Fortios v0.0.6, Jul 9 24

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.getPolicy

Explore with Pulumi AI

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

Using getPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPolicy(args: GetPolicyArgs, opts?: InvokeOptions): Promise<GetPolicyResult>
function getPolicyOutput(args: GetPolicyOutputArgs, opts?: InvokeOptions): Output<GetPolicyResult>

def get_policy(policyid: Optional[int] = None,
               vdomparam: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetPolicyResult
def get_policy_output(policyid: Optional[pulumi.Input[int]] = None,
               vdomparam: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetPolicyResult]

func LookupPolicy(ctx *Context, args *LookupPolicyArgs, opts ...InvokeOption) (*LookupPolicyResult, error)
func LookupPolicyOutput(ctx *Context, args *LookupPolicyOutputArgs, opts ...InvokeOption) LookupPolicyResultOutput

> Note: This function is named LookupPolicy in the Go SDK.

public static class GetPolicy 
{
    public static Task<GetPolicyResult> InvokeAsync(GetPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetPolicyResult> Invoke(GetPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPolicyResult> getPolicy(GetPolicyArgs args, InvokeOptions options)
public static Output<GetPolicyResult> getPolicy(GetPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: fortios:firewall/getPolicy:getPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Policyid int: Specify the policyid of the desired firewall policy.
Vdomparam string: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

Policyid int: Specify the policyid of the desired firewall policy.
Vdomparam string: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

policyid Integer: Specify the policyid of the desired firewall policy.
vdomparam String: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

policyid number: Specify the policyid of the desired firewall policy.
vdomparam string: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

policyid int: Specify the policyid of the desired firewall policy.
vdomparam str: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

policyid Number: Specify the policyid of the desired firewall policy.
vdomparam String: Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

getPolicy Result

The following output properties are available:

Action string: Policy action (allow/deny/ipsec).
AntiReplay string: Enable/disable anti-replay check.
AppCategories List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
AppGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyAppGroup>: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyApplication>: Application ID list. The structure of application block is documented below.
AuthCert string: HTTPS server certificate for policy authentication.
AuthPath string: Enable/disable authentication-based routing.
AuthRedirectAddr string: HTTP-to-HTTPS redirect address for firewall authentication.
AutoAsicOffload string: Enable/disable policy traffic ASIC offloading.
AvProfile string: Name of an existing Antivirus profile.
BlockNotification string: Enable/disable block notification.
CaptivePortalExempt string: Enable to exempt some users from the captive portal.
CapturePacket string: Enable/disable capture packets.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
CustomLogFields List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyCustomLogField>: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string: Decrypted traffic mirror.
DelayTcpNpuSession string: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
Devices List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyDevice>: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DiffservCopy string: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
DiffservForward string: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
DiffservReverse string: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
DiffservcodeForward string: Change packet's DiffServ to this value.
DiffservcodeRev string: Change packet's reverse (reply) DiffServ to this value.
Disclaimer string: Enable/disable user authentication disclaimer.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dsri string: Enable DSRI to ignore HTTP server responses.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be.
Dstaddr6s List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr specifies what the destination address must NOT be.
Dstaddrs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyDstaddr>: Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicShaping string: Enable/disable dynamic RADIUS defined traffic shaping.
EmailCollect string: Enable/disable email collection.
EmailfilterProfile string: Name of an existing email filter profile.
Fec string: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
FileFilterProfile string: Name of an existing file-filter profile.
FirewallSessionDirty string: How to handle sessions if the configuration of this firewall policy changes.
Fixedport string: Enable to prevent source NAT from changing a session's source port.
Fsso string: Enable/disable Fortinet Single Sign-On.
FssoAgentForNtlm string: FSSO agent to use for NTLM authentication.
FssoGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
GeoipAnycast string: Enable/disable recognition of anycast IP addresses using the geography IP database.
GeoipMatch string: Match geography address based either on its physical location or registered location.
GlobalLabel string: Label for the policy that appears when the GUI is in Global View mode.
Groups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string: Redirect HTTP(S) traffic to matching transparent web proxy policy.
IcapProfile string: Name of an existing ICAP profile.
Id string: The provider-assigned unique ID for this managed resource.
IdentityBasedRoute string: Name of identity-based routing rule.
Inbound string: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
InspectionMode string: Policy inspection mode (Flow/proxy). Default is Flow mode.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
InternetService6CustomGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6CustomGroup>: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
InternetService6SrcCustomGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be.
InternetServiceCustomGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
InternetServiceSrcCustomGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be.
Ippool string: Enable to use IP Pools for source NAT.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
Label string: Label for the policy that appears when the GUI is in Section View mode.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions.
LogtrafficStart string: Record logs when a session starts.
MatchVip string: Enable to match packets that have had their destination addresses changed by a VIP.
MatchVipOnly string: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
Name string: Mirror Interface name.
Nat string: Enable/disable source NAT.
Nat46 string: Enable/disable NAT46.
Nat64 string: Enable/disable NAT64.
Natinbound string: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
Natip string: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
Natoutbound string: Policy-based IPsec VPN: apply source NAT to outbound traffic.
NetworkServiceDynamics List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyNetworkServiceDynamic>: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
NetworkServiceSrcDynamics List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyNetworkServiceSrcDynamic>: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
NpAcceleration string: Enable/disable UTM Network Processor acceleration.
Ntlm string: Enable/disable NTLM authentication.
NtlmEnabledBrowsers List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyNtlmEnabledBrowser>: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
NtlmGuest string: Enable/disable NTLM guest user access.
Outbound string: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
PassiveWanHealthMeasurement string: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
PcpInbound string: Enable/disable PCP inbound DNAT.
PcpOutbound string: Enable/disable PCP outbound SNAT.
PcpPoolnames List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyPcpPoolname>: PCP pool names. The structure of pcp_poolname block is documented below.
PerIpShaper string: Per-IP traffic shaper.
PermitAnyHost string: Accept UDP packets from any host.
PermitStunHost string: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
PolicyExpiry string: Enable/disable policy expiry.
PolicyExpiryDate string: Policy expiry date (YYYY-MM-DD HH:MM:SS).
PolicyExpiryDateUtc string: Policy expiry date and time, in epoch format.
Policyid int: Policy ID.
Poolname6s List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyPoolname6>: IPv6 pool names. The structure of poolname6 block is documented below.
Poolnames List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyPoolname>: IP Pool names. The structure of poolname block is documented below.
PortPreserve string: Enable/disable preservation of the original source port from source NAT if it has not been used.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only.
RadiusMacAuthBypass string: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
RedirectUrl string: URL users are directed to after seeing and accepting the disclaimer or authenticating.
ReplacemsgOverrideGroup string: Override the default replacement message group for this policy.
ReputationDirection string: Direction of the initial traffic for reputation to take effect.
ReputationDirection6 string: Direction of the initial traffic for IPv6 reputation to take effect.
ReputationMinimum int: Minimum Reputation to take action.
ReputationMinimum6 int: IPv6 Minimum Reputation to take action.
Rsso string: Enable/disable RADIUS single sign-on (RSSO).
RtpAddrs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyRtpAddr>: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
RtpNat string: Enable Real Time Protocol (RTP) NAT.
ScanBotnetConnections string: Block or monitor connections to Botnet servers or disable Botnet scanning.
Schedule string: Schedule name.
ScheduleTimeout string: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy.
ServiceNegate string: When enabled service specifies what the service must NOT be.
Services List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyService>: Service and service group names. The structure of service block is documented below.
SessionTtl int: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
SgtCheck string: Enable/disable security group tags (SGT) check.
Sgts List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySgt>: Security group tags. The structure of sgt block is documented below.
SpamfilterProfile string: Name of an existing Spam filter profile.
SrcVendorMacs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySrcVendorMac>: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be.
Srcaddr6s List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr specifies what the source address must NOT be.
Srcaddrs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySrcaddr>: Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SshPolicyRedirect string: Redirect SSH traffic to matching transparent proxy policy.
SslMirror string: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
SslMirrorIntfs List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicySslMirrorIntf>: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy.
TcpMssReceiver int: Receiver TCP maximum segment size (MSS).
TcpMssSender int: Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string: Enable/disable creation of TCP session without SYN flag.
TimeoutSendRst string: Enable/disable sending RST packets when TCP sessions expire.
Tos string: ToS (Type of Service) value used for comparison.
TosMask string: Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string: Enable negated TOS match.
TrafficShaper string: Traffic shaper.
TrafficShaperReverse string: Reverse traffic shaper.
UrlCategories List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyUrlCategory>: URL category ID list. The structure of url_category block is documented below.
Users List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VlanCosFwd int: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
VlanCosRev int: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
VlanFilter string: Set VLAN filters.
VoipProfile string: Name of an existing VoIP profile.
Vpntunnel string: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string: Name of an existing Web application firewall profile.
Wanopt string: Enable/disable WAN optimization.
WanoptDetection string: WAN optimization auto-detection mode.
WanoptPassiveOpt string: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
WanoptPeer string: WAN optimization peer.
WanoptProfile string: WAN optimization profile.
Wccp string: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
Webcache string: Enable/disable web cache.
WebcacheHttps string: Enable/disable web cache for HTTPS.
WebfilterProfile string: Name of an existing Web filter profile.
WebproxyForwardServer string: Web proxy forward server name.
WebproxyProfile string: Webproxy profile name.
Wsso string: Enable/disable WiFi Single Sign On (WSSO).
ZtnaDeviceOwnership string: Enable/disable zero trust device ownership.
ZtnaEmsTagSecondaries List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyZtnaEmsTagSecondary>: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ZtnaEmsTags List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyZtnaEmsTag>: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ZtnaGeoTags List<Pulumiverse.Fortios.Firewall.Outputs.GetPolicyZtnaGeoTag>: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ZtnaPolicyRedirect string: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ZtnaStatus string: Enable/disable zero trust access.
ZtnaTagsMatchLogic string: ZTNA tag matching logic.
Vdomparam string

