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    global_label str
    Label for the policy that appears when the GUI is in Global View mode.
    groups Sequence[Policy6GroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    http_policy_redirect str
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icap_profile str
    Name of an existing ICAP profile.
    inbound str
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspection_mode str
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool str
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    label str
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat str
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound str
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound str
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound str
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    per_ip_shaper str
    Per-IP traffic shaper.
    policyid int
    Policy ID.
    poolnames Sequence[Policy6PoolnameArgs]
    IP Pool names. The structure of poolname block is documented below.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsg_override_group str
    Override the default replacement message group for this policy.
    rsso str
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    send_deny_packet str
    Enable/disable return of deny-packet. Valid values: enable, disable.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[Policy6ServiceArgs]
    Service and service group names. The structure of service block is documented below.
    session_ttl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilter_profile str
    Name of an existing Spam filter profile.
    srcaddr_negate str
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssh_policy_redirect str
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    ssl_mirror str
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    ssl_mirror_intfs Sequence[Policy6SslMirrorIntfArgs]
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    tcp_mss_receiver int
    Receiver TCP maximum segment size (MSS).
    tcp_mss_sender int
    Sender TCP maximum segment size (MSS).
    tcp_session_without_syn str
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeout_send_rst str
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos str
    ToS (Type of Service) value used for comparison.
    tos_mask str
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tos_negate str
    Enable negated TOS match. Valid values: enable, disable.
    traffic_shaper str
    Reverse traffic shaper.
    traffic_shaper_reverse str
    Reverse traffic shaper.
    url_categories Sequence[Policy6UrlCategoryArgs]
    URL category ID list. The structure of url_category block is documented below.
    users Sequence[Policy6UserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utm_status str
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlan_cos_fwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlan_cos_rev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlan_filter str
    Set VLAN filters.
    voip_profile str
    Name of an existing VoIP profile.
    vpntunnel str
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    waf_profile str
    Name of an existing Web application firewall profile.
    webcache str
    Enable/disable web cache. Valid values: enable, disable.
    webcache_https str
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilter_profile str
    Name of an existing Web filter profile.
    webproxy_forward_server str
    Web proxy forward server name.
    webproxy_profile str
    Webproxy profile name.
    dstaddrs List<Property Map>
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    schedule String
    Schedule name.
    srcaddrs List<Property Map>
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay String
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    customLogFields List<Property Map>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror String
    Decrypted traffic mirror.
    devices List<Property Map>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dsri String
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    firewallSessionDirty String
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel String
    Label for the policy that appears when the GUI is in Global View mode.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    label String
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound String
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound String
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Number
    Policy ID.
    poolnames List<Property Map>
    IP Pool names. The structure of poolname block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup String
    Override the default replacement message group for this policy.
    rsso String
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    sendDenyPacket String
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Number
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror String
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs List<Property Map>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Number
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn String
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst String
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos String
    ToS (Type of Service) value used for comparison.
    tosMask String
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate String
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper String
    Reverse traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Property Map>
    URL category ID list. The structure of url_category block is documented below.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd Number
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev Number
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter String
    Set VLAN filters.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Web proxy forward server name.
    webproxyProfile String
    Webproxy profile name.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Policy6 resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Policy6 Resource

    Get an existing Policy6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: Policy6State, opts?: CustomResourceOptions): Policy6
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            anti_replay: Optional[str] = None,
            app_categories: Optional[Sequence[Policy6AppCategoryArgs]] = None,
            app_groups: Optional[Sequence[Policy6AppGroupArgs]] = None,
            application_list: Optional[str] = None,
            applications: Optional[Sequence[Policy6ApplicationArgs]] = None,
            auto_asic_offload: Optional[str] = None,
            av_profile: Optional[str] = None,
            cifs_profile: Optional[str] = None,
            comments: Optional[str] = None,
            custom_log_fields: Optional[Sequence[Policy6CustomLogFieldArgs]] = None,
            decrypted_traffic_mirror: Optional[str] = None,
            devices: Optional[Sequence[Policy6DeviceArgs]] = None,
            diffserv_forward: Optional[str] = None,
            diffserv_reverse: Optional[str] = None,
            diffservcode_forward: Optional[str] = None,
            diffservcode_rev: Optional[str] = None,
            dlp_sensor: Optional[str] = None,
            dnsfilter_profile: Optional[str] = None,
            dsri: Optional[str] = None,
            dstaddr_negate: Optional[str] = None,
            dstaddrs: Optional[Sequence[Policy6DstaddrArgs]] = None,
            dstintfs: Optional[Sequence[Policy6DstintfArgs]] = None,
            dynamic_sort_subtable: Optional[str] = None,
            emailfilter_profile: Optional[str] = None,
            firewall_session_dirty: Optional[str] = None,
            fixedport: Optional[str] = None,
            fsso_groups: Optional[Sequence[Policy6FssoGroupArgs]] = None,
            get_all_tables: Optional[str] = None,
            global_label: Optional[str] = None,
            groups: Optional[Sequence[Policy6GroupArgs]] = None,
            http_policy_redirect: Optional[str] = None,
            icap_profile: Optional[str] = None,
            inbound: Optional[str] = None,
            inspection_mode: Optional[str] = None,
            ippool: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            label: Optional[str] = None,
            logtraffic: Optional[str] = None,
            logtraffic_start: Optional[str] = None,
            name: Optional[str] = None,
            nat: Optional[str] = None,
            natinbound: Optional[str] = None,
            natoutbound: Optional[str] = None,
            outbound: Optional[str] = None,
            per_ip_shaper: Optional[str] = None,
            policyid: Optional[int] = None,
            poolnames: Optional[Sequence[Policy6PoolnameArgs]] = None,
            profile_group: Optional[str] = None,
            profile_protocol_options: Optional[str] = None,
            profile_type: Optional[str] = None,
            replacemsg_override_group: Optional[str] = None,
            rsso: Optional[str] = None,
            schedule: Optional[str] = None,
            send_deny_packet: Optional[str] = None,
            service_negate: Optional[str] = None,
            services: Optional[Sequence[Policy6ServiceArgs]] = None,
            session_ttl: Optional[int] = None,
            spamfilter_profile: Optional[str] = None,
            srcaddr_negate: Optional[str] = None,
            srcaddrs: Optional[Sequence[Policy6SrcaddrArgs]] = None,
            srcintfs: Optional[Sequence[Policy6SrcintfArgs]] = None,
            ssh_filter_profile: Optional[str] = None,
            ssh_policy_redirect: Optional[str] = None,
            ssl_mirror: Optional[str] = None,
            ssl_mirror_intfs: Optional[Sequence[Policy6SslMirrorIntfArgs]] = None,
            ssl_ssh_profile: Optional[str] = None,
            status: Optional[str] = None,
            tcp_mss_receiver: Optional[int] = None,
            tcp_mss_sender: Optional[int] = None,
            tcp_session_without_syn: Optional[str] = None,
            timeout_send_rst: Optional[str] = None,
            tos: Optional[str] = None,
            tos_mask: Optional[str] = None,
            tos_negate: Optional[str] = None,
            traffic_shaper: Optional[str] = None,
            traffic_shaper_reverse: Optional[str] = None,
            url_categories: Optional[Sequence[Policy6UrlCategoryArgs]] = None,
            users: Optional[Sequence[Policy6UserArgs]] = None,
            utm_status: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vlan_cos_fwd: Optional[int] = None,
            vlan_cos_rev: Optional[int] = None,
            vlan_filter: Optional[str] = None,
            voip_profile: Optional[str] = None,
            vpntunnel: Optional[str] = None,
            waf_profile: Optional[str] = None,
            webcache: Optional[str] = None,
            webcache_https: Optional[str] = None,
            webfilter_profile: Optional[str] = None,
            webproxy_forward_server: Optional[str] = None,
            webproxy_profile: Optional[str] = None) -> Policy6
    func GetPolicy6(ctx *Context, name string, id IDInput, state *Policy6State, opts ...ResourceOption) (*Policy6, error)
    public static Policy6 Get(string name, Input<string> id, Policy6State? state, CustomResourceOptions? opts = null)
    public static Policy6 get(String name, Output<String> id, Policy6State state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AntiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    AppCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppCategory>
    Application category ID list. The structure of app_category block is documented below.
    AppGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6AppGroup>
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Application>
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    CustomLogFields List<Pulumiverse.Fortios.Firewall.Inputs.Policy6CustomLogField>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    DecryptedTrafficMirror string
    Decrypted traffic mirror.
    Devices List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Device>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstaddr>
    Destination address and address group names. The structure of dstaddr block is documented below.
    Dstintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Dstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    FirewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6FssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GlobalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    Groups List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Group>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Label string