Action string: Policy action (allow/deny/ipsec).
AntiReplay string: Enable/disable anti-replay check.
AppCategories []GetPolicyAppCategory: Application category ID list. The structure of app_category block is documented below.
AppGroups []GetPolicyAppGroup: Application group names. The structure of app_group block is documented below.
ApplicationList string: Name of an existing Application list.
Applications []GetPolicyApplication: Application ID list. The structure of application block is documented below.
AuthCert string: HTTPS server certificate for policy authentication.
AuthPath string: Enable/disable authentication-based routing.
AuthRedirectAddr string: HTTP-to-HTTPS redirect address for firewall authentication.
AutoAsicOffload string: Enable/disable policy traffic ASIC offloading.
AvProfile string: Name of an existing Antivirus profile.
BlockNotification string: Enable/disable block notification.
CaptivePortalExempt string: Enable to exempt some users from the captive portal.
CapturePacket string: Enable/disable capture packets.
CasbProfile string: Name of an existing CASB profile.
CifsProfile string: Name of an existing CIFS profile.
Comments string: Comment.
CustomLogFields []GetPolicyCustomLogField: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
DecryptedTrafficMirror string: Decrypted traffic mirror.
DelayTcpNpuSession string: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
Devices []GetPolicyDevice: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
DiameterFilterProfile string: Name of an existing Diameter filter profile.
DiffservCopy string: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
DiffservForward string: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
DiffservReverse string: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
DiffservcodeForward string: Change packet's DiffServ to this value.
DiffservcodeRev string: Change packet's reverse (reply) DiffServ to this value.
Disclaimer string: Enable/disable user authentication disclaimer.
DlpProfile string: Name of an existing DLP profile.
DlpSensor string: Name of an existing DLP sensor.
DnsfilterProfile string: Name of an existing DNS filter profile.
Dsri string: Enable DSRI to ignore HTTP server responses.
Dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be.
Dstaddr6s []GetPolicyDstaddr6: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
DstaddrNegate string: When enabled dstaddr specifies what the destination address must NOT be.
Dstaddrs []GetPolicyDstaddr: Destination address and address group names. The structure of dstaddr block is documented below.
Dstintfs []GetPolicyDstintf: Outgoing (egress) interface. The structure of dstintf block is documented below.
DynamicShaping string: Enable/disable dynamic RADIUS defined traffic shaping.
EmailCollect string: Enable/disable email collection.
EmailfilterProfile string: Name of an existing email filter profile.
Fec string: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
FileFilterProfile string: Name of an existing file-filter profile.
FirewallSessionDirty string: How to handle sessions if the configuration of this firewall policy changes.
Fixedport string: Enable to prevent source NAT from changing a session's source port.
Fsso string: Enable/disable Fortinet Single Sign-On.
FssoAgentForNtlm string: FSSO agent to use for NTLM authentication.
FssoGroups []GetPolicyFssoGroup: Names of FSSO groups. The structure of fsso_groups block is documented below.
GeoipAnycast string: Enable/disable recognition of anycast IP addresses using the geography IP database.
GeoipMatch string: Match geography address based either on its physical location or registered location.
GlobalLabel string: Label for the policy that appears when the GUI is in Global View mode.
Groups []GetPolicyGroup: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
HttpPolicyRedirect string: Redirect HTTP(S) traffic to matching transparent web proxy policy.
IcapProfile string: Name of an existing ICAP profile.
Id string: The provider-assigned unique ID for this managed resource.
IdentityBasedRoute string: Name of identity-based routing rule.
Inbound string: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
InspectionMode string: Policy inspection mode (Flow/proxy). Default is Flow mode.
InternetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
InternetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
InternetService6CustomGroups []GetPolicyInternetService6CustomGroup: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
InternetService6Customs []GetPolicyInternetService6Custom: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
InternetService6Groups []GetPolicyInternetService6Group: Internet Service group name. The structure of internet_service6_group block is documented below.
InternetService6Names []GetPolicyInternetService6Name: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
InternetService6Negate string: When enabled internet-service6 specifies what the service must NOT be.
InternetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
InternetService6SrcCustomGroups []GetPolicyInternetService6SrcCustomGroup: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
InternetService6SrcCustoms []GetPolicyInternetService6SrcCustom: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
InternetService6SrcGroups []GetPolicyInternetService6SrcGroup: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
InternetService6SrcNames []GetPolicyInternetService6SrcName: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
InternetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be.
InternetServiceCustomGroups []GetPolicyInternetServiceCustomGroup: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
InternetServiceCustoms []GetPolicyInternetServiceCustom: Custom Internet Service name. The structure of internet_service_custom block is documented below.
InternetServiceGroups []GetPolicyInternetServiceGroup: Internet Service group name. The structure of internet_service_group block is documented below.
InternetServiceIds []GetPolicyInternetServiceId: Internet Service ID. The structure of internet_service_id block is documented below.
InternetServiceNames []GetPolicyInternetServiceName: Internet Service name. The structure of internet_service_name block is documented below.
InternetServiceNegate string: When enabled internet-service specifies what the service must NOT be.
InternetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
InternetServiceSrcCustomGroups []GetPolicyInternetServiceSrcCustomGroup: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
InternetServiceSrcCustoms []GetPolicyInternetServiceSrcCustom: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
InternetServiceSrcGroups []GetPolicyInternetServiceSrcGroup: Internet Service source group name. The structure of internet_service_src_group block is documented below.
InternetServiceSrcIds []GetPolicyInternetServiceSrcId: Internet Service source ID. The structure of internet_service_src_id block is documented below.
InternetServiceSrcNames []GetPolicyInternetServiceSrcName: Internet Service source name. The structure of internet_service_src_name block is documented below.
InternetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be.
Ippool string: Enable to use IP Pools for source NAT.
IpsSensor string: Name of an existing IPS sensor.
IpsVoipFilter string: Name of an existing VoIP (ips) profile.
Label string: Label for the policy that appears when the GUI is in Section View mode.
LearningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
Logtraffic string: Enable or disable logging. Log all sessions or security profile sessions.
LogtrafficStart string: Record logs when a session starts.
MatchVip string: Enable to match packets that have had their destination addresses changed by a VIP.
MatchVipOnly string: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
Name string: Mirror Interface name.
Nat string: Enable/disable source NAT.
Nat46 string: Enable/disable NAT46.
Nat64 string: Enable/disable NAT64.
Natinbound string: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
Natip string: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
Natoutbound string: Policy-based IPsec VPN: apply source NAT to outbound traffic.
NetworkServiceDynamics []GetPolicyNetworkServiceDynamic: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
NetworkServiceSrcDynamics []GetPolicyNetworkServiceSrcDynamic: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
NpAcceleration string: Enable/disable UTM Network Processor acceleration.
Ntlm string: Enable/disable NTLM authentication.
NtlmEnabledBrowsers []GetPolicyNtlmEnabledBrowser: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
NtlmGuest string: Enable/disable NTLM guest user access.
Outbound string: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
PassiveWanHealthMeasurement string: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
PcpInbound string: Enable/disable PCP inbound DNAT.
PcpOutbound string: Enable/disable PCP outbound SNAT.
PcpPoolnames []GetPolicyPcpPoolname: PCP pool names. The structure of pcp_poolname block is documented below.
PerIpShaper string: Per-IP traffic shaper.
PermitAnyHost string: Accept UDP packets from any host.
PermitStunHost string: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
PolicyExpiry string: Enable/disable policy expiry.
PolicyExpiryDate string: Policy expiry date (YYYY-MM-DD HH:MM:SS).
PolicyExpiryDateUtc string: Policy expiry date and time, in epoch format.
Policyid int: Policy ID.
Poolname6s []GetPolicyPoolname6: IPv6 pool names. The structure of poolname6 block is documented below.
Poolnames []GetPolicyPoolname: IP Pool names. The structure of poolname block is documented below.
PortPreserve string: Enable/disable preservation of the original source port from source NAT if it has not been used.
ProfileGroup string: Name of profile group.
ProfileProtocolOptions string: Name of an existing Protocol options profile.
ProfileType string: Determine whether the firewall policy allows security profile groups or single profiles only.
RadiusMacAuthBypass string: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
RedirectUrl string: URL users are directed to after seeing and accepting the disclaimer or authenticating.
ReplacemsgOverrideGroup string: Override the default replacement message group for this policy.
ReputationDirection string: Direction of the initial traffic for reputation to take effect.
ReputationDirection6 string: Direction of the initial traffic for IPv6 reputation to take effect.
ReputationMinimum int: Minimum Reputation to take action.
ReputationMinimum6 int: IPv6 Minimum Reputation to take action.
Rsso string: Enable/disable RADIUS single sign-on (RSSO).
RtpAddrs []GetPolicyRtpAddr: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
RtpNat string: Enable Real Time Protocol (RTP) NAT.
ScanBotnetConnections string: Block or monitor connections to Botnet servers or disable Botnet scanning.
Schedule string: Schedule name.
ScheduleTimeout string: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
SctpFilterProfile string: Name of an existing SCTP filter profile.
SendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy.
ServiceNegate string: When enabled service specifies what the service must NOT be.
Services []GetPolicyService: Service and service group names. The structure of service block is documented below.
SessionTtl int: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
SgtCheck string: Enable/disable security group tags (SGT) check.
Sgts []GetPolicySgt: Security group tags. The structure of sgt block is documented below.
SpamfilterProfile string: Name of an existing Spam filter profile.
SrcVendorMacs []GetPolicySrcVendorMac: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
Srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be.
Srcaddr6s []GetPolicySrcaddr6: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
SrcaddrNegate string: When enabled srcaddr specifies what the source address must NOT be.
Srcaddrs []GetPolicySrcaddr: Source address and address group names. The structure of srcaddr block is documented below.
Srcintfs []GetPolicySrcintf: Incoming (ingress) interface. The structure of srcintf block is documented below.
SshFilterProfile string: Name of an existing SSH filter profile.
SshPolicyRedirect string: Redirect SSH traffic to matching transparent proxy policy.
SslMirror string: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
SslMirrorIntfs []GetPolicySslMirrorIntf: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
SslSshProfile string: Name of an existing SSL SSH profile.
Status string: Enable or disable this policy.
TcpMssReceiver int: Receiver TCP maximum segment size (MSS).
TcpMssSender int: Sender TCP maximum segment size (MSS).
TcpSessionWithoutSyn string: Enable/disable creation of TCP session without SYN flag.
TimeoutSendRst string: Enable/disable sending RST packets when TCP sessions expire.
Tos string: ToS (Type of Service) value used for comparison.
TosMask string: Non-zero bit positions are used for comparison while zero bit positions are ignored.
TosNegate string: Enable negated TOS match.
TrafficShaper string: Traffic shaper.
TrafficShaperReverse string: Reverse traffic shaper.
UrlCategories []GetPolicyUrlCategory: URL category ID list. The structure of url_category block is documented below.
Users []GetPolicyUser: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
UtmStatus string: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
Uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
VideofilterProfile string: Name of an existing VideoFilter profile.
VirtualPatchProfile string: Name of an existing virtual-patch profile.
VlanCosFwd int: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
VlanCosRev int: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
VlanFilter string: Set VLAN filters.
VoipProfile string: Name of an existing VoIP profile.
Vpntunnel string: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
WafProfile string: Name of an existing Web application firewall profile.
Wanopt string: Enable/disable WAN optimization.
WanoptDetection string: WAN optimization auto-detection mode.
WanoptPassiveOpt string: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
WanoptPeer string: WAN optimization peer.
WanoptProfile string: WAN optimization profile.
Wccp string: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
Webcache string: Enable/disable web cache.
WebcacheHttps string: Enable/disable web cache for HTTPS.
WebfilterProfile string: Name of an existing Web filter profile.
WebproxyForwardServer string: Web proxy forward server name.
WebproxyProfile string: Webproxy profile name.
Wsso string: Enable/disable WiFi Single Sign On (WSSO).
ZtnaDeviceOwnership string: Enable/disable zero trust device ownership.
ZtnaEmsTagSecondaries []GetPolicyZtnaEmsTagSecondary: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ZtnaEmsTags []GetPolicyZtnaEmsTag: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ZtnaGeoTags []GetPolicyZtnaGeoTag: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ZtnaPolicyRedirect string: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ZtnaStatus string: Enable/disable zero trust access.
ZtnaTagsMatchLogic string: ZTNA tag matching logic.
Vdomparam string

action String: Policy action (allow/deny/ipsec).
antiReplay String: Enable/disable anti-replay check.
appCategories List<GetPolicyAppCategory>: Application category ID list. The structure of app_category block is documented below.
appGroups List<GetPolicyAppGroup>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<GetPolicyApplication>: Application ID list. The structure of application block is documented below.
authCert String: HTTPS server certificate for policy authentication.
authPath String: Enable/disable authentication-based routing.
authRedirectAddr String: HTTP-to-HTTPS redirect address for firewall authentication.
autoAsicOffload String: Enable/disable policy traffic ASIC offloading.
avProfile String: Name of an existing Antivirus profile.
blockNotification String: Enable/disable block notification.
captivePortalExempt String: Enable to exempt some users from the captive portal.
capturePacket String: Enable/disable capture packets.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
customLogFields List<GetPolicyCustomLogField>: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String: Decrypted traffic mirror.
delayTcpNpuSession String: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
devices List<GetPolicyDevice>: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diameterFilterProfile String: Name of an existing Diameter filter profile.
diffservCopy String: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
diffservForward String: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
diffservReverse String: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
diffservcodeForward String: Change packet's DiffServ to this value.
diffservcodeRev String: Change packet's reverse (reply) DiffServ to this value.
disclaimer String: Enable/disable user authentication disclaimer.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dsri String: Enable DSRI to ignore HTTP server responses.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be.
dstaddr6s List<GetPolicyDstaddr6>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr specifies what the destination address must NOT be.
dstaddrs List<GetPolicyDstaddr>: Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs List<GetPolicyDstintf>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicShaping String: Enable/disable dynamic RADIUS defined traffic shaping.
emailCollect String: Enable/disable email collection.
emailfilterProfile String: Name of an existing email filter profile.
fec String: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
fileFilterProfile String: Name of an existing file-filter profile.
firewallSessionDirty String: How to handle sessions if the configuration of this firewall policy changes.
fixedport String: Enable to prevent source NAT from changing a session's source port.
fsso String: Enable/disable Fortinet Single Sign-On.
fssoAgentForNtlm String: FSSO agent to use for NTLM authentication.
fssoGroups List<GetPolicyFssoGroup>: Names of FSSO groups. The structure of fsso_groups block is documented below.
geoipAnycast String: Enable/disable recognition of anycast IP addresses using the geography IP database.
geoipMatch String: Match geography address based either on its physical location or registered location.
globalLabel String: Label for the policy that appears when the GUI is in Global View mode.
groups List<GetPolicyGroup>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String: Redirect HTTP(S) traffic to matching transparent web proxy policy.
icapProfile String: Name of an existing ICAP profile.
id String: The provider-assigned unique ID for this managed resource.
identityBasedRoute String: Name of identity-based routing rule.
inbound String: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
inspectionMode String: Policy inspection mode (Flow/proxy). Default is Flow mode.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
internetService6CustomGroups List<GetPolicyInternetService6CustomGroup>: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<GetPolicyInternetService6Custom>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<GetPolicyInternetService6Group>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<GetPolicyInternetService6Name>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
internetService6SrcCustomGroups List<GetPolicyInternetService6SrcCustomGroup>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<GetPolicyInternetService6SrcCustom>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<GetPolicyInternetService6SrcGroup>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<GetPolicyInternetService6SrcName>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be.
internetServiceCustomGroups List<GetPolicyInternetServiceCustomGroup>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<GetPolicyInternetServiceCustom>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<GetPolicyInternetServiceGroup>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<GetPolicyInternetServiceId>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<GetPolicyInternetServiceName>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
internetServiceSrcCustomGroups List<GetPolicyInternetServiceSrcCustomGroup>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<GetPolicyInternetServiceSrcCustom>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<GetPolicyInternetServiceSrcGroup>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<GetPolicyInternetServiceSrcId>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<GetPolicyInternetServiceSrcName>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be.
ippool String: Enable to use IP Pools for source NAT.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
label String: Label for the policy that appears when the GUI is in Section View mode.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions.
logtrafficStart String: Record logs when a session starts.
matchVip String: Enable to match packets that have had their destination addresses changed by a VIP.
matchVipOnly String: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
name String: Mirror Interface name.
nat String: Enable/disable source NAT.
nat46 String: Enable/disable NAT46.
nat64 String: Enable/disable NAT64.
natinbound String: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
natip String: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
natoutbound String: Policy-based IPsec VPN: apply source NAT to outbound traffic.
networkServiceDynamics List<GetPolicyNetworkServiceDynamic>: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
networkServiceSrcDynamics List<GetPolicyNetworkServiceSrcDynamic>: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
npAcceleration String: Enable/disable UTM Network Processor acceleration.
ntlm String: Enable/disable NTLM authentication.
ntlmEnabledBrowsers List<GetPolicyNtlmEnabledBrowser>: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
ntlmGuest String: Enable/disable NTLM guest user access.
outbound String: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
passiveWanHealthMeasurement String: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
pcpInbound String: Enable/disable PCP inbound DNAT.
pcpOutbound String: Enable/disable PCP outbound SNAT.
pcpPoolnames List<GetPolicyPcpPoolname>: PCP pool names. The structure of pcp_poolname block is documented below.
perIpShaper String: Per-IP traffic shaper.
permitAnyHost String: Accept UDP packets from any host.
permitStunHost String: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
policyExpiry String: Enable/disable policy expiry.
policyExpiryDate String: Policy expiry date (YYYY-MM-DD HH:MM:SS).
policyExpiryDateUtc String: Policy expiry date and time, in epoch format.
policyid Integer: Policy ID.
poolname6s List<GetPolicyPoolname6>: IPv6 pool names. The structure of poolname6 block is documented below.
poolnames List<GetPolicyPoolname>: IP Pool names. The structure of poolname block is documented below.
portPreserve String: Enable/disable preservation of the original source port from source NAT if it has not been used.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only.
radiusMacAuthBypass String: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
redirectUrl String: URL users are directed to after seeing and accepting the disclaimer or authenticating.
replacemsgOverrideGroup String: Override the default replacement message group for this policy.
reputationDirection String: Direction of the initial traffic for reputation to take effect.
reputationDirection6 String: Direction of the initial traffic for IPv6 reputation to take effect.
reputationMinimum Integer: Minimum Reputation to take action.
reputationMinimum6 Integer: IPv6 Minimum Reputation to take action.
rsso String: Enable/disable RADIUS single sign-on (RSSO).
rtpAddrs List<GetPolicyRtpAddr>: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
rtpNat String: Enable Real Time Protocol (RTP) NAT.
scanBotnetConnections String: Block or monitor connections to Botnet servers or disable Botnet scanning.
schedule String: Schedule name.
scheduleTimeout String: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy.
serviceNegate String: When enabled service specifies what the service must NOT be.
services List<GetPolicyService>: Service and service group names. The structure of service block is documented below.
sessionTtl Integer: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
sgtCheck String: Enable/disable security group tags (SGT) check.
sgts List<GetPolicySgt>: Security group tags. The structure of sgt block is documented below.
spamfilterProfile String: Name of an existing Spam filter profile.
srcVendorMacs List<GetPolicySrcVendorMac>: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be.
srcaddr6s List<GetPolicySrcaddr6>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr specifies what the source address must NOT be.
srcaddrs List<GetPolicySrcaddr>: Source address and address group names. The structure of srcaddr block is documented below.
srcintfs List<GetPolicySrcintf>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sshPolicyRedirect String: Redirect SSH traffic to matching transparent proxy policy.
sslMirror String: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
sslMirrorIntfs List<GetPolicySslMirrorIntf>: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy.
tcpMssReceiver Integer: Receiver TCP maximum segment size (MSS).
tcpMssSender Integer: Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String: Enable/disable creation of TCP session without SYN flag.
timeoutSendRst String: Enable/disable sending RST packets when TCP sessions expire.
tos String: ToS (Type of Service) value used for comparison.
tosMask String: Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String: Enable negated TOS match.
trafficShaper String: Traffic shaper.
trafficShaperReverse String: Reverse traffic shaper.
urlCategories List<GetPolicyUrlCategory>: URL category ID list. The structure of url_category block is documented below.
users List<GetPolicyUser>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
vlanCosFwd Integer: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanCosRev Integer: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanFilter String: Set VLAN filters.
voipProfile String: Name of an existing VoIP profile.
vpntunnel String: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String: Name of an existing Web application firewall profile.
wanopt String: Enable/disable WAN optimization.
wanoptDetection String: WAN optimization auto-detection mode.
wanoptPassiveOpt String: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
wanoptPeer String: WAN optimization peer.
wanoptProfile String: WAN optimization profile.
wccp String: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
webcache String: Enable/disable web cache.
webcacheHttps String: Enable/disable web cache for HTTPS.
webfilterProfile String: Name of an existing Web filter profile.
webproxyForwardServer String: Web proxy forward server name.
webproxyProfile String: Webproxy profile name.
wsso String: Enable/disable WiFi Single Sign On (WSSO).
ztnaDeviceOwnership String: Enable/disable zero trust device ownership.
ztnaEmsTagSecondaries List<GetPolicyZtnaEmsTagSecondary>: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ztnaEmsTags List<GetPolicyZtnaEmsTag>: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ztnaGeoTags List<GetPolicyZtnaGeoTag>: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ztnaPolicyRedirect String: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ztnaStatus String: Enable/disable zero trust access.
ztnaTagsMatchLogic String: ZTNA tag matching logic.
vdomparam String