    Label for the policy that appears when the GUI is in Section View mode.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    Natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolnames List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Poolname>
    IP Pool names. The structure of poolname block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    ReplacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    Rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    Schedule string
    Schedule name.
    SendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Service>
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcaddr>
    Source address and address group names. The structure of srcaddr block is documented below.
    Srcintfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6Srcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    SslMirrorIntfs List<Pulumiverse.Fortios.Firewall.Inputs.Policy6SslMirrorIntf>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    TimeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    Tos string
    ToS (Type of Service) value used for comparison.
    TosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    TosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    TrafficShaper string
    Reverse traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories List<Pulumiverse.Fortios.Firewall.Inputs.Policy6UrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    Users List<Pulumiverse.Fortios.Firewall.Inputs.Policy6User>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanCosFwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanCosRev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanFilter string
    Set VLAN filters.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Web proxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    Action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    AntiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    AppCategories []Policy6AppCategoryArgs
    Application category ID list. The structure of app_category block is documented below.
    AppGroups []Policy6AppGroupArgs
    Application group names. The structure of app_group block is documented below.
    ApplicationList string
    Name of an existing Application list.
    Applications []Policy6ApplicationArgs
    Application ID list. The structure of application block is documented below.
    AutoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    AvProfile string
    Name of an existing Antivirus profile.
    CifsProfile string
    Name of an existing CIFS profile.
    Comments string
    Comment.
    CustomLogFields []Policy6CustomLogFieldArgs
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    DecryptedTrafficMirror string
    Decrypted traffic mirror.
    Devices []Policy6DeviceArgs
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    DiffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    DiffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    DiffservcodeForward string
    Change packet's DiffServ to this value.
    DiffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    DlpSensor string
    Name of an existing DLP sensor.
    DnsfilterProfile string
    Name of an existing DNS filter profile.
    Dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    DstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    Dstaddrs []Policy6DstaddrArgs
    Destination address and address group names. The structure of dstaddr block is documented below.
    Dstintfs []Policy6DstintfArgs
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmailfilterProfile string
    Name of an existing email filter profile.
    FirewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    Fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    FssoGroups []Policy6FssoGroupArgs
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GlobalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    Groups []Policy6GroupArgs
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    HttpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    IcapProfile string
    Name of an existing ICAP profile.
    Inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    InspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    Ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    IpsSensor string
    Name of an existing IPS sensor.
    Label string
    Label for the policy that appears when the GUI is in Section View mode.
    Logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    LogtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    Name string
    Policy name.
    Nat string
    Enable/disable source NAT. Valid values: enable, disable.
    Natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    Natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    Outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    PerIpShaper string
    Per-IP traffic shaper.
    Policyid int
    Policy ID.
    Poolnames []Policy6PoolnameArgs
    IP Pool names. The structure of poolname block is documented below.
    ProfileGroup string
    Name of profile group.
    ProfileProtocolOptions string
    Name of an existing Protocol options profile.
    ProfileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    ReplacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    Rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    Schedule string
    Schedule name.
    SendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    ServiceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    Services []Policy6ServiceArgs
    Service and service group names. The structure of service block is documented below.
    SessionTtl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    SpamfilterProfile string
    Name of an existing Spam filter profile.
    SrcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    Srcaddrs []Policy6SrcaddrArgs
    Source address and address group names. The structure of srcaddr block is documented below.
    Srcintfs []Policy6SrcintfArgs
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    SshFilterProfile string
    Name of an existing SSH filter profile.
    SshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    SslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    SslMirrorIntfs []Policy6SslMirrorIntfArgs
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    SslSshProfile string
    Name of an existing SSL SSH profile.
    Status string
    Enable or disable this policy. Valid values: enable, disable.
    TcpMssReceiver int
    Receiver TCP maximum segment size (MSS).
    TcpMssSender int
    Sender TCP maximum segment size (MSS).
    TcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    TimeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    Tos string
    ToS (Type of Service) value used for comparison.
    TosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    TosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    TrafficShaper string
    Reverse traffic shaper.
    TrafficShaperReverse string
    Reverse traffic shaper.
    UrlCategories []Policy6UrlCategoryArgs
    URL category ID list. The structure of url_category block is documented below.
    Users []Policy6UserArgs
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    UtmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanCosFwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanCosRev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    VlanFilter string
    Set VLAN filters.
    VoipProfile string
    Name of an existing VoIP profile.
    Vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    WafProfile string
    Name of an existing Web application firewall profile.
    Webcache string
    Enable/disable web cache. Valid values: enable, disable.
    WebcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    WebfilterProfile string
    Name of an existing Web filter profile.
    WebproxyForwardServer string
    Web proxy forward server name.
    WebproxyProfile string
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay String
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories List<Policy6AppCategory>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Policy6AppGroup>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Policy6Application>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    customLogFields List<Policy6CustomLogField>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror String
    Decrypted traffic mirror.
    devices List<Policy6Device>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dsri String
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<Policy6Dstaddr>
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Policy6Dstintf>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    firewallSessionDirty String
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Policy6FssoGroup>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel String
    Label for the policy that appears when the GUI is in Global View mode.
    groups List<Policy6Group>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    label String
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound String
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound String
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Integer
    Policy ID.
    poolnames List<Policy6Poolname>
    IP Pool names. The structure of poolname block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup String
    Override the default replacement message group for this policy.
    rsso String
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    schedule String
    Schedule name.
    sendDenyPacket String
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Policy6Service>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Integer
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<Policy6Srcaddr>
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Policy6Srcintf>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror String
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs List<Policy6SslMirrorIntf>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Integer
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Integer
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn String
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst String
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos String
    ToS (Type of Service) value used for comparison.
    tosMask String
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate String
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper String
    Reverse traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Policy6UrlCategory>
    URL category ID list. The structure of url_category block is documented below.
    users List<Policy6User>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd Integer
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev Integer
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter String
    Set VLAN filters.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Web proxy forward server name.
    webproxyProfile String
    Webproxy profile name.
    action string
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay string
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories Policy6AppCategory[]
    Application category ID list. The structure of app_category block is documented below.
    appGroups Policy6AppGroup[]
    Application group names. The structure of app_group block is documented below.
    applicationList string
    Name of an existing Application list.
    applications Policy6Application[]
    Application ID list. The structure of application block is documented below.
    autoAsicOffload string
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile string
    Name of an existing Antivirus profile.
    cifsProfile string
    Name of an existing CIFS profile.
    comments string
    Comment.
    customLogFields Policy6CustomLogField[]
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror string
    Decrypted traffic mirror.
    devices Policy6Device[]
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward string
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse string
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward string
    Change packet's DiffServ to this value.
    diffservcodeRev string
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor string
    Name of an existing DLP sensor.
    dnsfilterProfile string
    Name of an existing DNS filter profile.
    dsri string
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate string
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs Policy6Dstaddr[]
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs Policy6Dstintf[]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile string