action string: Policy action (allow/deny/ipsec).
antiReplay string: Enable/disable anti-replay check.
appCategories GetPolicyAppCategory[]: Application category ID list. The structure of app_category block is documented below.
appGroups GetPolicyAppGroup[]: Application group names. The structure of app_group block is documented below.
applicationList string: Name of an existing Application list.
applications GetPolicyApplication[]: Application ID list. The structure of application block is documented below.
authCert string: HTTPS server certificate for policy authentication.
authPath string: Enable/disable authentication-based routing.
authRedirectAddr string: HTTP-to-HTTPS redirect address for firewall authentication.
autoAsicOffload string: Enable/disable policy traffic ASIC offloading.
avProfile string: Name of an existing Antivirus profile.
blockNotification string: Enable/disable block notification.
captivePortalExempt string: Enable to exempt some users from the captive portal.
capturePacket string: Enable/disable capture packets.
casbProfile string: Name of an existing CASB profile.
cifsProfile string: Name of an existing CIFS profile.
comments string: Comment.
customLogFields GetPolicyCustomLogField[]: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror string: Decrypted traffic mirror.
delayTcpNpuSession string: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
devices GetPolicyDevice[]: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diameterFilterProfile string: Name of an existing Diameter filter profile.
diffservCopy string: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
diffservForward string: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
diffservReverse string: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
diffservcodeForward string: Change packet's DiffServ to this value.
diffservcodeRev string: Change packet's reverse (reply) DiffServ to this value.
disclaimer string: Enable/disable user authentication disclaimer.
dlpProfile string: Name of an existing DLP profile.
dlpSensor string: Name of an existing DLP sensor.
dnsfilterProfile string: Name of an existing DNS filter profile.
dsri string: Enable DSRI to ignore HTTP server responses.
dstaddr6Negate string: When enabled dstaddr6 specifies what the destination address must NOT be.
dstaddr6s GetPolicyDstaddr6[]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate string: When enabled dstaddr specifies what the destination address must NOT be.
dstaddrs GetPolicyDstaddr[]: Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs GetPolicyDstintf[]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicShaping string: Enable/disable dynamic RADIUS defined traffic shaping.
emailCollect string: Enable/disable email collection.
emailfilterProfile string: Name of an existing email filter profile.
fec string: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
fileFilterProfile string: Name of an existing file-filter profile.
firewallSessionDirty string: How to handle sessions if the configuration of this firewall policy changes.
fixedport string: Enable to prevent source NAT from changing a session's source port.
fsso string: Enable/disable Fortinet Single Sign-On.
fssoAgentForNtlm string: FSSO agent to use for NTLM authentication.
fssoGroups GetPolicyFssoGroup[]: Names of FSSO groups. The structure of fsso_groups block is documented below.
geoipAnycast string: Enable/disable recognition of anycast IP addresses using the geography IP database.
geoipMatch string: Match geography address based either on its physical location or registered location.
globalLabel string: Label for the policy that appears when the GUI is in Global View mode.
groups GetPolicyGroup[]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect string: Redirect HTTP(S) traffic to matching transparent web proxy policy.
icapProfile string: Name of an existing ICAP profile.
id string: The provider-assigned unique ID for this managed resource.
identityBasedRoute string: Name of identity-based routing rule.
inbound string: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
inspectionMode string: Policy inspection mode (Flow/proxy). Default is Flow mode.
internetService string: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
internetService6 string: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
internetService6CustomGroups GetPolicyInternetService6CustomGroup[]: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs GetPolicyInternetService6Custom[]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups GetPolicyInternetService6Group[]: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names GetPolicyInternetService6Name[]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate string: When enabled internet-service6 specifies what the service must NOT be.
internetService6Src string: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
internetService6SrcCustomGroups GetPolicyInternetService6SrcCustomGroup[]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms GetPolicyInternetService6SrcCustom[]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups GetPolicyInternetService6SrcGroup[]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames GetPolicyInternetService6SrcName[]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate string: When enabled internet-service6-src specifies what the service must NOT be.
internetServiceCustomGroups GetPolicyInternetServiceCustomGroup[]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms GetPolicyInternetServiceCustom[]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups GetPolicyInternetServiceGroup[]: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds GetPolicyInternetServiceId[]: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames GetPolicyInternetServiceName[]: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate string: When enabled internet-service specifies what the service must NOT be.
internetServiceSrc string: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
internetServiceSrcCustomGroups GetPolicyInternetServiceSrcCustomGroup[]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms GetPolicyInternetServiceSrcCustom[]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups GetPolicyInternetServiceSrcGroup[]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds GetPolicyInternetServiceSrcId[]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames GetPolicyInternetServiceSrcName[]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate string: When enabled internet-service-src specifies what the service must NOT be.
ippool string: Enable to use IP Pools for source NAT.
ipsSensor string: Name of an existing IPS sensor.
ipsVoipFilter string: Name of an existing VoIP (ips) profile.
label string: Label for the policy that appears when the GUI is in Section View mode.
learningMode string: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
logtraffic string: Enable or disable logging. Log all sessions or security profile sessions.
logtrafficStart string: Record logs when a session starts.
matchVip string: Enable to match packets that have had their destination addresses changed by a VIP.
matchVipOnly string: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
name string: Mirror Interface name.
nat string: Enable/disable source NAT.
nat46 string: Enable/disable NAT46.
nat64 string: Enable/disable NAT64.
natinbound string: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
natip string: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
natoutbound string: Policy-based IPsec VPN: apply source NAT to outbound traffic.
networkServiceDynamics GetPolicyNetworkServiceDynamic[]: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
networkServiceSrcDynamics GetPolicyNetworkServiceSrcDynamic[]: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
npAcceleration string: Enable/disable UTM Network Processor acceleration.
ntlm string: Enable/disable NTLM authentication.
ntlmEnabledBrowsers GetPolicyNtlmEnabledBrowser[]: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
ntlmGuest string: Enable/disable NTLM guest user access.
outbound string: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
passiveWanHealthMeasurement string: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
pcpInbound string: Enable/disable PCP inbound DNAT.
pcpOutbound string: Enable/disable PCP outbound SNAT.
pcpPoolnames GetPolicyPcpPoolname[]: PCP pool names. The structure of pcp_poolname block is documented below.
perIpShaper string: Per-IP traffic shaper.
permitAnyHost string: Accept UDP packets from any host.
permitStunHost string: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
policyExpiry string: Enable/disable policy expiry.
policyExpiryDate string: Policy expiry date (YYYY-MM-DD HH:MM:SS).
policyExpiryDateUtc string: Policy expiry date and time, in epoch format.
policyid number: Policy ID.
poolname6s GetPolicyPoolname6[]: IPv6 pool names. The structure of poolname6 block is documented below.
poolnames GetPolicyPoolname[]: IP Pool names. The structure of poolname block is documented below.
portPreserve string: Enable/disable preservation of the original source port from source NAT if it has not been used.
profileGroup string: Name of profile group.
profileProtocolOptions string: Name of an existing Protocol options profile.
profileType string: Determine whether the firewall policy allows security profile groups or single profiles only.
radiusMacAuthBypass string: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
redirectUrl string: URL users are directed to after seeing and accepting the disclaimer or authenticating.
replacemsgOverrideGroup string: Override the default replacement message group for this policy.
reputationDirection string: Direction of the initial traffic for reputation to take effect.
reputationDirection6 string: Direction of the initial traffic for IPv6 reputation to take effect.
reputationMinimum number: Minimum Reputation to take action.
reputationMinimum6 number: IPv6 Minimum Reputation to take action.
rsso string: Enable/disable RADIUS single sign-on (RSSO).
rtpAddrs GetPolicyRtpAddr[]: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
rtpNat string: Enable Real Time Protocol (RTP) NAT.
scanBotnetConnections string: Block or monitor connections to Botnet servers or disable Botnet scanning.
schedule string: Schedule name.
scheduleTimeout string: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
sctpFilterProfile string: Name of an existing SCTP filter profile.
sendDenyPacket string: Enable to send a reply when a session is denied or blocked by a firewall policy.
serviceNegate string: When enabled service specifies what the service must NOT be.
services GetPolicyService[]: Service and service group names. The structure of service block is documented below.
sessionTtl number: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
sgtCheck string: Enable/disable security group tags (SGT) check.
sgts GetPolicySgt[]: Security group tags. The structure of sgt block is documented below.
spamfilterProfile string: Name of an existing Spam filter profile.
srcVendorMacs GetPolicySrcVendorMac[]: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
srcaddr6Negate string: When enabled srcaddr6 specifies what the source address must NOT be.
srcaddr6s GetPolicySrcaddr6[]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate string: When enabled srcaddr specifies what the source address must NOT be.
srcaddrs GetPolicySrcaddr[]: Source address and address group names. The structure of srcaddr block is documented below.
srcintfs GetPolicySrcintf[]: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile string: Name of an existing SSH filter profile.
sshPolicyRedirect string: Redirect SSH traffic to matching transparent proxy policy.
sslMirror string: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
sslMirrorIntfs GetPolicySslMirrorIntf[]: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile string: Name of an existing SSL SSH profile.
status string: Enable or disable this policy.
tcpMssReceiver number: Receiver TCP maximum segment size (MSS).
tcpMssSender number: Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn string: Enable/disable creation of TCP session without SYN flag.
timeoutSendRst string: Enable/disable sending RST packets when TCP sessions expire.
tos string: ToS (Type of Service) value used for comparison.
tosMask string: Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate string: Enable negated TOS match.
trafficShaper string: Traffic shaper.
trafficShaperReverse string: Reverse traffic shaper.
urlCategories GetPolicyUrlCategory[]: URL category ID list. The structure of url_category block is documented below.
users GetPolicyUser[]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus string: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
uuid string: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
videofilterProfile string: Name of an existing VideoFilter profile.
virtualPatchProfile string: Name of an existing virtual-patch profile.
vlanCosFwd number: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanCosRev number: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanFilter string: Set VLAN filters.
voipProfile string: Name of an existing VoIP profile.
vpntunnel string: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile string: Name of an existing Web application firewall profile.
wanopt string: Enable/disable WAN optimization.
wanoptDetection string: WAN optimization auto-detection mode.
wanoptPassiveOpt string: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
wanoptPeer string: WAN optimization peer.
wanoptProfile string: WAN optimization profile.
wccp string: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
webcache string: Enable/disable web cache.
webcacheHttps string: Enable/disable web cache for HTTPS.
webfilterProfile string: Name of an existing Web filter profile.
webproxyForwardServer string: Web proxy forward server name.
webproxyProfile string: Webproxy profile name.
wsso string: Enable/disable WiFi Single Sign On (WSSO).
ztnaDeviceOwnership string: Enable/disable zero trust device ownership.
ztnaEmsTagSecondaries GetPolicyZtnaEmsTagSecondary[]: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ztnaEmsTags GetPolicyZtnaEmsTag[]: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ztnaGeoTags GetPolicyZtnaGeoTag[]: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ztnaPolicyRedirect string: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ztnaStatus string: Enable/disable zero trust access.
ztnaTagsMatchLogic string: ZTNA tag matching logic.
vdomparam string