    Name of an existing email filter profile.
    firewallSessionDirty string
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport string
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups Policy6FssoGroup[]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel string
    Label for the policy that appears when the GUI is in Global View mode.
    groups Policy6Group[]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect string
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile string
    Name of an existing ICAP profile.
    inbound string
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode string
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool string
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor string
    Name of an existing IPS sensor.
    label string
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic string
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart string
    Record logs when a session starts. Valid values: enable, disable.
    name string
    Policy name.
    nat string
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound string
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound string
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound string
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper string
    Per-IP traffic shaper.
    policyid number
    Policy ID.
    poolnames Policy6Poolname[]
    IP Pool names. The structure of poolname block is documented below.
    profileGroup string
    Name of profile group.
    profileProtocolOptions string
    Name of an existing Protocol options profile.
    profileType string
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup string
    Override the default replacement message group for this policy.
    rsso string
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    schedule string
    Schedule name.
    sendDenyPacket string
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate string
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Policy6Service[]
    Service and service group names. The structure of service block is documented below.
    sessionTtl number
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile string
    Name of an existing Spam filter profile.
    srcaddrNegate string
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs Policy6Srcaddr[]
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs Policy6Srcintf[]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile string
    Name of an existing SSH filter profile.
    sshPolicyRedirect string
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror string
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs Policy6SslMirrorIntf[]
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile string
    Name of an existing SSL SSH profile.
    status string
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender number
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn string
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst string
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos string
    ToS (Type of Service) value used for comparison.
    tosMask string
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate string
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper string
    Reverse traffic shaper.
    trafficShaperReverse string
    Reverse traffic shaper.
    urlCategories Policy6UrlCategory[]
    URL category ID list. The structure of url_category block is documented below.
    users Policy6User[]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus string
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd number
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev number
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter string
    Set VLAN filters.
    voipProfile string
    Name of an existing VoIP profile.
    vpntunnel string
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile string
    Name of an existing Web application firewall profile.
    webcache string
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps string
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile string
    Name of an existing Web filter profile.
    webproxyForwardServer string
    Web proxy forward server name.
    webproxyProfile string
    Webproxy profile name.
    action str
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    anti_replay str
    Enable/disable anti-replay check. Valid values: enable, disable.
    app_categories Sequence[Policy6AppCategoryArgs]
    Application category ID list. The structure of app_category block is documented below.
    app_groups Sequence[Policy6AppGroupArgs]
    Application group names. The structure of app_group block is documented below.
    application_list str
    Name of an existing Application list.
    applications Sequence[Policy6ApplicationArgs]
    Application ID list. The structure of application block is documented below.
    auto_asic_offload str
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    av_profile str
    Name of an existing Antivirus profile.
    cifs_profile str
    Name of an existing CIFS profile.
    comments str
    Comment.
    custom_log_fields Sequence[Policy6CustomLogFieldArgs]
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decrypted_traffic_mirror str
    Decrypted traffic mirror.
    devices Sequence[Policy6DeviceArgs]
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffserv_forward str
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffserv_reverse str
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcode_forward str
    Change packet's DiffServ to this value.
    diffservcode_rev str
    Change packet's reverse (reply) DiffServ to this value.
    dlp_sensor str
    Name of an existing DLP sensor.
    dnsfilter_profile str
    Name of an existing DNS filter profile.
    dsri str
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddr_negate str
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs Sequence[Policy6DstaddrArgs]
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs Sequence[Policy6DstintfArgs]
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilter_profile str
    Name of an existing email filter profile.
    firewall_session_dirty str
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport str
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fsso_groups Sequence[Policy6FssoGroupArgs]
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    global_label str
    Label for the policy that appears when the GUI is in Global View mode.
    groups Sequence[Policy6GroupArgs]
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    http_policy_redirect str
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icap_profile str
    Name of an existing ICAP profile.
    inbound str
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspection_mode str
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool str
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ips_sensor str
    Name of an existing IPS sensor.
    label str
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic str
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtraffic_start str
    Record logs when a session starts. Valid values: enable, disable.
    name str
    Policy name.
    nat str
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound str
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound str
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound str
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    per_ip_shaper str
    Per-IP traffic shaper.
    policyid int
    Policy ID.
    poolnames Sequence[Policy6PoolnameArgs]
    IP Pool names. The structure of poolname block is documented below.
    profile_group str
    Name of profile group.
    profile_protocol_options str
    Name of an existing Protocol options profile.
    profile_type str
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsg_override_group str
    Override the default replacement message group for this policy.
    rsso str
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    schedule str
    Schedule name.
    send_deny_packet str
    Enable/disable return of deny-packet. Valid values: enable, disable.
    service_negate str
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services Sequence[Policy6ServiceArgs]
    Service and service group names. The structure of service block is documented below.
    session_ttl int
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilter_profile str
    Name of an existing Spam filter profile.
    srcaddr_negate str
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs Sequence[Policy6SrcaddrArgs]
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs Sequence[Policy6SrcintfArgs]
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    ssh_filter_profile str
    Name of an existing SSH filter profile.
    ssh_policy_redirect str
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    ssl_mirror str
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    ssl_mirror_intfs Sequence[Policy6SslMirrorIntfArgs]
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    ssl_ssh_profile str
    Name of an existing SSL SSH profile.
    status str
    Enable or disable this policy. Valid values: enable, disable.
    tcp_mss_receiver int
    Receiver TCP maximum segment size (MSS).
    tcp_mss_sender int
    Sender TCP maximum segment size (MSS).
    tcp_session_without_syn str
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeout_send_rst str
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos str
    ToS (Type of Service) value used for comparison.
    tos_mask str
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tos_negate str
    Enable negated TOS match. Valid values: enable, disable.
    traffic_shaper str
    Reverse traffic shaper.
    traffic_shaper_reverse str
    Reverse traffic shaper.
    url_categories Sequence[Policy6UrlCategoryArgs]
    URL category ID list. The structure of url_category block is documented below.
    users Sequence[Policy6UserArgs]
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utm_status str
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlan_cos_fwd int
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlan_cos_rev int
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlan_filter str
    Set VLAN filters.
    voip_profile str
    Name of an existing VoIP profile.
    vpntunnel str
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    waf_profile str
    Name of an existing Web application firewall profile.
    webcache str
    Enable/disable web cache. Valid values: enable, disable.
    webcache_https str
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilter_profile str
    Name of an existing Web filter profile.
    webproxy_forward_server str
    Web proxy forward server name.
    webproxy_profile str
    Webproxy profile name.
    action String
    Policy action (allow/deny/ipsec). Valid values: accept, deny, ipsec.
    antiReplay String
    Enable/disable anti-replay check. Valid values: enable, disable.
    appCategories List<Property Map>
    Application category ID list. The structure of app_category block is documented below.
    appGroups List<Property Map>
    Application group names. The structure of app_group block is documented below.
    applicationList String
    Name of an existing Application list.
    applications List<Property Map>
    Application ID list. The structure of application block is documented below.
    autoAsicOffload String
    Enable/disable policy traffic ASIC offloading. Valid values: enable, disable.
    avProfile String
    Name of an existing Antivirus profile.
    cifsProfile String
    Name of an existing CIFS profile.
    comments String
    Comment.
    customLogFields List<Property Map>
    Log field index numbers to append custom log fields to log messages for this policy. The structure of custom_log_fields block is documented below.
    decryptedTrafficMirror String
    Decrypted traffic mirror.
    devices List<Property Map>
    Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
    diffservForward String
    Enable to change packet's DiffServ values to the specified diffservcode-forward value. Valid values: enable, disable.
    diffservReverse String
    Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. Valid values: enable, disable.
    diffservcodeForward String
    Change packet's DiffServ to this value.
    diffservcodeRev String
    Change packet's reverse (reply) DiffServ to this value.
    dlpSensor String
    Name of an existing DLP sensor.
    dnsfilterProfile String
    Name of an existing DNS filter profile.
    dsri String
    Enable DSRI to ignore HTTP server responses. Valid values: enable, disable.
    dstaddrNegate String
    When enabled dstaddr specifies what the destination address must NOT be. Valid values: enable, disable.