action str: Policy action (allow/deny/ipsec).
anti_replay str: Enable/disable anti-replay check.
app_categories Sequence[GetPolicyAppCategory]: Application category ID list. The structure of app_category block is documented below.
app_groups Sequence[GetPolicyAppGroup]: Application group names. The structure of app_group block is documented below.
application_list str: Name of an existing Application list.
applications Sequence[GetPolicyApplication]: Application ID list. The structure of application block is documented below.
auth_cert str: HTTPS server certificate for policy authentication.
auth_path str: Enable/disable authentication-based routing.
auth_redirect_addr str: HTTP-to-HTTPS redirect address for firewall authentication.
auto_asic_offload str: Enable/disable policy traffic ASIC offloading.
av_profile str: Name of an existing Antivirus profile.
block_notification str: Enable/disable block notification.
captive_portal_exempt str: Enable to exempt some users from the captive portal.
capture_packet str: Enable/disable capture packets.
casb_profile str: Name of an existing CASB profile.
cifs_profile str: Name of an existing CIFS profile.
comments str: Comment.
custom_log_fields Sequence[GetPolicyCustomLogField]: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
decrypted_traffic_mirror str: Decrypted traffic mirror.
delay_tcp_npu_session str: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
devices Sequence[GetPolicyDevice]: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diameter_filter_profile str: Name of an existing Diameter filter profile.
diffserv_copy str: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
diffserv_forward str: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
diffserv_reverse str: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
diffservcode_forward str: Change packet's DiffServ to this value.
diffservcode_rev str: Change packet's reverse (reply) DiffServ to this value.
disclaimer str: Enable/disable user authentication disclaimer.
dlp_profile str: Name of an existing DLP profile.
dlp_sensor str: Name of an existing DLP sensor.
dnsfilter_profile str: Name of an existing DNS filter profile.
dsri str: Enable DSRI to ignore HTTP server responses.
dstaddr6_negate str: When enabled dstaddr6 specifies what the destination address must NOT be.
dstaddr6s Sequence[GetPolicyDstaddr6]: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddr_negate str: When enabled dstaddr specifies what the destination address must NOT be.
dstaddrs Sequence[GetPolicyDstaddr]: Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs Sequence[GetPolicyDstintf]: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamic_shaping str: Enable/disable dynamic RADIUS defined traffic shaping.
email_collect str: Enable/disable email collection.
emailfilter_profile str: Name of an existing email filter profile.
fec str: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
file_filter_profile str: Name of an existing file-filter profile.
firewall_session_dirty str: How to handle sessions if the configuration of this firewall policy changes.
fixedport str: Enable to prevent source NAT from changing a session's source port.
fsso str: Enable/disable Fortinet Single Sign-On.
fsso_agent_for_ntlm str: FSSO agent to use for NTLM authentication.
fsso_groups Sequence[GetPolicyFssoGroup]: Names of FSSO groups. The structure of fsso_groups block is documented below.
geoip_anycast str: Enable/disable recognition of anycast IP addresses using the geography IP database.
geoip_match str: Match geography address based either on its physical location or registered location.
global_label str: Label for the policy that appears when the GUI is in Global View mode.
groups Sequence[GetPolicyGroup]: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
http_policy_redirect str: Redirect HTTP(S) traffic to matching transparent web proxy policy.
icap_profile str: Name of an existing ICAP profile.
id str: The provider-assigned unique ID for this managed resource.
identity_based_route str: Name of identity-based routing rule.
inbound str: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
inspection_mode str: Policy inspection mode (Flow/proxy). Default is Flow mode.
internet_service str: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
internet_service6 str: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
internet_service6_custom_groups Sequence[GetPolicyInternetService6CustomGroup]: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
internet_service6_customs Sequence[GetPolicyInternetService6Custom]: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internet_service6_groups Sequence[GetPolicyInternetService6Group]: Internet Service group name. The structure of internet_service6_group block is documented below.
internet_service6_names Sequence[GetPolicyInternetService6Name]: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internet_service6_negate str: When enabled internet-service6 specifies what the service must NOT be.
internet_service6_src str: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
internet_service6_src_custom_groups Sequence[GetPolicyInternetService6SrcCustomGroup]: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internet_service6_src_customs Sequence[GetPolicyInternetService6SrcCustom]: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internet_service6_src_groups Sequence[GetPolicyInternetService6SrcGroup]: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internet_service6_src_names Sequence[GetPolicyInternetService6SrcName]: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internet_service6_src_negate str: When enabled internet-service6-src specifies what the service must NOT be.
internet_service_custom_groups Sequence[GetPolicyInternetServiceCustomGroup]: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internet_service_customs Sequence[GetPolicyInternetServiceCustom]: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internet_service_groups Sequence[GetPolicyInternetServiceGroup]: Internet Service group name. The structure of internet_service_group block is documented below.
internet_service_ids Sequence[GetPolicyInternetServiceId]: Internet Service ID. The structure of internet_service_id block is documented below.
internet_service_names Sequence[GetPolicyInternetServiceName]: Internet Service name. The structure of internet_service_name block is documented below.
internet_service_negate str: When enabled internet-service specifies what the service must NOT be.
internet_service_src str: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
internet_service_src_custom_groups Sequence[GetPolicyInternetServiceSrcCustomGroup]: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internet_service_src_customs Sequence[GetPolicyInternetServiceSrcCustom]: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internet_service_src_groups Sequence[GetPolicyInternetServiceSrcGroup]: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internet_service_src_ids Sequence[GetPolicyInternetServiceSrcId]: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internet_service_src_names Sequence[GetPolicyInternetServiceSrcName]: Internet Service source name. The structure of internet_service_src_name block is documented below.
internet_service_src_negate str: When enabled internet-service-src specifies what the service must NOT be.
ippool str: Enable to use IP Pools for source NAT.
ips_sensor str: Name of an existing IPS sensor.
ips_voip_filter str: Name of an existing VoIP (ips) profile.
label str: Label for the policy that appears when the GUI is in Section View mode.
learning_mode str: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
logtraffic str: Enable or disable logging. Log all sessions or security profile sessions.
logtraffic_start str: Record logs when a session starts.
match_vip str: Enable to match packets that have had their destination addresses changed by a VIP.
match_vip_only str: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
name str: Mirror Interface name.
nat str: Enable/disable source NAT.
nat46 str: Enable/disable NAT46.
nat64 str: Enable/disable NAT64.
natinbound str: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
natip str: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
natoutbound str: Policy-based IPsec VPN: apply source NAT to outbound traffic.
network_service_dynamics Sequence[GetPolicyNetworkServiceDynamic]: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
network_service_src_dynamics Sequence[GetPolicyNetworkServiceSrcDynamic]: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
np_acceleration str: Enable/disable UTM Network Processor acceleration.
ntlm str: Enable/disable NTLM authentication.
ntlm_enabled_browsers Sequence[GetPolicyNtlmEnabledBrowser]: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
ntlm_guest str: Enable/disable NTLM guest user access.
outbound str: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
passive_wan_health_measurement str: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
pcp_inbound str: Enable/disable PCP inbound DNAT.
pcp_outbound str: Enable/disable PCP outbound SNAT.
pcp_poolnames Sequence[GetPolicyPcpPoolname]: PCP pool names. The structure of pcp_poolname block is documented below.
per_ip_shaper str: Per-IP traffic shaper.
permit_any_host str: Accept UDP packets from any host.
permit_stun_host str: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
policy_expiry str: Enable/disable policy expiry.
policy_expiry_date str: Policy expiry date (YYYY-MM-DD HH:MM:SS).
policy_expiry_date_utc str: Policy expiry date and time, in epoch format.
policyid int: Policy ID.
poolname6s Sequence[GetPolicyPoolname6]: IPv6 pool names. The structure of poolname6 block is documented below.
poolnames Sequence[GetPolicyPoolname]: IP Pool names. The structure of poolname block is documented below.
port_preserve str: Enable/disable preservation of the original source port from source NAT if it has not been used.
profile_group str: Name of profile group.
profile_protocol_options str: Name of an existing Protocol options profile.
profile_type str: Determine whether the firewall policy allows security profile groups or single profiles only.
radius_mac_auth_bypass str: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
redirect_url str: URL users are directed to after seeing and accepting the disclaimer or authenticating.
replacemsg_override_group str: Override the default replacement message group for this policy.
reputation_direction str: Direction of the initial traffic for reputation to take effect.
reputation_direction6 str: Direction of the initial traffic for IPv6 reputation to take effect.
reputation_minimum int: Minimum Reputation to take action.
reputation_minimum6 int: IPv6 Minimum Reputation to take action.
rsso str: Enable/disable RADIUS single sign-on (RSSO).
rtp_addrs Sequence[GetPolicyRtpAddr]: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
rtp_nat str: Enable Real Time Protocol (RTP) NAT.
scan_botnet_connections str: Block or monitor connections to Botnet servers or disable Botnet scanning.
schedule str: Schedule name.
schedule_timeout str: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
sctp_filter_profile str: Name of an existing SCTP filter profile.
send_deny_packet str: Enable to send a reply when a session is denied or blocked by a firewall policy.
service_negate str: When enabled service specifies what the service must NOT be.
services Sequence[GetPolicyService]: Service and service group names. The structure of service block is documented below.
session_ttl int: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
sgt_check str: Enable/disable security group tags (SGT) check.
sgts Sequence[GetPolicySgt]: Security group tags. The structure of sgt block is documented below.
spamfilter_profile str: Name of an existing Spam filter profile.
src_vendor_macs Sequence[GetPolicySrcVendorMac]: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
srcaddr6_negate str: When enabled srcaddr6 specifies what the source address must NOT be.
srcaddr6s Sequence[GetPolicySrcaddr6]: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddr_negate str: When enabled srcaddr specifies what the source address must NOT be.
srcaddrs Sequence[GetPolicySrcaddr]: Source address and address group names. The structure of srcaddr block is documented below.
srcintfs Sequence[GetPolicySrcintf]: Incoming (ingress) interface. The structure of srcintf block is documented below.
ssh_filter_profile str: Name of an existing SSH filter profile.
ssh_policy_redirect str: Redirect SSH traffic to matching transparent proxy policy.
ssl_mirror str: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
ssl_mirror_intfs Sequence[GetPolicySslMirrorIntf]: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
ssl_ssh_profile str: Name of an existing SSL SSH profile.
status str: Enable or disable this policy.
tcp_mss_receiver int: Receiver TCP maximum segment size (MSS).
tcp_mss_sender int: Sender TCP maximum segment size (MSS).
tcp_session_without_syn str: Enable/disable creation of TCP session without SYN flag.
timeout_send_rst str: Enable/disable sending RST packets when TCP sessions expire.
tos str: ToS (Type of Service) value used for comparison.
tos_mask str: Non-zero bit positions are used for comparison while zero bit positions are ignored.
tos_negate str: Enable negated TOS match.
traffic_shaper str: Traffic shaper.
traffic_shaper_reverse str: Reverse traffic shaper.
url_categories Sequence[GetPolicyUrlCategory]: URL category ID list. The structure of url_category block is documented below.
users Sequence[GetPolicyUser]: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utm_status str: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
uuid str: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
videofilter_profile str: Name of an existing VideoFilter profile.
virtual_patch_profile str: Name of an existing virtual-patch profile.
vlan_cos_fwd int: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlan_cos_rev int: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlan_filter str: Set VLAN filters.
voip_profile str: Name of an existing VoIP profile.
vpntunnel str: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
waf_profile str: Name of an existing Web application firewall profile.
wanopt str: Enable/disable WAN optimization.
wanopt_detection str: WAN optimization auto-detection mode.
wanopt_passive_opt str: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
wanopt_peer str: WAN optimization peer.
wanopt_profile str: WAN optimization profile.
wccp str: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
webcache str: Enable/disable web cache.
webcache_https str: Enable/disable web cache for HTTPS.
webfilter_profile str: Name of an existing Web filter profile.
webproxy_forward_server str: Web proxy forward server name.
webproxy_profile str: Webproxy profile name.
wsso str: Enable/disable WiFi Single Sign On (WSSO).
ztna_device_ownership str: Enable/disable zero trust device ownership.
ztna_ems_tag_secondaries Sequence[GetPolicyZtnaEmsTagSecondary]: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ztna_ems_tags Sequence[GetPolicyZtnaEmsTag]: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ztna_geo_tags Sequence[GetPolicyZtnaGeoTag]: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ztna_policy_redirect str: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ztna_status str: Enable/disable zero trust access.
ztna_tags_match_logic str: ZTNA tag matching logic.
vdomparam str

action String: Policy action (allow/deny/ipsec).
antiReplay String: Enable/disable anti-replay check.
appCategories List<Property Map>: Application category ID list. The structure of app_category block is documented below.
appGroups List<Property Map>: Application group names. The structure of app_group block is documented below.
applicationList String: Name of an existing Application list.
applications List<Property Map>: Application ID list. The structure of application block is documented below.
authCert String: HTTPS server certificate for policy authentication.
authPath String: Enable/disable authentication-based routing.
authRedirectAddr String: HTTP-to-HTTPS redirect address for firewall authentication.
autoAsicOffload String: Enable/disable policy traffic ASIC offloading.
avProfile String: Name of an existing Antivirus profile.
blockNotification String: Enable/disable block notification.
captivePortalExempt String: Enable to exempt some users from the captive portal.
capturePacket String: Enable/disable capture packets.
casbProfile String: Name of an existing CASB profile.
cifsProfile String: Name of an existing CIFS profile.
comments String: Comment.
customLogFields List<Property Map>: Custom fields to append to log messages for this policy. The structure of custom_log_fields block is documented below.
decryptedTrafficMirror String: Decrypted traffic mirror.
delayTcpNpuSession String: Enable TCP NPU session delay to guarantee packet order of 3-way handshake.
devices List<Property Map>: Names of devices or device groups that can be matched by the policy. The structure of devices block is documented below.
diameterFilterProfile String: Name of an existing Diameter filter profile.
diffservCopy String: Enable to copy packet's DiffServ values from session's original direction to its reply direction.
diffservForward String: Enable to change packet's DiffServ values to the specified diffservcode-forward value.
diffservReverse String: Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
diffservcodeForward String: Change packet's DiffServ to this value.
diffservcodeRev String: Change packet's reverse (reply) DiffServ to this value.
disclaimer String: Enable/disable user authentication disclaimer.
dlpProfile String: Name of an existing DLP profile.
dlpSensor String: Name of an existing DLP sensor.
dnsfilterProfile String: Name of an existing DNS filter profile.
dsri String: Enable DSRI to ignore HTTP server responses.
dstaddr6Negate String: When enabled dstaddr6 specifies what the destination address must NOT be.
dstaddr6s List<Property Map>: Destination IPv6 address name and address group names. The structure of dstaddr6 block is documented below.
dstaddrNegate String: When enabled dstaddr specifies what the destination address must NOT be.
dstaddrs List<Property Map>: Destination address and address group names. The structure of dstaddr block is documented below.
dstintfs List<Property Map>: Outgoing (egress) interface. The structure of dstintf block is documented below.
dynamicShaping String: Enable/disable dynamic RADIUS defined traffic shaping.
emailCollect String: Enable/disable email collection.
emailfilterProfile String: Name of an existing email filter profile.
fec String: Enable/disable Forward Error Correction on traffic matching this policy on a FEC device.
fileFilterProfile String: Name of an existing file-filter profile.
firewallSessionDirty String: How to handle sessions if the configuration of this firewall policy changes.
fixedport String: Enable to prevent source NAT from changing a session's source port.
fsso String: Enable/disable Fortinet Single Sign-On.
fssoAgentForNtlm String: FSSO agent to use for NTLM authentication.
fssoGroups List<Property Map>: Names of FSSO groups. The structure of fsso_groups block is documented below.
geoipAnycast String: Enable/disable recognition of anycast IP addresses using the geography IP database.
geoipMatch String: Match geography address based either on its physical location or registered location.
globalLabel String: Label for the policy that appears when the GUI is in Global View mode.
groups List<Property Map>: Names of user groups that can authenticate with this policy. The structure of groups block is documented below.
httpPolicyRedirect String: Redirect HTTP(S) traffic to matching transparent web proxy policy.
icapProfile String: Name of an existing ICAP profile.
id String: The provider-assigned unique ID for this managed resource.
identityBasedRoute String: Name of identity-based routing rule.
inbound String: Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN.
inspectionMode String: Policy inspection mode (Flow/proxy). Default is Flow mode.
internetService String: Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
internetService6 String: Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
internetService6CustomGroups List<Property Map>: Custom Internet Service6 group name. The structure of internet_service6_custom_group block is documented below.
internetService6Customs List<Property Map>: Custom IPv6 Internet Service name. The structure of internet_service6_custom block is documented below.
internetService6Groups List<Property Map>: Internet Service group name. The structure of internet_service6_group block is documented below.
internetService6Names List<Property Map>: IPv6 Internet Service name. The structure of internet_service6_name block is documented below.
internetService6Negate String: When enabled internet-service6 specifies what the service must NOT be.
internetService6Src String: Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
internetService6SrcCustomGroups List<Property Map>: Custom Internet Service6 source group name. The structure of internet_service6_src_custom_group block is documented below.
internetService6SrcCustoms List<Property Map>: Custom IPv6 Internet Service source name. The structure of internet_service6_src_custom block is documented below.
internetService6SrcGroups List<Property Map>: Internet Service6 source group name. The structure of internet_service6_src_group block is documented below.
internetService6SrcNames List<Property Map>: IPv6 Internet Service source name. The structure of internet_service6_src_name block is documented below.
internetService6SrcNegate String: When enabled internet-service6-src specifies what the service must NOT be.
internetServiceCustomGroups List<Property Map>: Custom Internet Service group name. The structure of internet_service_custom_group block is documented below.
internetServiceCustoms List<Property Map>: Custom Internet Service name. The structure of internet_service_custom block is documented below.
internetServiceGroups List<Property Map>: Internet Service group name. The structure of internet_service_group block is documented below.
internetServiceIds List<Property Map>: Internet Service ID. The structure of internet_service_id block is documented below.
internetServiceNames List<Property Map>: Internet Service name. The structure of internet_service_name block is documented below.
internetServiceNegate String: When enabled internet-service specifies what the service must NOT be.
internetServiceSrc String: Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
internetServiceSrcCustomGroups List<Property Map>: Custom Internet Service source group name. The structure of internet_service_src_custom_group block is documented below.
internetServiceSrcCustoms List<Property Map>: Custom Internet Service source name. The structure of internet_service_src_custom block is documented below.
internetServiceSrcGroups List<Property Map>: Internet Service source group name. The structure of internet_service_src_group block is documented below.
internetServiceSrcIds List<Property Map>: Internet Service source ID. The structure of internet_service_src_id block is documented below.
internetServiceSrcNames List<Property Map>: Internet Service source name. The structure of internet_service_src_name block is documented below.
internetServiceSrcNegate String: When enabled internet-service-src specifies what the service must NOT be.
ippool String: Enable to use IP Pools for source NAT.
ipsSensor String: Name of an existing IPS sensor.
ipsVoipFilter String: Name of an existing VoIP (ips) profile.
label String: Label for the policy that appears when the GUI is in Section View mode.
learningMode String: Enable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
logtraffic String: Enable or disable logging. Log all sessions or security profile sessions.
logtrafficStart String: Record logs when a session starts.
matchVip String: Enable to match packets that have had their destination addresses changed by a VIP.
matchVipOnly String: Enable/disable matching of only those packets that have had their destination addresses changed by a VIP.
name String: Mirror Interface name.
nat String: Enable/disable source NAT.
nat46 String: Enable/disable NAT46.
nat64 String: Enable/disable NAT64.
natinbound String: Policy-based IPsec VPN: apply destination NAT to inbound traffic.
natip String: Policy-based IPsec VPN: source NAT IP address for outgoing traffic.
natoutbound String: Policy-based IPsec VPN: apply source NAT to outbound traffic.
networkServiceDynamics List<Property Map>: Dynamic Network Service name. The structure of network_service_dynamic block is documented below.
networkServiceSrcDynamics List<Property Map>: Dynamic Network Service source name. The structure of network_service_src_dynamic block is documented below.
npAcceleration String: Enable/disable UTM Network Processor acceleration.
ntlm String: Enable/disable NTLM authentication.
ntlmEnabledBrowsers List<Property Map>: HTTP-User-Agent value of supported browsers. The structure of ntlm_enabled_browsers block is documented below.
ntlmGuest String: Enable/disable NTLM guest user access.
outbound String: Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
passiveWanHealthMeasurement String: Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled.
pcpInbound String: Enable/disable PCP inbound DNAT.
pcpOutbound String: Enable/disable PCP outbound SNAT.
pcpPoolnames List<Property Map>: PCP pool names. The structure of pcp_poolname block is documented below.
perIpShaper String: Per-IP traffic shaper.
permitAnyHost String: Accept UDP packets from any host.
permitStunHost String: Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
policyExpiry String: Enable/disable policy expiry.
policyExpiryDate String: Policy expiry date (YYYY-MM-DD HH:MM:SS).
policyExpiryDateUtc String: Policy expiry date and time, in epoch format.
policyid Number: Policy ID.
poolname6s List<Property Map>: IPv6 pool names. The structure of poolname6 block is documented below.
poolnames List<Property Map>: IP Pool names. The structure of poolname block is documented below.
portPreserve String: Enable/disable preservation of the original source port from source NAT if it has not been used.
profileGroup String: Name of profile group.
profileProtocolOptions String: Name of an existing Protocol options profile.
profileType String: Determine whether the firewall policy allows security profile groups or single profiles only.
radiusMacAuthBypass String: Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
redirectUrl String: URL users are directed to after seeing and accepting the disclaimer or authenticating.
replacemsgOverrideGroup String: Override the default replacement message group for this policy.
reputationDirection String: Direction of the initial traffic for reputation to take effect.
reputationDirection6 String: Direction of the initial traffic for IPv6 reputation to take effect.
reputationMinimum Number: Minimum Reputation to take action.
reputationMinimum6 Number: IPv6 Minimum Reputation to take action.
rsso String: Enable/disable RADIUS single sign-on (RSSO).
rtpAddrs List<Property Map>: Address names if this is an RTP NAT policy. The structure of rtp_addr block is documented below.
rtpNat String: Enable Real Time Protocol (RTP) NAT.
scanBotnetConnections String: Block or monitor connections to Botnet servers or disable Botnet scanning.
schedule String: Schedule name.
scheduleTimeout String: Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
sctpFilterProfile String: Name of an existing SCTP filter profile.
sendDenyPacket String: Enable to send a reply when a session is denied or blocked by a firewall policy.
serviceNegate String: When enabled service specifies what the service must NOT be.
services List<Property Map>: Service and service group names. The structure of service block is documented below.
sessionTtl Number: TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).
sgtCheck String: Enable/disable security group tags (SGT) check.
sgts List<Property Map>: Security group tags. The structure of sgt block is documented below.
spamfilterProfile String: Name of an existing Spam filter profile.
srcVendorMacs List<Property Map>: Vendor MAC source ID. The structure of src_vendor_mac block is documented below.
srcaddr6Negate String: When enabled srcaddr6 specifies what the source address must NOT be.
srcaddr6s List<Property Map>: Source IPv6 address name and address group names. The structure of srcaddr6 block is documented below.
srcaddrNegate String: When enabled srcaddr specifies what the source address must NOT be.
srcaddrs List<Property Map>: Source address and address group names. The structure of srcaddr block is documented below.
srcintfs List<Property Map>: Incoming (ingress) interface. The structure of srcintf block is documented below.
sshFilterProfile String: Name of an existing SSH filter profile.
sshPolicyRedirect String: Redirect SSH traffic to matching transparent proxy policy.
sslMirror String: Enable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
sslMirrorIntfs List<Property Map>: SSL mirror interface name. The structure of ssl_mirror_intf block is documented below.
sslSshProfile String: Name of an existing SSL SSH profile.
status String: Enable or disable this policy.
tcpMssReceiver Number: Receiver TCP maximum segment size (MSS).
tcpMssSender Number: Sender TCP maximum segment size (MSS).
tcpSessionWithoutSyn String: Enable/disable creation of TCP session without SYN flag.
timeoutSendRst String: Enable/disable sending RST packets when TCP sessions expire.
tos String: ToS (Type of Service) value used for comparison.
tosMask String: Non-zero bit positions are used for comparison while zero bit positions are ignored.
tosNegate String: Enable negated TOS match.
trafficShaper String: Traffic shaper.
trafficShaperReverse String: Reverse traffic shaper.
urlCategories List<Property Map>: URL category ID list. The structure of url_category block is documented below.
users List<Property Map>: Names of individual users that can authenticate with this policy. The structure of users block is documented below.
utmStatus String: Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
uuid String: Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
videofilterProfile String: Name of an existing VideoFilter profile.
virtualPatchProfile String: Name of an existing virtual-patch profile.
vlanCosFwd Number: VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanCosRev Number: VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
vlanFilter String: Set VLAN filters.
voipProfile String: Name of an existing VoIP profile.
vpntunnel String: Policy-based IPsec VPN: name of the IPsec VPN Phase 1.
wafProfile String: Name of an existing Web application firewall profile.
wanopt String: Enable/disable WAN optimization.
wanoptDetection String: WAN optimization auto-detection mode.
wanoptPassiveOpt String: WAN optimization passive mode options. This option decides what IP address will be used to connect server.
wanoptPeer String: WAN optimization peer.
wanoptProfile String: WAN optimization profile.
wccp String: Enable/disable forwarding traffic matching this policy to a configured WCCP server.
webcache String: Enable/disable web cache.
webcacheHttps String: Enable/disable web cache for HTTPS.
webfilterProfile String: Name of an existing Web filter profile.
webproxyForwardServer String: Web proxy forward server name.
webproxyProfile String: Webproxy profile name.
wsso String: Enable/disable WiFi Single Sign On (WSSO).
ztnaDeviceOwnership String: Enable/disable zero trust device ownership.
ztnaEmsTagSecondaries List<Property Map>: Source ztna-ems-tag-secondary names. The structure of ztna_ems_tag_secondary block is documented below.
ztnaEmsTags List<Property Map>: Source ztna-ems-tag names. The structure of ztna_ems_tag block is documented below.
ztnaGeoTags List<Property Map>: Source ztna-geo-tag names. The structure of ztna_geo_tag block is documented below.
ztnaPolicyRedirect String: Redirect ZTNA traffic to matching Access-Proxy proxy-policy.
ztnaStatus String: Enable/disable zero trust access.
ztnaTagsMatchLogic String: ZTNA tag matching logic.
vdomparam String

Supporting Types

GetPolicyAppCategory

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicyAppGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyApplication

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicyCustomLogField

FieldId string: Custom log field.

FieldId string: Custom log field.

fieldId String: Custom log field.

fieldId string: Custom log field.

field_id str: Custom log field.

fieldId String: Custom log field.

GetPolicyDevice

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyDstaddr

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyDstaddr6

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyDstintf

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyFssoGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6Custom

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6CustomGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6Group

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6Name

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6SrcCustom

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6SrcCustomGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6SrcGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetService6SrcName

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceCustom

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceCustomGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceId

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicyInternetServiceName

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceSrcCustom

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceSrcCustomGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceSrcGroup

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyInternetServiceSrcId

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicyInternetServiceSrcName

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyNetworkServiceDynamic

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyNetworkServiceSrcDynamic

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyNtlmEnabledBrowser

UserAgentString string: User agent string.

UserAgentString string: User agent string.

userAgentString String: User agent string.

userAgentString string: User agent string.

user_agent_string str: User agent string.

userAgentString String: User agent string.

GetPolicyPcpPoolname

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyPoolname

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyPoolname6

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyRtpAddr

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyService

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicySgt

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicySrcVendorMac

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicySrcaddr

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicySrcaddr6

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicySrcintf

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicySslMirrorIntf

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyUrlCategory

Id int: Security group tag.

Id int: Security group tag.

id Integer: Security group tag.

id number: Security group tag.

id int: Security group tag.

id Number: Security group tag.

GetPolicyUser

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyZtnaEmsTag

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyZtnaEmsTagSecondary

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

GetPolicyZtnaGeoTag

Name string: Mirror Interface name.

Name string: Mirror Interface name.

name String: Mirror Interface name.

name string: Mirror Interface name.

name str: Mirror Interface name.

name String: Mirror Interface name.

Package Details

Repository: fortios pulumiverse/pulumi-fortios
License: Apache-2.0
Notes: This Pulumi package is based on the fortios Terraform Provider.

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

pulumiverse/pulumi-fortios

fortios.firewall.getPolicy

On this page

On this page

Using getPolicy

getPolicy Result

Supporting Types

GetPolicyAppCategory

GetPolicyAppGroup

GetPolicyApplication

GetPolicyCustomLogField

GetPolicyDevice

GetPolicyDstaddr

GetPolicyDstaddr6

GetPolicyDstintf

GetPolicyFssoGroup

GetPolicyGroup

GetPolicyInternetService6Custom

GetPolicyInternetService6CustomGroup

GetPolicyInternetService6Group

GetPolicyInternetService6Name

GetPolicyInternetService6SrcCustom

GetPolicyInternetService6SrcCustomGroup

GetPolicyInternetService6SrcGroup

GetPolicyInternetService6SrcName

GetPolicyInternetServiceCustom

GetPolicyInternetServiceCustomGroup

GetPolicyInternetServiceGroup

GetPolicyInternetServiceId

GetPolicyInternetServiceName

GetPolicyInternetServiceSrcCustom

GetPolicyInternetServiceSrcCustomGroup

GetPolicyInternetServiceSrcGroup

GetPolicyInternetServiceSrcId

GetPolicyInternetServiceSrcName

GetPolicyNetworkServiceDynamic

GetPolicyNetworkServiceSrcDynamic

GetPolicyNtlmEnabledBrowser

GetPolicyPcpPoolname

GetPolicyPoolname

GetPolicyPoolname6

GetPolicyRtpAddr

GetPolicyService

GetPolicySgt

GetPolicySrcVendorMac

GetPolicySrcaddr

GetPolicySrcaddr6

GetPolicySrcintf

GetPolicySslMirrorIntf

GetPolicyUrlCategory

GetPolicyUser

GetPolicyZtnaEmsTag

GetPolicyZtnaEmsTagSecondary

GetPolicyZtnaGeoTag

Package Details

On this page

On this page