    dstaddrs List<Property Map>
    Destination address and address group names. The structure of dstaddr block is documented below.
    dstintfs List<Property Map>
    Outgoing (egress) interface. The structure of dstintf block is documented below.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    emailfilterProfile String
    Name of an existing email filter profile.
    firewallSessionDirty String
    How to handle sessions if the configuration of this firewall policy changes. Valid values: check-all, check-new.
    fixedport String
    Enable to prevent source NAT from changing a session's source port. Valid values: enable, disable.
    fssoGroups List<Property Map>
    Names of FSSO groups. The structure of fsso_groups block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    globalLabel String
    Label for the policy that appears when the GUI is in Global View mode.
    groups List<Property Map>
    Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
    httpPolicyRedirect String
    Redirect HTTP(S) traffic to matching transparent web proxy policy. Valid values: enable, disable.
    icapProfile String
    Name of an existing ICAP profile.
    inbound String
    Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. Valid values: enable, disable.
    inspectionMode String
    Policy inspection mode (Flow/proxy). Default is Flow mode. Valid values: proxy, flow.
    ippool String
    Enable to use IP Pools for source NAT. Valid values: enable, disable.
    ipsSensor String
    Name of an existing IPS sensor.
    label String
    Label for the policy that appears when the GUI is in Section View mode.
    logtraffic String
    Enable or disable logging. Log all sessions or security profile sessions. Valid values: all, utm, disable.
    logtrafficStart String
    Record logs when a session starts. Valid values: enable, disable.
    name String
    Policy name.
    nat String
    Enable/disable source NAT. Valid values: enable, disable.
    natinbound String
    Policy-based IPsec VPN: apply destination NAT to inbound traffic. Valid values: enable, disable.
    natoutbound String
    Policy-based IPsec VPN: apply source NAT to outbound traffic. Valid values: enable, disable.
    outbound String
    Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. Valid values: enable, disable.
    perIpShaper String
    Per-IP traffic shaper.
    policyid Number
    Policy ID.
    poolnames List<Property Map>
    IP Pool names. The structure of poolname block is documented below.
    profileGroup String
    Name of profile group.
    profileProtocolOptions String
    Name of an existing Protocol options profile.
    profileType String
    Determine whether the firewall policy allows security profile groups or single profiles only. Valid values: single, group.
    replacemsgOverrideGroup String
    Override the default replacement message group for this policy.
    rsso String
    Enable/disable RADIUS single sign-on (RSSO). Valid values: enable, disable.
    schedule String
    Schedule name.
    sendDenyPacket String
    Enable/disable return of deny-packet. Valid values: enable, disable.
    serviceNegate String
    When enabled service specifies what the service must NOT be. Valid values: enable, disable.
    services List<Property Map>
    Service and service group names. The structure of service block is documented below.
    sessionTtl Number
    Session TTL in seconds for sessions accepted by this policy. 0 means use the system default session TTL.
    spamfilterProfile String
    Name of an existing Spam filter profile.
    srcaddrNegate String
    When enabled srcaddr specifies what the source address must NOT be. Valid values: enable, disable.
    srcaddrs List<Property Map>
    Source address and address group names. The structure of srcaddr block is documented below.
    srcintfs List<Property Map>
    Incoming (ingress) interface. The structure of srcintf block is documented below.
    sshFilterProfile String
    Name of an existing SSH filter profile.
    sshPolicyRedirect String
    Redirect SSH traffic to matching transparent proxy policy. Valid values: enable, disable.
    sslMirror String
    Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring). Valid values: enable, disable.
    sslMirrorIntfs List<Property Map>
    SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
    sslSshProfile String
    Name of an existing SSL SSH profile.
    status String
    Enable or disable this policy. Valid values: enable, disable.
    tcpMssReceiver Number
    Receiver TCP maximum segment size (MSS).
    tcpMssSender Number
    Sender TCP maximum segment size (MSS).
    tcpSessionWithoutSyn String
    Enable/disable creation of TCP session without SYN flag. Valid values: all, data-only, disable.
    timeoutSendRst String
    Enable/disable sending RST packets when TCP sessions expire. Valid values: enable, disable.
    tos String
    ToS (Type of Service) value used for comparison.
    tosMask String
    Non-zero bit positions are used for comparison while zero bit positions are ignored.
    tosNegate String
    Enable negated TOS match. Valid values: enable, disable.
    trafficShaper String
    Reverse traffic shaper.
    trafficShaperReverse String
    Reverse traffic shaper.
    urlCategories List<Property Map>
    URL category ID list. The structure of url_category block is documented below.
    users List<Property Map>
    Names of individual users that can authenticate with this policy. The structure of users block is documented below.
    utmStatus String
    Enable AV/web/ips protection profile. Valid values: enable, disable.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanCosFwd Number
    VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanCosRev Number
    VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest
    vlanFilter String
    Set VLAN filters.
    voipProfile String
    Name of an existing VoIP profile.
    vpntunnel String
    Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
    wafProfile String
    Name of an existing Web application firewall profile.
    webcache String
    Enable/disable web cache. Valid values: enable, disable.
    webcacheHttps String
    Enable/disable web cache for HTTPS. Valid values: disable, enable.
    webfilterProfile String
    Name of an existing Web filter profile.
    webproxyForwardServer String
    Web proxy forward server name.
    webproxyProfile String
    Webproxy profile name.

    Supporting Types

    Policy6AppCategory, Policy6AppCategoryArgs

    Id int
    Category IDs.
    Id int
    Category IDs.
    id Integer
    Category IDs.
    id number
    Category IDs.
    id int
    Category IDs.
    id Number
    Category IDs.

    Policy6AppGroup, Policy6AppGroupArgs

    Name string
    Application group names.
    Name string
    Application group names.
    name String
    Application group names.
    name string
    Application group names.
    name str
    Application group names.
    name String
    Application group names.

    Policy6Application, Policy6ApplicationArgs

    Id int
    Application IDs.
    Id int
    Application IDs.
    id Integer
    Application IDs.
    id number
    Application IDs.
    id int
    Application IDs.
    id Number
    Application IDs.

    Policy6CustomLogField, Policy6CustomLogFieldArgs

    FieldId string
    Custom log field.
    FieldId string
    Custom log field.
    fieldId String
    Custom log field.
    fieldId string
    Custom log field.
    field_id str
    Custom log field.
    fieldId String
    Custom log field.

    Policy6Device, Policy6DeviceArgs

    Name string
    Device or group name.
    Name string
    Device or group name.
    name String
    Device or group name.
    name string
    Device or group name.
    name str
    Device or group name.
    name String
    Device or group name.

    Policy6Dstaddr, Policy6DstaddrArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    Policy6Dstintf, Policy6DstintfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    Policy6FssoGroup, Policy6FssoGroupArgs

    Name string
    Names of FSSO groups.
    Name string
    Names of FSSO groups.
    name String
    Names of FSSO groups.
    name string
    Names of FSSO groups.
    name str
    Names of FSSO groups.
    name String
    Names of FSSO groups.

    Policy6Group, Policy6GroupArgs

    Name string
    Group name.
    Name string
    Group name.
    name String
    Group name.
    name string
    Group name.
    name str
    Group name.
    name String
    Group name.

    Policy6Poolname, Policy6PoolnameArgs

    Name string
    IP pool name.
    Name string
    IP pool name.
    name String
    IP pool name.
    name string
    IP pool name.
    name str
    IP pool name.
    name String
    IP pool name.

    Policy6Service, Policy6ServiceArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    Policy6Srcaddr, Policy6SrcaddrArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    Policy6Srcintf, Policy6SrcintfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    Policy6SslMirrorIntf, Policy6SslMirrorIntfArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    Policy6UrlCategory, Policy6UrlCategoryArgs

    Id int
    URL category ID.
    Id int
    URL category ID.
    id Integer
    URL category ID.
    id number
    URL category ID.
    id int
    URL category ID.
    id Number
    URL category ID.

    Policy6User, Policy6UserArgs

    Name string
    Names of individual users that can authenticate with this policy.
    Name string
    Names of individual users that can authenticate with this policy.
    name String
    Names of individual users that can authenticate with this policy.
    name string
    Names of individual users that can authenticate with this policy.
    name str
    Names of individual users that can authenticate with this policy.
    name String
    Names of individual users that can authenticate with this policy.

    Import

    Firewall Policy6 can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/policy6:Policy6 labelname {{policyid}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse