@pulumi/juniper-mist 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/vars.d.ts +4 -0
- package/config/vars.js +6 -0
- package/config/vars.js.map +1 -1
- package/device/gateway.d.ts +3 -3
- package/device/switch.d.ts +12 -20
- package/device/switch.js +0 -2
- package/device/switch.js.map +1 -1
- package/org/deviceprofileGateway.d.ts +3 -3
- package/org/gatewaytemplate.d.ts +9 -6
- package/org/gatewaytemplate.js.map +1 -1
- package/org/nacidp.d.ts +36 -0
- package/org/nacidp.js +6 -0
- package/org/nacidp.js.map +1 -1
- package/org/network.d.ts +21 -0
- package/org/network.js +2 -0
- package/org/network.js.map +1 -1
- package/org/networktemplate.d.ts +3 -3
- package/org/sso.d.ts +15 -42
- package/org/sso.js +0 -4
- package/org/sso.js.map +1 -1
- package/package.json +2 -2
- package/provider.d.ts +4 -0
- package/provider.js +1 -0
- package/provider.js.map +1 -1
- package/site/networktemplate.d.ts +3 -3
- package/types/input.d.ts +716 -475
- package/types/output.d.ts +722 -481
package/types/input.d.ts
CHANGED
|
@@ -518,8 +518,7 @@ export declare namespace device {
|
|
|
518
518
|
*/
|
|
519
519
|
exportPolicy?: pulumi.Input<string>;
|
|
520
520
|
/**
|
|
521
|
-
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
|
|
522
|
-
* for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
521
|
+
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
523
522
|
*/
|
|
524
523
|
extendedV4Nexthop?: pulumi.Input<boolean>;
|
|
525
524
|
/**
|
|
@@ -765,6 +764,9 @@ export declare namespace device {
|
|
|
765
764
|
routedForNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
766
765
|
subnet: pulumi.Input<string>;
|
|
767
766
|
subnet6?: pulumi.Input<string>;
|
|
767
|
+
/**
|
|
768
|
+
* Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
|
|
769
|
+
*/
|
|
768
770
|
tenants?: pulumi.Input<{
|
|
769
771
|
[key: string]: pulumi.Input<inputs.device.GatewayNetworkTenants>;
|
|
770
772
|
}>;
|
|
@@ -782,7 +784,7 @@ export declare namespace device {
|
|
|
782
784
|
interface GatewayNetworkInternetAccess {
|
|
783
785
|
createSimpleServicePolicy?: pulumi.Input<boolean>;
|
|
784
786
|
/**
|
|
785
|
-
* Property key
|
|
787
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
786
788
|
*/
|
|
787
789
|
destinationNat?: pulumi.Input<{
|
|
788
790
|
[key: string]: pulumi.Input<inputs.device.GatewayNetworkInternetAccessDestinationNat>;
|
|
@@ -793,22 +795,35 @@ export declare namespace device {
|
|
|
793
795
|
*/
|
|
794
796
|
restricted?: pulumi.Input<boolean>;
|
|
795
797
|
/**
|
|
796
|
-
* Property key may be an IP Address (i.e. "
|
|
798
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
797
799
|
*/
|
|
798
800
|
staticNat?: pulumi.Input<{
|
|
799
801
|
[key: string]: pulumi.Input<inputs.device.GatewayNetworkInternetAccessStaticNat>;
|
|
800
802
|
}>;
|
|
801
803
|
}
|
|
802
804
|
interface GatewayNetworkInternetAccessDestinationNat {
|
|
805
|
+
/**
|
|
806
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
807
|
+
*/
|
|
803
808
|
internalIp?: pulumi.Input<string>;
|
|
804
809
|
name?: pulumi.Input<string>;
|
|
805
|
-
|
|
810
|
+
/**
|
|
811
|
+
* The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
|
|
812
|
+
*/
|
|
813
|
+
port?: pulumi.Input<string>;
|
|
814
|
+
/**
|
|
815
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
|
|
816
|
+
*/
|
|
817
|
+
wanName?: pulumi.Input<string>;
|
|
806
818
|
}
|
|
807
819
|
interface GatewayNetworkInternetAccessStaticNat {
|
|
808
|
-
internalIp?: pulumi.Input<string>;
|
|
809
|
-
name?: pulumi.Input<string>;
|
|
810
820
|
/**
|
|
811
|
-
*
|
|
821
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
822
|
+
*/
|
|
823
|
+
internalIp: pulumi.Input<string>;
|
|
824
|
+
name: pulumi.Input<string>;
|
|
825
|
+
/**
|
|
826
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
|
|
812
827
|
*/
|
|
813
828
|
wanName?: pulumi.Input<string>;
|
|
814
829
|
}
|
|
@@ -844,7 +859,7 @@ export declare namespace device {
|
|
|
844
859
|
*/
|
|
845
860
|
allowPing?: pulumi.Input<boolean>;
|
|
846
861
|
/**
|
|
847
|
-
* Property key
|
|
862
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
848
863
|
*/
|
|
849
864
|
destinationNat?: pulumi.Input<{
|
|
850
865
|
[key: string]: pulumi.Input<inputs.device.GatewayNetworkVpnAccessDestinationNat>;
|
|
@@ -862,13 +877,11 @@ export declare namespace device {
|
|
|
862
877
|
*/
|
|
863
878
|
noReadvertiseToLanOspf?: pulumi.Input<boolean>;
|
|
864
879
|
/**
|
|
865
|
-
* toward overlay
|
|
866
|
-
* how HUB should deal with routes it received from Spokes
|
|
880
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
867
881
|
*/
|
|
868
882
|
noReadvertiseToOverlay?: pulumi.Input<boolean>;
|
|
869
883
|
/**
|
|
870
|
-
* by default, the routes are only readvertised toward the same vrf on spoke
|
|
871
|
-
* to allow it to be leaked to other vrfs
|
|
884
|
+
* by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
|
|
872
885
|
*/
|
|
873
886
|
otherVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
874
887
|
/**
|
|
@@ -880,14 +893,13 @@ export declare namespace device {
|
|
|
880
893
|
*/
|
|
881
894
|
sourceNat?: pulumi.Input<inputs.device.GatewayNetworkVpnAccessSourceNat>;
|
|
882
895
|
/**
|
|
883
|
-
* Property key may be an IP Address (i.e. "
|
|
896
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
884
897
|
*/
|
|
885
898
|
staticNat?: pulumi.Input<{
|
|
886
899
|
[key: string]: pulumi.Input<inputs.device.GatewayNetworkVpnAccessStaticNat>;
|
|
887
900
|
}>;
|
|
888
901
|
/**
|
|
889
|
-
* toward overlay
|
|
890
|
-
* how HUB should deal with routes it received from Spokes
|
|
902
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
891
903
|
*/
|
|
892
904
|
summarizedSubnet?: pulumi.Input<string>;
|
|
893
905
|
/**
|
|
@@ -900,20 +912,22 @@ export declare namespace device {
|
|
|
900
912
|
summarizedSubnetToLanOspf?: pulumi.Input<string>;
|
|
901
913
|
}
|
|
902
914
|
interface GatewayNetworkVpnAccessDestinationNat {
|
|
915
|
+
/**
|
|
916
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
917
|
+
*/
|
|
903
918
|
internalIp?: pulumi.Input<string>;
|
|
904
919
|
name?: pulumi.Input<string>;
|
|
905
|
-
port?: pulumi.Input<
|
|
920
|
+
port?: pulumi.Input<string>;
|
|
906
921
|
}
|
|
907
922
|
interface GatewayNetworkVpnAccessSourceNat {
|
|
908
923
|
externalIp?: pulumi.Input<string>;
|
|
909
924
|
}
|
|
910
925
|
interface GatewayNetworkVpnAccessStaticNat {
|
|
911
|
-
internalIp?: pulumi.Input<string>;
|
|
912
|
-
name?: pulumi.Input<string>;
|
|
913
926
|
/**
|
|
914
|
-
*
|
|
927
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
915
928
|
*/
|
|
916
|
-
|
|
929
|
+
internalIp: pulumi.Input<string>;
|
|
930
|
+
name: pulumi.Input<string>;
|
|
917
931
|
}
|
|
918
932
|
interface GatewayOobIpConfig {
|
|
919
933
|
/**
|
|
@@ -1024,9 +1038,7 @@ export declare namespace device {
|
|
|
1024
1038
|
*/
|
|
1025
1039
|
aeIdx?: pulumi.Input<string>;
|
|
1026
1040
|
/**
|
|
1027
|
-
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability
|
|
1028
|
-
* Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
|
|
1029
|
-
* Note: Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
1041
|
+
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
1030
1042
|
*/
|
|
1031
1043
|
aeLacpForceUp?: pulumi.Input<boolean>;
|
|
1032
1044
|
aggregated?: pulumi.Input<boolean>;
|
|
@@ -1034,6 +1046,9 @@ export declare namespace device {
|
|
|
1034
1046
|
* if want to generate port up/down alarm, set it to true
|
|
1035
1047
|
*/
|
|
1036
1048
|
critical?: pulumi.Input<boolean>;
|
|
1049
|
+
/**
|
|
1050
|
+
* Interface Description. Can be a variable (i.e. "{{myvar}}")
|
|
1051
|
+
*/
|
|
1037
1052
|
description?: pulumi.Input<string>;
|
|
1038
1053
|
disableAutoneg?: pulumi.Input<boolean>;
|
|
1039
1054
|
/**
|
|
@@ -1045,13 +1060,11 @@ export declare namespace device {
|
|
|
1045
1060
|
*/
|
|
1046
1061
|
dslType?: pulumi.Input<string>;
|
|
1047
1062
|
/**
|
|
1048
|
-
* if `wanType`==`dsl
|
|
1049
|
-
* 16 bit int
|
|
1063
|
+
* if `wanType`==`dsl`, 16 bit int
|
|
1050
1064
|
*/
|
|
1051
1065
|
dslVci?: pulumi.Input<number>;
|
|
1052
1066
|
/**
|
|
1053
|
-
* if `wanType`==`dsl
|
|
1054
|
-
* 8 bit int
|
|
1067
|
+
* if `wanType`==`dsl`, 8 bit int
|
|
1055
1068
|
*/
|
|
1056
1069
|
dslVpi?: pulumi.Input<number>;
|
|
1057
1070
|
/**
|
|
@@ -1085,7 +1098,7 @@ export declare namespace device {
|
|
|
1085
1098
|
*/
|
|
1086
1099
|
name?: pulumi.Input<string>;
|
|
1087
1100
|
/**
|
|
1088
|
-
* if `usage`==`lan`
|
|
1101
|
+
* if `usage`==`lan`, name of the `junipermist.org.Network` resource
|
|
1089
1102
|
*/
|
|
1090
1103
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1091
1104
|
/**
|
|
@@ -1094,7 +1107,7 @@ export declare namespace device {
|
|
|
1094
1107
|
outerVlanId?: pulumi.Input<number>;
|
|
1095
1108
|
poeDisabled?: pulumi.Input<boolean>;
|
|
1096
1109
|
/**
|
|
1097
|
-
* if `usage`==`lan
|
|
1110
|
+
* Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
|
|
1098
1111
|
*/
|
|
1099
1112
|
portNetwork?: pulumi.Input<string>;
|
|
1100
1113
|
/**
|
|
@@ -1131,10 +1144,7 @@ export declare namespace device {
|
|
|
1131
1144
|
* port usage name. enum: `haControl`, `haData`, `lan`, `wan`
|
|
1132
1145
|
*/
|
|
1133
1146
|
usage: pulumi.Input<string>;
|
|
1134
|
-
|
|
1135
|
-
* if WAN interface is on a VLAN
|
|
1136
|
-
*/
|
|
1137
|
-
vlanId?: pulumi.Input<number>;
|
|
1147
|
+
vlanId?: pulumi.Input<string>;
|
|
1138
1148
|
/**
|
|
1139
1149
|
* Property key is the VPN name
|
|
1140
1150
|
*/
|
|
@@ -1142,29 +1152,33 @@ export declare namespace device {
|
|
|
1142
1152
|
[key: string]: pulumi.Input<inputs.device.GatewayPortConfigVpnPaths>;
|
|
1143
1153
|
}>;
|
|
1144
1154
|
/**
|
|
1145
|
-
* when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
1155
|
+
* Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
1146
1156
|
*/
|
|
1147
1157
|
wanArpPolicer?: pulumi.Input<string>;
|
|
1148
1158
|
/**
|
|
1149
|
-
*
|
|
1159
|
+
* Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
|
|
1150
1160
|
*/
|
|
1151
1161
|
wanExtIp?: pulumi.Input<string>;
|
|
1152
1162
|
/**
|
|
1153
|
-
* Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
1163
|
+
* Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
1154
1164
|
*/
|
|
1155
1165
|
wanExtraRoutes?: pulumi.Input<{
|
|
1156
1166
|
[key: string]: pulumi.Input<inputs.device.GatewayPortConfigWanExtraRoutes>;
|
|
1157
1167
|
}>;
|
|
1158
1168
|
/**
|
|
1159
|
-
* if `usage`==`wan
|
|
1169
|
+
* Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
|
|
1170
|
+
*/
|
|
1171
|
+
wanNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1172
|
+
/**
|
|
1173
|
+
* Only if `usage`==`wan`
|
|
1160
1174
|
*/
|
|
1161
1175
|
wanProbeOverride?: pulumi.Input<inputs.device.GatewayPortConfigWanProbeOverride>;
|
|
1162
1176
|
/**
|
|
1163
|
-
* optional
|
|
1177
|
+
* Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
|
|
1164
1178
|
*/
|
|
1165
1179
|
wanSourceNat?: pulumi.Input<inputs.device.GatewayPortConfigWanSourceNat>;
|
|
1166
1180
|
/**
|
|
1167
|
-
* if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
1181
|
+
* Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
1168
1182
|
*/
|
|
1169
1183
|
wanType?: pulumi.Input<string>;
|
|
1170
1184
|
}
|
|
@@ -1178,12 +1192,15 @@ export declare namespace device {
|
|
|
1178
1192
|
*/
|
|
1179
1193
|
dnsSuffixes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1180
1194
|
/**
|
|
1181
|
-
* except for out-of_band interface (vme/em0/fxp0)
|
|
1195
|
+
* except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
|
|
1182
1196
|
*/
|
|
1183
1197
|
gateway?: pulumi.Input<string>;
|
|
1198
|
+
/**
|
|
1199
|
+
* Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
|
|
1200
|
+
*/
|
|
1184
1201
|
ip?: pulumi.Input<string>;
|
|
1185
1202
|
/**
|
|
1186
|
-
* used only if `subnet` is not specified in `networks
|
|
1203
|
+
* used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
|
|
1187
1204
|
*/
|
|
1188
1205
|
netmask?: pulumi.Input<string>;
|
|
1189
1206
|
/**
|
|
@@ -1209,11 +1226,14 @@ export declare namespace device {
|
|
|
1209
1226
|
}
|
|
1210
1227
|
interface GatewayPortConfigTrafficShaping {
|
|
1211
1228
|
/**
|
|
1212
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
1213
|
-
* sum must be equal to 100
|
|
1229
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
1214
1230
|
*/
|
|
1215
1231
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
1216
1232
|
enabled?: pulumi.Input<boolean>;
|
|
1233
|
+
/**
|
|
1234
|
+
* Interface Transmit Cap in kbps
|
|
1235
|
+
*/
|
|
1236
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
1217
1237
|
}
|
|
1218
1238
|
interface GatewayPortConfigVpnPaths {
|
|
1219
1239
|
/**
|
|
@@ -1240,11 +1260,14 @@ export declare namespace device {
|
|
|
1240
1260
|
}
|
|
1241
1261
|
interface GatewayPortConfigVpnPathsTrafficShaping {
|
|
1242
1262
|
/**
|
|
1243
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
1244
|
-
* sum must be equal to 100
|
|
1263
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
1245
1264
|
*/
|
|
1246
1265
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
1247
1266
|
enabled?: pulumi.Input<boolean>;
|
|
1267
|
+
/**
|
|
1268
|
+
* Interface Transmit Cap in kbps
|
|
1269
|
+
*/
|
|
1270
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
1248
1271
|
}
|
|
1249
1272
|
interface GatewayPortConfigWanExtraRoutes {
|
|
1250
1273
|
via?: pulumi.Input<string>;
|
|
@@ -1299,6 +1322,10 @@ export declare namespace device {
|
|
|
1299
1322
|
* for SSR, hub decides how VRF routes are leaked on spoke
|
|
1300
1323
|
*/
|
|
1301
1324
|
addTargetVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1325
|
+
/**
|
|
1326
|
+
* route aggregation
|
|
1327
|
+
*/
|
|
1328
|
+
aggregates?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1302
1329
|
/**
|
|
1303
1330
|
* when used as export policy, optional
|
|
1304
1331
|
*/
|
|
@@ -1343,16 +1370,14 @@ export declare namespace device {
|
|
|
1343
1370
|
vpnNeighborMacs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1344
1371
|
vpnPathSla?: pulumi.Input<inputs.device.GatewayRoutingPoliciesTermMatchingVpnPathSla>;
|
|
1345
1372
|
/**
|
|
1346
|
-
* overlay-facing criteria (used for bgpConfig where via=vpn)
|
|
1347
|
-
* ordered-
|
|
1373
|
+
* overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
|
|
1348
1374
|
*/
|
|
1349
1375
|
vpnPaths?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1350
1376
|
}
|
|
1351
1377
|
interface GatewayRoutingPoliciesTermMatchingRouteExists {
|
|
1352
1378
|
route?: pulumi.Input<string>;
|
|
1353
1379
|
/**
|
|
1354
|
-
* name of the vrf instance
|
|
1355
|
-
* it can also be the name of the VPN or wan if they
|
|
1380
|
+
* name of the vrf instance, it can also be the name of the VPN or wan if they
|
|
1356
1381
|
*/
|
|
1357
1382
|
vrfName?: pulumi.Input<string>;
|
|
1358
1383
|
}
|
|
@@ -1381,8 +1406,7 @@ export declare namespace device {
|
|
|
1381
1406
|
*/
|
|
1382
1407
|
name?: pulumi.Input<string>;
|
|
1383
1408
|
/**
|
|
1384
|
-
* by default, we derive all paths available and use them
|
|
1385
|
-
* optionally, you can customize by using `pathPreference`
|
|
1409
|
+
* by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
|
|
1386
1410
|
*/
|
|
1387
1411
|
pathPreference?: pulumi.Input<string>;
|
|
1388
1412
|
/**
|
|
@@ -1425,70 +1449,81 @@ export declare namespace device {
|
|
|
1425
1449
|
interface GatewayTunnelConfigs {
|
|
1426
1450
|
autoProvision?: pulumi.Input<inputs.device.GatewayTunnelConfigsAutoProvision>;
|
|
1427
1451
|
/**
|
|
1428
|
-
* Only if `provider
|
|
1452
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
1429
1453
|
*/
|
|
1430
1454
|
ikeLifetime?: pulumi.Input<number>;
|
|
1431
1455
|
/**
|
|
1432
|
-
* Only if `provider
|
|
1456
|
+
* Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
|
|
1433
1457
|
*/
|
|
1434
1458
|
ikeMode?: pulumi.Input<string>;
|
|
1435
1459
|
/**
|
|
1436
|
-
* if `provider
|
|
1460
|
+
* if `provider`==`custom-ipsec`
|
|
1437
1461
|
*/
|
|
1438
1462
|
ikeProposals?: pulumi.Input<pulumi.Input<inputs.device.GatewayTunnelConfigsIkeProposal>[]>;
|
|
1439
1463
|
/**
|
|
1440
|
-
* if `provider
|
|
1464
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
1441
1465
|
*/
|
|
1442
1466
|
ipsecLifetime?: pulumi.Input<number>;
|
|
1443
1467
|
/**
|
|
1444
|
-
* Only if `provider
|
|
1468
|
+
* Only if `provider`==`custom-ipsec`
|
|
1445
1469
|
*/
|
|
1446
1470
|
ipsecProposals?: pulumi.Input<pulumi.Input<inputs.device.GatewayTunnelConfigsIpsecProposal>[]>;
|
|
1447
1471
|
/**
|
|
1448
|
-
*
|
|
1449
|
-
* * `provider`== `zscaler-ipsec`
|
|
1450
|
-
* * `provider`==`jse-ipsec`
|
|
1451
|
-
* * `provider`== `custom-ipsec`
|
|
1472
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1452
1473
|
*/
|
|
1453
1474
|
localId?: pulumi.Input<string>;
|
|
1454
1475
|
/**
|
|
1455
|
-
* enum: `active-active`, `active-standby`
|
|
1476
|
+
* Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
|
|
1456
1477
|
*/
|
|
1457
1478
|
mode?: pulumi.Input<string>;
|
|
1458
1479
|
/**
|
|
1459
|
-
* networks reachable via this tunnel
|
|
1480
|
+
* if `provider`==`custom-ipsec`, networks reachable via this tunnel
|
|
1460
1481
|
*/
|
|
1461
1482
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1483
|
+
/**
|
|
1484
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1485
|
+
*/
|
|
1462
1486
|
primary?: pulumi.Input<inputs.device.GatewayTunnelConfigsPrimary>;
|
|
1463
1487
|
/**
|
|
1464
|
-
* Only if `provider
|
|
1488
|
+
* Only if `provider`==`custom-ipsec`
|
|
1465
1489
|
*/
|
|
1466
1490
|
probe?: pulumi.Input<inputs.device.GatewayTunnelConfigsProbe>;
|
|
1467
1491
|
/**
|
|
1468
|
-
* Only if `provider
|
|
1492
|
+
* Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
|
|
1469
1493
|
*/
|
|
1470
1494
|
protocol?: pulumi.Input<string>;
|
|
1471
1495
|
/**
|
|
1472
|
-
* enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
1496
|
+
* Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
1473
1497
|
*/
|
|
1474
1498
|
provider?: pulumi.Input<string>;
|
|
1475
1499
|
/**
|
|
1476
|
-
*
|
|
1477
|
-
* * `provider`== `zscaler-ipsec`
|
|
1478
|
-
* * `provider`==`jse-ipsec`
|
|
1479
|
-
* * `provider`== `custom-ipsec`
|
|
1500
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1480
1501
|
*/
|
|
1481
1502
|
psk?: pulumi.Input<string>;
|
|
1503
|
+
/**
|
|
1504
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1505
|
+
*/
|
|
1482
1506
|
secondary?: pulumi.Input<inputs.device.GatewayTunnelConfigsSecondary>;
|
|
1483
1507
|
/**
|
|
1484
|
-
* Only if `provider
|
|
1508
|
+
* Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
|
|
1485
1509
|
*/
|
|
1486
1510
|
version?: pulumi.Input<string>;
|
|
1487
1511
|
}
|
|
1488
1512
|
interface GatewayTunnelConfigsAutoProvision {
|
|
1489
1513
|
enable?: pulumi.Input<boolean>;
|
|
1514
|
+
/**
|
|
1515
|
+
* API override for POP selection
|
|
1516
|
+
*/
|
|
1490
1517
|
latlng?: pulumi.Input<inputs.device.GatewayTunnelConfigsAutoProvisionLatlng>;
|
|
1491
1518
|
primary?: pulumi.Input<inputs.device.GatewayTunnelConfigsAutoProvisionPrimary>;
|
|
1519
|
+
/**
|
|
1520
|
+
* enum: `jse-ipsec`, `zscaler-ipsec`
|
|
1521
|
+
*/
|
|
1522
|
+
provider: pulumi.Input<string>;
|
|
1523
|
+
/**
|
|
1524
|
+
* API override for POP selection
|
|
1525
|
+
*/
|
|
1526
|
+
region?: pulumi.Input<string>;
|
|
1492
1527
|
secondary?: pulumi.Input<inputs.device.GatewayTunnelConfigsAutoProvisionSecondary>;
|
|
1493
1528
|
}
|
|
1494
1529
|
interface GatewayTunnelConfigsAutoProvisionLatlng {
|
|
@@ -1496,14 +1531,14 @@ export declare namespace device {
|
|
|
1496
1531
|
lng: pulumi.Input<number>;
|
|
1497
1532
|
}
|
|
1498
1533
|
interface GatewayTunnelConfigsAutoProvisionPrimary {
|
|
1499
|
-
|
|
1534
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1500
1535
|
/**
|
|
1501
1536
|
* optional, only needed if `varsOnly`==`false`
|
|
1502
1537
|
*/
|
|
1503
1538
|
wanNames?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1504
1539
|
}
|
|
1505
1540
|
interface GatewayTunnelConfigsAutoProvisionSecondary {
|
|
1506
|
-
|
|
1541
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1507
1542
|
/**
|
|
1508
1543
|
* optional, only needed if `varsOnly`==`false`
|
|
1509
1544
|
*/
|
|
@@ -1539,7 +1574,7 @@ export declare namespace device {
|
|
|
1539
1574
|
*/
|
|
1540
1575
|
authAlgo?: pulumi.Input<string>;
|
|
1541
1576
|
/**
|
|
1542
|
-
* Only if `provider
|
|
1577
|
+
* Only if `provider`==`custom-ipsec`. enum:
|
|
1543
1578
|
* * 1
|
|
1544
1579
|
* * 2 (1024-bit)
|
|
1545
1580
|
* * 5
|
|
@@ -1558,19 +1593,17 @@ export declare namespace device {
|
|
|
1558
1593
|
encAlgo?: pulumi.Input<string>;
|
|
1559
1594
|
}
|
|
1560
1595
|
interface GatewayTunnelConfigsPrimary {
|
|
1561
|
-
hosts
|
|
1596
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
1562
1597
|
/**
|
|
1563
|
-
* Only if
|
|
1564
|
-
* * `provider`== `zscaler-gre`
|
|
1565
|
-
* * `provider`== `custom-gre`
|
|
1598
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
1566
1599
|
*/
|
|
1567
1600
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1568
1601
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1569
1602
|
/**
|
|
1570
|
-
* Only if
|
|
1603
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1571
1604
|
*/
|
|
1572
1605
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1573
|
-
wanNames
|
|
1606
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
1574
1607
|
}
|
|
1575
1608
|
interface GatewayTunnelConfigsProbe {
|
|
1576
1609
|
/**
|
|
@@ -1591,19 +1624,17 @@ export declare namespace device {
|
|
|
1591
1624
|
type?: pulumi.Input<string>;
|
|
1592
1625
|
}
|
|
1593
1626
|
interface GatewayTunnelConfigsSecondary {
|
|
1594
|
-
hosts
|
|
1627
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
1595
1628
|
/**
|
|
1596
|
-
* Only if
|
|
1597
|
-
* * `provider`== `zscaler-gre`
|
|
1598
|
-
* * `provider`== `custom-gre`
|
|
1629
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
1599
1630
|
*/
|
|
1600
1631
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1601
1632
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1602
1633
|
/**
|
|
1603
|
-
* Only if
|
|
1634
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
1604
1635
|
*/
|
|
1605
1636
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1606
|
-
wanNames
|
|
1637
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
1607
1638
|
}
|
|
1608
1639
|
interface GatewayTunnelProviderOptions {
|
|
1609
1640
|
/**
|
|
@@ -1616,74 +1647,125 @@ export declare namespace device {
|
|
|
1616
1647
|
zscaler?: pulumi.Input<inputs.device.GatewayTunnelProviderOptionsZscaler>;
|
|
1617
1648
|
}
|
|
1618
1649
|
interface GatewayTunnelProviderOptionsJse {
|
|
1619
|
-
name?: pulumi.Input<string>;
|
|
1620
1650
|
numUsers?: pulumi.Input<number>;
|
|
1651
|
+
/**
|
|
1652
|
+
* JSE Organization name
|
|
1653
|
+
*/
|
|
1654
|
+
orgName?: pulumi.Input<string>;
|
|
1621
1655
|
}
|
|
1622
1656
|
interface GatewayTunnelProviderOptionsZscaler {
|
|
1623
|
-
|
|
1657
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
1624
1658
|
/**
|
|
1625
|
-
*
|
|
1659
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
1626
1660
|
*/
|
|
1627
|
-
|
|
1661
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
1628
1662
|
/**
|
|
1629
1663
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
1630
1664
|
*/
|
|
1631
|
-
|
|
1665
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
1632
1666
|
/**
|
|
1633
|
-
*
|
|
1667
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
1634
1668
|
*/
|
|
1635
|
-
|
|
1669
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
1636
1670
|
/**
|
|
1637
|
-
*
|
|
1671
|
+
* Enable this option to enforce user authentication
|
|
1638
1672
|
*/
|
|
1639
|
-
|
|
1673
|
+
authRequired?: pulumi.Input<boolean>;
|
|
1640
1674
|
/**
|
|
1641
|
-
* when `
|
|
1675
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
1642
1676
|
*/
|
|
1643
|
-
|
|
1644
|
-
enforceAuthentication?: pulumi.Input<boolean>;
|
|
1645
|
-
name?: pulumi.Input<string>;
|
|
1677
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
1646
1678
|
/**
|
|
1647
|
-
* if
|
|
1679
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
1680
|
+
*/
|
|
1681
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
1682
|
+
/**
|
|
1683
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
1684
|
+
*/
|
|
1685
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
1686
|
+
/**
|
|
1687
|
+
* if `true`, enable the firewall control option
|
|
1688
|
+
*/
|
|
1689
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
1690
|
+
/**
|
|
1691
|
+
* `sub-locations` can be used for specific uses cases to define different configuration based on the user network
|
|
1648
1692
|
*/
|
|
1649
1693
|
subLocations?: pulumi.Input<pulumi.Input<inputs.device.GatewayTunnelProviderOptionsZscalerSubLocation>[]>;
|
|
1650
1694
|
/**
|
|
1651
|
-
* the
|
|
1695
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
1696
|
+
*/
|
|
1697
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
1698
|
+
/**
|
|
1699
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
1652
1700
|
*/
|
|
1653
|
-
|
|
1701
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
1702
|
+
/**
|
|
1703
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
1704
|
+
*/
|
|
1705
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
1706
|
+
/**
|
|
1707
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
1708
|
+
*/
|
|
1709
|
+
upBandwidth?: pulumi.Input<number>;
|
|
1654
1710
|
/**
|
|
1655
1711
|
* location uses proxy chaining to forward traffic
|
|
1656
1712
|
*/
|
|
1657
|
-
|
|
1713
|
+
xffForwardEnabled?: pulumi.Input<boolean>;
|
|
1658
1714
|
}
|
|
1659
1715
|
interface GatewayTunnelProviderOptionsZscalerSubLocation {
|
|
1660
|
-
|
|
1716
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
1661
1717
|
/**
|
|
1662
|
-
*
|
|
1718
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
1663
1719
|
*/
|
|
1664
|
-
|
|
1720
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
1665
1721
|
/**
|
|
1666
1722
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
1667
1723
|
*/
|
|
1668
|
-
|
|
1724
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
1669
1725
|
/**
|
|
1670
|
-
*
|
|
1726
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
1671
1727
|
*/
|
|
1672
|
-
|
|
1728
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
1673
1729
|
/**
|
|
1674
|
-
*
|
|
1730
|
+
* Enable this option to authenticate users
|
|
1675
1731
|
*/
|
|
1676
|
-
|
|
1732
|
+
authRequired?: pulumi.Input<boolean>;
|
|
1677
1733
|
/**
|
|
1678
|
-
* when `
|
|
1734
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
1679
1735
|
*/
|
|
1680
|
-
|
|
1681
|
-
|
|
1682
|
-
|
|
1736
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
1737
|
+
/**
|
|
1738
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
1739
|
+
*/
|
|
1740
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
1741
|
+
/**
|
|
1742
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
1743
|
+
*/
|
|
1744
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
1745
|
+
/**
|
|
1746
|
+
* Network name
|
|
1747
|
+
*/
|
|
1748
|
+
name?: pulumi.Input<string>;
|
|
1749
|
+
/**
|
|
1750
|
+
* if `true`, enable the firewall control option
|
|
1751
|
+
*/
|
|
1752
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
1753
|
+
/**
|
|
1754
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
1755
|
+
*/
|
|
1756
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
1683
1757
|
/**
|
|
1684
|
-
*
|
|
1758
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
1685
1759
|
*/
|
|
1686
|
-
|
|
1760
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
1761
|
+
/**
|
|
1762
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
1763
|
+
*/
|
|
1764
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
1765
|
+
/**
|
|
1766
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
1767
|
+
*/
|
|
1768
|
+
upBandwidth?: pulumi.Input<number>;
|
|
1687
1769
|
}
|
|
1688
1770
|
interface GatewayVrfConfig {
|
|
1689
1771
|
/**
|
|
@@ -1696,14 +1778,16 @@ export declare namespace device {
|
|
|
1696
1778
|
}
|
|
1697
1779
|
interface SwitchAclPolicy {
|
|
1698
1780
|
/**
|
|
1699
|
-
*
|
|
1700
|
-
*
|
|
1781
|
+
* ACL Policy Actions:
|
|
1782
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
1783
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
1701
1784
|
*/
|
|
1702
1785
|
actions?: pulumi.Input<pulumi.Input<inputs.device.SwitchAclPolicyAction>[]>;
|
|
1703
1786
|
name?: pulumi.Input<string>;
|
|
1704
1787
|
/**
|
|
1705
|
-
*
|
|
1706
|
-
*
|
|
1788
|
+
* ACL Policy Source Tags:
|
|
1789
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
1790
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
1707
1791
|
*/
|
|
1708
1792
|
srcTags?: pulumi.Input<pulumi.Input<string>[]>;
|
|
1709
1793
|
}
|
|
@@ -1717,9 +1801,9 @@ export declare namespace device {
|
|
|
1717
1801
|
interface SwitchAclTags {
|
|
1718
1802
|
/**
|
|
1719
1803
|
* required if
|
|
1720
|
-
*
|
|
1721
|
-
*
|
|
1722
|
-
*
|
|
1804
|
+
* - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
|
|
1805
|
+
* - `type`==`gbpResource`
|
|
1806
|
+
* - `type`==`staticGbp` (applying gbp tag against matching conditions)
|
|
1723
1807
|
*/
|
|
1724
1808
|
gbpTag?: pulumi.Input<number>;
|
|
1725
1809
|
/**
|
|
@@ -1745,8 +1829,7 @@ export declare namespace device {
|
|
|
1745
1829
|
*/
|
|
1746
1830
|
radiusGroup?: pulumi.Input<string>;
|
|
1747
1831
|
/**
|
|
1748
|
-
* if `type`==`resource` or `type`==`gbpResource
|
|
1749
|
-
* empty means unrestricted, i.e. any
|
|
1832
|
+
* if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
|
|
1750
1833
|
*/
|
|
1751
1834
|
specs?: pulumi.Input<pulumi.Input<inputs.device.SwitchAclTagsSpec>[]>;
|
|
1752
1835
|
/**
|
|
@@ -1776,7 +1859,7 @@ export declare namespace device {
|
|
|
1776
1859
|
*/
|
|
1777
1860
|
portRange?: pulumi.Input<string>;
|
|
1778
1861
|
/**
|
|
1779
|
-
* `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number
|
|
1862
|
+
* `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
|
|
1780
1863
|
*/
|
|
1781
1864
|
protocol?: pulumi.Input<string>;
|
|
1782
1865
|
}
|
|
@@ -1901,13 +1984,6 @@ export declare namespace device {
|
|
|
1901
1984
|
type?: pulumi.Input<string>;
|
|
1902
1985
|
value?: pulumi.Input<string>;
|
|
1903
1986
|
}
|
|
1904
|
-
interface SwitchEvpnConfig {
|
|
1905
|
-
enabled?: pulumi.Input<boolean>;
|
|
1906
|
-
/**
|
|
1907
|
-
* enum: `access`, `collapsed-core`, `core`, `distribution`, `esilag-access`, `none`
|
|
1908
|
-
*/
|
|
1909
|
-
role?: pulumi.Input<string>;
|
|
1910
|
-
}
|
|
1911
1987
|
interface SwitchExtraRoutes {
|
|
1912
1988
|
/**
|
|
1913
1989
|
* this takes precedence
|
|
@@ -1975,9 +2051,7 @@ export declare namespace device {
|
|
|
1975
2051
|
*/
|
|
1976
2052
|
allNetworks?: pulumi.Input<boolean>;
|
|
1977
2053
|
/**
|
|
1978
|
-
* If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
|
|
1979
|
-
* All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
|
|
1980
|
-
* When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
2054
|
+
* If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
1981
2055
|
*/
|
|
1982
2056
|
allowDhcpd?: pulumi.Input<boolean>;
|
|
1983
2057
|
allowMultipleSupplicants?: pulumi.Input<boolean>;
|
|
@@ -2016,8 +2090,7 @@ export declare namespace device {
|
|
|
2016
2090
|
*/
|
|
2017
2091
|
guestNetwork?: pulumi.Input<string>;
|
|
2018
2092
|
/**
|
|
2019
|
-
* inter_switch_link is used together with "isolation" under networks
|
|
2020
|
-
* NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
2093
|
+
* inter_switch_link is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
2021
2094
|
*/
|
|
2022
2095
|
interSwitchLink?: pulumi.Input<boolean>;
|
|
2023
2096
|
/**
|
|
@@ -2048,6 +2121,10 @@ export declare namespace device {
|
|
|
2048
2121
|
* Only if `mode`==`trunk`, the list of network/vlans
|
|
2049
2122
|
*/
|
|
2050
2123
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
2124
|
+
/**
|
|
2125
|
+
* Additional note for the port config override
|
|
2126
|
+
*/
|
|
2127
|
+
note?: pulumi.Input<string>;
|
|
2051
2128
|
/**
|
|
2052
2129
|
* Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
|
|
2053
2130
|
*/
|
|
@@ -2139,8 +2216,7 @@ export declare namespace device {
|
|
|
2139
2216
|
*/
|
|
2140
2217
|
gateway6?: pulumi.Input<string>;
|
|
2141
2218
|
/**
|
|
2142
|
-
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
|
|
2143
|
-
* NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
2219
|
+
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
2144
2220
|
*/
|
|
2145
2221
|
isolation?: pulumi.Input<boolean>;
|
|
2146
2222
|
isolationVlanId?: pulumi.Input<string>;
|
|
@@ -2330,9 +2406,7 @@ export declare namespace device {
|
|
|
2330
2406
|
*/
|
|
2331
2407
|
allNetworks?: pulumi.Input<boolean>;
|
|
2332
2408
|
/**
|
|
2333
|
-
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
|
|
2334
|
-
* All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
|
|
2335
|
-
* When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
2409
|
+
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
2336
2410
|
*/
|
|
2337
2411
|
allowDhcpd?: pulumi.Input<boolean>;
|
|
2338
2412
|
/**
|
|
@@ -2380,8 +2454,7 @@ export declare namespace device {
|
|
|
2380
2454
|
*/
|
|
2381
2455
|
guestNetwork?: pulumi.Input<string>;
|
|
2382
2456
|
/**
|
|
2383
|
-
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
|
|
2384
|
-
* NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
2457
|
+
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
2385
2458
|
*/
|
|
2386
2459
|
interSwitchLink?: pulumi.Input<boolean>;
|
|
2387
2460
|
/**
|
|
@@ -2453,8 +2526,7 @@ export declare namespace device {
|
|
|
2453
2526
|
*/
|
|
2454
2527
|
speed?: pulumi.Input<string>;
|
|
2455
2528
|
/**
|
|
2456
|
-
* Switch storm control
|
|
2457
|
-
* Only if `mode`!=`dynamic`
|
|
2529
|
+
* Switch storm control. Only if `mode`!=`dynamic`
|
|
2458
2530
|
*/
|
|
2459
2531
|
stormControl?: pulumi.Input<inputs.device.SwitchPortUsagesStormControl>;
|
|
2460
2532
|
/**
|
|
@@ -2531,8 +2603,7 @@ export declare namespace device {
|
|
|
2531
2603
|
*/
|
|
2532
2604
|
authServersTimeout?: pulumi.Input<number>;
|
|
2533
2605
|
/**
|
|
2534
|
-
* use `network`or `sourceIp
|
|
2535
|
-
* which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
2606
|
+
* use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
2536
2607
|
*/
|
|
2537
2608
|
network?: pulumi.Input<string>;
|
|
2538
2609
|
/**
|
|
@@ -2812,8 +2883,7 @@ export declare namespace device {
|
|
|
2812
2883
|
}
|
|
2813
2884
|
interface SwitchSnmpConfigV3ConfigUsmUser {
|
|
2814
2885
|
/**
|
|
2815
|
-
* Not required if `authenticationType`==`authenticationNone
|
|
2816
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
2886
|
+
* Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
2817
2887
|
*/
|
|
2818
2888
|
authenticationPassword?: pulumi.Input<string>;
|
|
2819
2889
|
/**
|
|
@@ -2821,8 +2891,7 @@ export declare namespace device {
|
|
|
2821
2891
|
*/
|
|
2822
2892
|
authenticationType?: pulumi.Input<string>;
|
|
2823
2893
|
/**
|
|
2824
|
-
* Not required if `encryptionType`==`privacy-none
|
|
2825
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
2894
|
+
* Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
2826
2895
|
*/
|
|
2827
2896
|
encryptionPassword?: pulumi.Input<string>;
|
|
2828
2897
|
/**
|
|
@@ -3610,8 +3679,7 @@ export declare namespace org {
|
|
|
3610
3679
|
*/
|
|
3611
3680
|
exportPolicy?: pulumi.Input<string>;
|
|
3612
3681
|
/**
|
|
3613
|
-
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
|
|
3614
|
-
* for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
3682
|
+
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
3615
3683
|
*/
|
|
3616
3684
|
extendedV4Nexthop?: pulumi.Input<boolean>;
|
|
3617
3685
|
/**
|
|
@@ -3847,6 +3915,9 @@ export declare namespace org {
|
|
|
3847
3915
|
routedForNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
3848
3916
|
subnet: pulumi.Input<string>;
|
|
3849
3917
|
subnet6?: pulumi.Input<string>;
|
|
3918
|
+
/**
|
|
3919
|
+
* Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
|
|
3920
|
+
*/
|
|
3850
3921
|
tenants?: pulumi.Input<{
|
|
3851
3922
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkTenants>;
|
|
3852
3923
|
}>;
|
|
@@ -3864,7 +3935,7 @@ export declare namespace org {
|
|
|
3864
3935
|
interface DeviceprofileGatewayNetworkInternetAccess {
|
|
3865
3936
|
createSimpleServicePolicy?: pulumi.Input<boolean>;
|
|
3866
3937
|
/**
|
|
3867
|
-
* Property key
|
|
3938
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
3868
3939
|
*/
|
|
3869
3940
|
destinationNat?: pulumi.Input<{
|
|
3870
3941
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkInternetAccessDestinationNat>;
|
|
@@ -3875,22 +3946,35 @@ export declare namespace org {
|
|
|
3875
3946
|
*/
|
|
3876
3947
|
restricted?: pulumi.Input<boolean>;
|
|
3877
3948
|
/**
|
|
3878
|
-
* Property key may be an IP Address (i.e. "
|
|
3949
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
3879
3950
|
*/
|
|
3880
3951
|
staticNat?: pulumi.Input<{
|
|
3881
3952
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkInternetAccessStaticNat>;
|
|
3882
3953
|
}>;
|
|
3883
3954
|
}
|
|
3884
3955
|
interface DeviceprofileGatewayNetworkInternetAccessDestinationNat {
|
|
3956
|
+
/**
|
|
3957
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
3958
|
+
*/
|
|
3885
3959
|
internalIp?: pulumi.Input<string>;
|
|
3886
3960
|
name?: pulumi.Input<string>;
|
|
3887
|
-
|
|
3961
|
+
/**
|
|
3962
|
+
* The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
|
|
3963
|
+
*/
|
|
3964
|
+
port?: pulumi.Input<string>;
|
|
3965
|
+
/**
|
|
3966
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
|
|
3967
|
+
*/
|
|
3968
|
+
wanName?: pulumi.Input<string>;
|
|
3888
3969
|
}
|
|
3889
3970
|
interface DeviceprofileGatewayNetworkInternetAccessStaticNat {
|
|
3890
|
-
internalIp?: pulumi.Input<string>;
|
|
3891
|
-
name?: pulumi.Input<string>;
|
|
3892
3971
|
/**
|
|
3893
|
-
*
|
|
3972
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
3973
|
+
*/
|
|
3974
|
+
internalIp: pulumi.Input<string>;
|
|
3975
|
+
name: pulumi.Input<string>;
|
|
3976
|
+
/**
|
|
3977
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
|
|
3894
3978
|
*/
|
|
3895
3979
|
wanName?: pulumi.Input<string>;
|
|
3896
3980
|
}
|
|
@@ -3926,7 +4010,7 @@ export declare namespace org {
|
|
|
3926
4010
|
*/
|
|
3927
4011
|
allowPing?: pulumi.Input<boolean>;
|
|
3928
4012
|
/**
|
|
3929
|
-
* Property key
|
|
4013
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
3930
4014
|
*/
|
|
3931
4015
|
destinationNat?: pulumi.Input<{
|
|
3932
4016
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkVpnAccessDestinationNat>;
|
|
@@ -3944,13 +4028,11 @@ export declare namespace org {
|
|
|
3944
4028
|
*/
|
|
3945
4029
|
noReadvertiseToLanOspf?: pulumi.Input<boolean>;
|
|
3946
4030
|
/**
|
|
3947
|
-
* toward overlay
|
|
3948
|
-
* how HUB should deal with routes it received from Spokes
|
|
4031
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
3949
4032
|
*/
|
|
3950
4033
|
noReadvertiseToOverlay?: pulumi.Input<boolean>;
|
|
3951
4034
|
/**
|
|
3952
|
-
* by default, the routes are only readvertised toward the same vrf on spoke
|
|
3953
|
-
* to allow it to be leaked to other vrfs
|
|
4035
|
+
* by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
|
|
3954
4036
|
*/
|
|
3955
4037
|
otherVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
3956
4038
|
/**
|
|
@@ -3962,14 +4044,13 @@ export declare namespace org {
|
|
|
3962
4044
|
*/
|
|
3963
4045
|
sourceNat?: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkVpnAccessSourceNat>;
|
|
3964
4046
|
/**
|
|
3965
|
-
* Property key may be an IP Address (i.e. "
|
|
4047
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
3966
4048
|
*/
|
|
3967
4049
|
staticNat?: pulumi.Input<{
|
|
3968
4050
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayNetworkVpnAccessStaticNat>;
|
|
3969
4051
|
}>;
|
|
3970
4052
|
/**
|
|
3971
|
-
* toward overlay
|
|
3972
|
-
* how HUB should deal with routes it received from Spokes
|
|
4053
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
3973
4054
|
*/
|
|
3974
4055
|
summarizedSubnet?: pulumi.Input<string>;
|
|
3975
4056
|
/**
|
|
@@ -3982,20 +4063,22 @@ export declare namespace org {
|
|
|
3982
4063
|
summarizedSubnetToLanOspf?: pulumi.Input<string>;
|
|
3983
4064
|
}
|
|
3984
4065
|
interface DeviceprofileGatewayNetworkVpnAccessDestinationNat {
|
|
4066
|
+
/**
|
|
4067
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
4068
|
+
*/
|
|
3985
4069
|
internalIp?: pulumi.Input<string>;
|
|
3986
4070
|
name?: pulumi.Input<string>;
|
|
3987
|
-
port?: pulumi.Input<
|
|
4071
|
+
port?: pulumi.Input<string>;
|
|
3988
4072
|
}
|
|
3989
4073
|
interface DeviceprofileGatewayNetworkVpnAccessSourceNat {
|
|
3990
4074
|
externalIp?: pulumi.Input<string>;
|
|
3991
4075
|
}
|
|
3992
4076
|
interface DeviceprofileGatewayNetworkVpnAccessStaticNat {
|
|
3993
|
-
internalIp?: pulumi.Input<string>;
|
|
3994
|
-
name?: pulumi.Input<string>;
|
|
3995
4077
|
/**
|
|
3996
|
-
*
|
|
4078
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
3997
4079
|
*/
|
|
3998
|
-
|
|
4080
|
+
internalIp: pulumi.Input<string>;
|
|
4081
|
+
name: pulumi.Input<string>;
|
|
3999
4082
|
}
|
|
4000
4083
|
interface DeviceprofileGatewayOobIpConfig {
|
|
4001
4084
|
/**
|
|
@@ -4106,9 +4189,7 @@ export declare namespace org {
|
|
|
4106
4189
|
*/
|
|
4107
4190
|
aeIdx?: pulumi.Input<string>;
|
|
4108
4191
|
/**
|
|
4109
|
-
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability
|
|
4110
|
-
* Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
|
|
4111
|
-
* Note: Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
4192
|
+
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
4112
4193
|
*/
|
|
4113
4194
|
aeLacpForceUp?: pulumi.Input<boolean>;
|
|
4114
4195
|
aggregated?: pulumi.Input<boolean>;
|
|
@@ -4116,6 +4197,9 @@ export declare namespace org {
|
|
|
4116
4197
|
* if want to generate port up/down alarm, set it to true
|
|
4117
4198
|
*/
|
|
4118
4199
|
critical?: pulumi.Input<boolean>;
|
|
4200
|
+
/**
|
|
4201
|
+
* Interface Description. Can be a variable (i.e. "{{myvar}}")
|
|
4202
|
+
*/
|
|
4119
4203
|
description?: pulumi.Input<string>;
|
|
4120
4204
|
disableAutoneg?: pulumi.Input<boolean>;
|
|
4121
4205
|
/**
|
|
@@ -4127,13 +4211,11 @@ export declare namespace org {
|
|
|
4127
4211
|
*/
|
|
4128
4212
|
dslType?: pulumi.Input<string>;
|
|
4129
4213
|
/**
|
|
4130
|
-
* if `wanType`==`dsl
|
|
4131
|
-
* 16 bit int
|
|
4214
|
+
* if `wanType`==`dsl`, 16 bit int
|
|
4132
4215
|
*/
|
|
4133
4216
|
dslVci?: pulumi.Input<number>;
|
|
4134
4217
|
/**
|
|
4135
|
-
* if `wanType`==`dsl
|
|
4136
|
-
* 8 bit int
|
|
4218
|
+
* if `wanType`==`dsl`, 8 bit int
|
|
4137
4219
|
*/
|
|
4138
4220
|
dslVpi?: pulumi.Input<number>;
|
|
4139
4221
|
/**
|
|
@@ -4167,7 +4249,7 @@ export declare namespace org {
|
|
|
4167
4249
|
*/
|
|
4168
4250
|
name?: pulumi.Input<string>;
|
|
4169
4251
|
/**
|
|
4170
|
-
* if `usage`==`lan`
|
|
4252
|
+
* if `usage`==`lan`, name of the `junipermist.org.Network` resource
|
|
4171
4253
|
*/
|
|
4172
4254
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4173
4255
|
/**
|
|
@@ -4176,7 +4258,7 @@ export declare namespace org {
|
|
|
4176
4258
|
outerVlanId?: pulumi.Input<number>;
|
|
4177
4259
|
poeDisabled?: pulumi.Input<boolean>;
|
|
4178
4260
|
/**
|
|
4179
|
-
* if `usage`==`lan
|
|
4261
|
+
* Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
|
|
4180
4262
|
*/
|
|
4181
4263
|
portNetwork?: pulumi.Input<string>;
|
|
4182
4264
|
/**
|
|
@@ -4213,10 +4295,7 @@ export declare namespace org {
|
|
|
4213
4295
|
* port usage name. enum: `haControl`, `haData`, `lan`, `wan`
|
|
4214
4296
|
*/
|
|
4215
4297
|
usage: pulumi.Input<string>;
|
|
4216
|
-
|
|
4217
|
-
* if WAN interface is on a VLAN
|
|
4218
|
-
*/
|
|
4219
|
-
vlanId?: pulumi.Input<number>;
|
|
4298
|
+
vlanId?: pulumi.Input<string>;
|
|
4220
4299
|
/**
|
|
4221
4300
|
* Property key is the VPN name
|
|
4222
4301
|
*/
|
|
@@ -4224,29 +4303,33 @@ export declare namespace org {
|
|
|
4224
4303
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayPortConfigVpnPaths>;
|
|
4225
4304
|
}>;
|
|
4226
4305
|
/**
|
|
4227
|
-
* when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
4306
|
+
* Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
4228
4307
|
*/
|
|
4229
4308
|
wanArpPolicer?: pulumi.Input<string>;
|
|
4230
4309
|
/**
|
|
4231
|
-
*
|
|
4310
|
+
* Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
|
|
4232
4311
|
*/
|
|
4233
4312
|
wanExtIp?: pulumi.Input<string>;
|
|
4234
4313
|
/**
|
|
4235
|
-
* Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
4314
|
+
* Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
4236
4315
|
*/
|
|
4237
4316
|
wanExtraRoutes?: pulumi.Input<{
|
|
4238
4317
|
[key: string]: pulumi.Input<inputs.org.DeviceprofileGatewayPortConfigWanExtraRoutes>;
|
|
4239
4318
|
}>;
|
|
4240
4319
|
/**
|
|
4241
|
-
* if `usage`==`wan
|
|
4320
|
+
* Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
|
|
4321
|
+
*/
|
|
4322
|
+
wanNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4323
|
+
/**
|
|
4324
|
+
* Only if `usage`==`wan`
|
|
4242
4325
|
*/
|
|
4243
4326
|
wanProbeOverride?: pulumi.Input<inputs.org.DeviceprofileGatewayPortConfigWanProbeOverride>;
|
|
4244
4327
|
/**
|
|
4245
|
-
* optional
|
|
4328
|
+
* Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
|
|
4246
4329
|
*/
|
|
4247
4330
|
wanSourceNat?: pulumi.Input<inputs.org.DeviceprofileGatewayPortConfigWanSourceNat>;
|
|
4248
4331
|
/**
|
|
4249
|
-
* if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
4332
|
+
* Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
4250
4333
|
*/
|
|
4251
4334
|
wanType?: pulumi.Input<string>;
|
|
4252
4335
|
}
|
|
@@ -4260,12 +4343,15 @@ export declare namespace org {
|
|
|
4260
4343
|
*/
|
|
4261
4344
|
dnsSuffixes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4262
4345
|
/**
|
|
4263
|
-
* except for out-of_band interface (vme/em0/fxp0)
|
|
4346
|
+
* except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
|
|
4264
4347
|
*/
|
|
4265
4348
|
gateway?: pulumi.Input<string>;
|
|
4349
|
+
/**
|
|
4350
|
+
* Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
|
|
4351
|
+
*/
|
|
4266
4352
|
ip?: pulumi.Input<string>;
|
|
4267
4353
|
/**
|
|
4268
|
-
* used only if `subnet` is not specified in `networks
|
|
4354
|
+
* used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
|
|
4269
4355
|
*/
|
|
4270
4356
|
netmask?: pulumi.Input<string>;
|
|
4271
4357
|
/**
|
|
@@ -4291,11 +4377,14 @@ export declare namespace org {
|
|
|
4291
4377
|
}
|
|
4292
4378
|
interface DeviceprofileGatewayPortConfigTrafficShaping {
|
|
4293
4379
|
/**
|
|
4294
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
4295
|
-
* sum must be equal to 100
|
|
4380
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
4296
4381
|
*/
|
|
4297
4382
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
4298
4383
|
enabled?: pulumi.Input<boolean>;
|
|
4384
|
+
/**
|
|
4385
|
+
* Interface Transmit Cap in kbps
|
|
4386
|
+
*/
|
|
4387
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
4299
4388
|
}
|
|
4300
4389
|
interface DeviceprofileGatewayPortConfigVpnPaths {
|
|
4301
4390
|
/**
|
|
@@ -4322,11 +4411,14 @@ export declare namespace org {
|
|
|
4322
4411
|
}
|
|
4323
4412
|
interface DeviceprofileGatewayPortConfigVpnPathsTrafficShaping {
|
|
4324
4413
|
/**
|
|
4325
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
4326
|
-
* sum must be equal to 100
|
|
4414
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
4327
4415
|
*/
|
|
4328
4416
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
4329
4417
|
enabled?: pulumi.Input<boolean>;
|
|
4418
|
+
/**
|
|
4419
|
+
* Interface Transmit Cap in kbps
|
|
4420
|
+
*/
|
|
4421
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
4330
4422
|
}
|
|
4331
4423
|
interface DeviceprofileGatewayPortConfigWanExtraRoutes {
|
|
4332
4424
|
via?: pulumi.Input<string>;
|
|
@@ -4371,6 +4463,10 @@ export declare namespace org {
|
|
|
4371
4463
|
* for SSR, hub decides how VRF routes are leaked on spoke
|
|
4372
4464
|
*/
|
|
4373
4465
|
addTargetVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4466
|
+
/**
|
|
4467
|
+
* route aggregation
|
|
4468
|
+
*/
|
|
4469
|
+
aggregates?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4374
4470
|
/**
|
|
4375
4471
|
* when used as export policy, optional
|
|
4376
4472
|
*/
|
|
@@ -4415,16 +4511,14 @@ export declare namespace org {
|
|
|
4415
4511
|
vpnNeighborMacs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4416
4512
|
vpnPathSla?: pulumi.Input<inputs.org.DeviceprofileGatewayRoutingPoliciesTermMatchingVpnPathSla>;
|
|
4417
4513
|
/**
|
|
4418
|
-
* overlay-facing criteria (used for bgpConfig where via=vpn)
|
|
4419
|
-
* ordered-
|
|
4514
|
+
* overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
|
|
4420
4515
|
*/
|
|
4421
4516
|
vpnPaths?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4422
4517
|
}
|
|
4423
4518
|
interface DeviceprofileGatewayRoutingPoliciesTermMatchingRouteExists {
|
|
4424
4519
|
route?: pulumi.Input<string>;
|
|
4425
4520
|
/**
|
|
4426
|
-
* name of the vrf instance
|
|
4427
|
-
* it can also be the name of the VPN or wan if they
|
|
4521
|
+
* name of the vrf instance, it can also be the name of the VPN or wan if they
|
|
4428
4522
|
*/
|
|
4429
4523
|
vrfName?: pulumi.Input<string>;
|
|
4430
4524
|
}
|
|
@@ -4453,8 +4547,7 @@ export declare namespace org {
|
|
|
4453
4547
|
*/
|
|
4454
4548
|
name?: pulumi.Input<string>;
|
|
4455
4549
|
/**
|
|
4456
|
-
* by default, we derive all paths available and use them
|
|
4457
|
-
* optionally, you can customize by using `pathPreference`
|
|
4550
|
+
* by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
|
|
4458
4551
|
*/
|
|
4459
4552
|
pathPreference?: pulumi.Input<string>;
|
|
4460
4553
|
/**
|
|
@@ -4497,70 +4590,81 @@ export declare namespace org {
|
|
|
4497
4590
|
interface DeviceprofileGatewayTunnelConfigs {
|
|
4498
4591
|
autoProvision?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsAutoProvision>;
|
|
4499
4592
|
/**
|
|
4500
|
-
* Only if `provider
|
|
4593
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
4501
4594
|
*/
|
|
4502
4595
|
ikeLifetime?: pulumi.Input<number>;
|
|
4503
4596
|
/**
|
|
4504
|
-
* Only if `provider
|
|
4597
|
+
* Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
|
|
4505
4598
|
*/
|
|
4506
4599
|
ikeMode?: pulumi.Input<string>;
|
|
4507
4600
|
/**
|
|
4508
|
-
* if `provider
|
|
4601
|
+
* if `provider`==`custom-ipsec`
|
|
4509
4602
|
*/
|
|
4510
4603
|
ikeProposals?: pulumi.Input<pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsIkeProposal>[]>;
|
|
4511
4604
|
/**
|
|
4512
|
-
* if `provider
|
|
4605
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
4513
4606
|
*/
|
|
4514
4607
|
ipsecLifetime?: pulumi.Input<number>;
|
|
4515
4608
|
/**
|
|
4516
|
-
* Only if `provider
|
|
4609
|
+
* Only if `provider`==`custom-ipsec`
|
|
4517
4610
|
*/
|
|
4518
4611
|
ipsecProposals?: pulumi.Input<pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsIpsecProposal>[]>;
|
|
4519
4612
|
/**
|
|
4520
|
-
*
|
|
4521
|
-
* * `provider`== `zscaler-ipsec`
|
|
4522
|
-
* * `provider`==`jse-ipsec`
|
|
4523
|
-
* * `provider`== `custom-ipsec`
|
|
4613
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4524
4614
|
*/
|
|
4525
4615
|
localId?: pulumi.Input<string>;
|
|
4526
4616
|
/**
|
|
4527
|
-
* enum: `active-active`, `active-standby`
|
|
4617
|
+
* Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
|
|
4528
4618
|
*/
|
|
4529
4619
|
mode?: pulumi.Input<string>;
|
|
4530
4620
|
/**
|
|
4531
|
-
* networks reachable via this tunnel
|
|
4621
|
+
* if `provider`==`custom-ipsec`, networks reachable via this tunnel
|
|
4532
4622
|
*/
|
|
4533
4623
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4624
|
+
/**
|
|
4625
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4626
|
+
*/
|
|
4534
4627
|
primary?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsPrimary>;
|
|
4535
4628
|
/**
|
|
4536
|
-
* Only if `provider
|
|
4629
|
+
* Only if `provider`==`custom-ipsec`
|
|
4537
4630
|
*/
|
|
4538
4631
|
probe?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsProbe>;
|
|
4539
4632
|
/**
|
|
4540
|
-
* Only if `provider
|
|
4633
|
+
* Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
|
|
4541
4634
|
*/
|
|
4542
4635
|
protocol?: pulumi.Input<string>;
|
|
4543
4636
|
/**
|
|
4544
|
-
* enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
4637
|
+
* Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
4545
4638
|
*/
|
|
4546
4639
|
provider?: pulumi.Input<string>;
|
|
4547
4640
|
/**
|
|
4548
|
-
*
|
|
4549
|
-
* * `provider`== `zscaler-ipsec`
|
|
4550
|
-
* * `provider`==`jse-ipsec`
|
|
4551
|
-
* * `provider`== `custom-ipsec`
|
|
4641
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4552
4642
|
*/
|
|
4553
4643
|
psk?: pulumi.Input<string>;
|
|
4644
|
+
/**
|
|
4645
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4646
|
+
*/
|
|
4554
4647
|
secondary?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsSecondary>;
|
|
4555
4648
|
/**
|
|
4556
|
-
* Only if `provider
|
|
4649
|
+
* Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
|
|
4557
4650
|
*/
|
|
4558
4651
|
version?: pulumi.Input<string>;
|
|
4559
4652
|
}
|
|
4560
4653
|
interface DeviceprofileGatewayTunnelConfigsAutoProvision {
|
|
4561
4654
|
enable?: pulumi.Input<boolean>;
|
|
4655
|
+
/**
|
|
4656
|
+
* API override for POP selection
|
|
4657
|
+
*/
|
|
4562
4658
|
latlng?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng>;
|
|
4563
4659
|
primary?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary>;
|
|
4660
|
+
/**
|
|
4661
|
+
* enum: `jse-ipsec`, `zscaler-ipsec`
|
|
4662
|
+
*/
|
|
4663
|
+
provider: pulumi.Input<string>;
|
|
4664
|
+
/**
|
|
4665
|
+
* API override for POP selection
|
|
4666
|
+
*/
|
|
4667
|
+
region?: pulumi.Input<string>;
|
|
4564
4668
|
secondary?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary>;
|
|
4565
4669
|
}
|
|
4566
4670
|
interface DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng {
|
|
@@ -4568,14 +4672,14 @@ export declare namespace org {
|
|
|
4568
4672
|
lng: pulumi.Input<number>;
|
|
4569
4673
|
}
|
|
4570
4674
|
interface DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary {
|
|
4571
|
-
|
|
4675
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4572
4676
|
/**
|
|
4573
4677
|
* optional, only needed if `varsOnly`==`false`
|
|
4574
4678
|
*/
|
|
4575
4679
|
wanNames?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4576
4680
|
}
|
|
4577
4681
|
interface DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary {
|
|
4578
|
-
|
|
4682
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4579
4683
|
/**
|
|
4580
4684
|
* optional, only needed if `varsOnly`==`false`
|
|
4581
4685
|
*/
|
|
@@ -4611,7 +4715,7 @@ export declare namespace org {
|
|
|
4611
4715
|
*/
|
|
4612
4716
|
authAlgo?: pulumi.Input<string>;
|
|
4613
4717
|
/**
|
|
4614
|
-
* Only if `provider
|
|
4718
|
+
* Only if `provider`==`custom-ipsec`. enum:
|
|
4615
4719
|
* * 1
|
|
4616
4720
|
* * 2 (1024-bit)
|
|
4617
4721
|
* * 5
|
|
@@ -4630,19 +4734,17 @@ export declare namespace org {
|
|
|
4630
4734
|
encAlgo?: pulumi.Input<string>;
|
|
4631
4735
|
}
|
|
4632
4736
|
interface DeviceprofileGatewayTunnelConfigsPrimary {
|
|
4633
|
-
hosts
|
|
4737
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
4634
4738
|
/**
|
|
4635
|
-
* Only if
|
|
4636
|
-
* * `provider`== `zscaler-gre`
|
|
4637
|
-
* * `provider`== `custom-gre`
|
|
4739
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
4638
4740
|
*/
|
|
4639
4741
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4640
4742
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4641
4743
|
/**
|
|
4642
|
-
* Only if
|
|
4744
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4643
4745
|
*/
|
|
4644
4746
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4645
|
-
wanNames
|
|
4747
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
4646
4748
|
}
|
|
4647
4749
|
interface DeviceprofileGatewayTunnelConfigsProbe {
|
|
4648
4750
|
/**
|
|
@@ -4663,19 +4765,17 @@ export declare namespace org {
|
|
|
4663
4765
|
type?: pulumi.Input<string>;
|
|
4664
4766
|
}
|
|
4665
4767
|
interface DeviceprofileGatewayTunnelConfigsSecondary {
|
|
4666
|
-
hosts
|
|
4768
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
4667
4769
|
/**
|
|
4668
|
-
* Only if
|
|
4669
|
-
* * `provider`== `zscaler-gre`
|
|
4670
|
-
* * `provider`== `custom-gre`
|
|
4770
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
4671
4771
|
*/
|
|
4672
4772
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4673
4773
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4674
4774
|
/**
|
|
4675
|
-
* Only if
|
|
4775
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
4676
4776
|
*/
|
|
4677
4777
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
4678
|
-
wanNames
|
|
4778
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
4679
4779
|
}
|
|
4680
4780
|
interface DeviceprofileGatewayTunnelProviderOptions {
|
|
4681
4781
|
/**
|
|
@@ -4688,74 +4788,125 @@ export declare namespace org {
|
|
|
4688
4788
|
zscaler?: pulumi.Input<inputs.org.DeviceprofileGatewayTunnelProviderOptionsZscaler>;
|
|
4689
4789
|
}
|
|
4690
4790
|
interface DeviceprofileGatewayTunnelProviderOptionsJse {
|
|
4691
|
-
name?: pulumi.Input<string>;
|
|
4692
4791
|
numUsers?: pulumi.Input<number>;
|
|
4792
|
+
/**
|
|
4793
|
+
* JSE Organization name
|
|
4794
|
+
*/
|
|
4795
|
+
orgName?: pulumi.Input<string>;
|
|
4693
4796
|
}
|
|
4694
4797
|
interface DeviceprofileGatewayTunnelProviderOptionsZscaler {
|
|
4695
|
-
|
|
4798
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
4696
4799
|
/**
|
|
4697
|
-
*
|
|
4800
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
4698
4801
|
*/
|
|
4699
|
-
|
|
4802
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
4700
4803
|
/**
|
|
4701
4804
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
4702
4805
|
*/
|
|
4703
|
-
|
|
4806
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
4704
4807
|
/**
|
|
4705
|
-
*
|
|
4808
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
4706
4809
|
*/
|
|
4707
|
-
|
|
4810
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
4708
4811
|
/**
|
|
4709
|
-
*
|
|
4812
|
+
* Enable this option to enforce user authentication
|
|
4710
4813
|
*/
|
|
4711
|
-
|
|
4814
|
+
authRequired?: pulumi.Input<boolean>;
|
|
4712
4815
|
/**
|
|
4713
|
-
* when `
|
|
4816
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
4714
4817
|
*/
|
|
4715
|
-
|
|
4716
|
-
|
|
4717
|
-
|
|
4818
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
4819
|
+
/**
|
|
4820
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
4821
|
+
*/
|
|
4822
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
4823
|
+
/**
|
|
4824
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
4825
|
+
*/
|
|
4826
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
4718
4827
|
/**
|
|
4719
|
-
* if `
|
|
4828
|
+
* if `true`, enable the firewall control option
|
|
4829
|
+
*/
|
|
4830
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
4831
|
+
/**
|
|
4832
|
+
* `sub-locations` can be used for specific uses cases to define different configuration based on the user network
|
|
4720
4833
|
*/
|
|
4721
4834
|
subLocations?: pulumi.Input<pulumi.Input<inputs.org.DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation>[]>;
|
|
4722
4835
|
/**
|
|
4723
|
-
* the
|
|
4836
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
4837
|
+
*/
|
|
4838
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
4839
|
+
/**
|
|
4840
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
4841
|
+
*/
|
|
4842
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
4843
|
+
/**
|
|
4844
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
4845
|
+
*/
|
|
4846
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
4847
|
+
/**
|
|
4848
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
4724
4849
|
*/
|
|
4725
|
-
|
|
4850
|
+
upBandwidth?: pulumi.Input<number>;
|
|
4726
4851
|
/**
|
|
4727
4852
|
* location uses proxy chaining to forward traffic
|
|
4728
4853
|
*/
|
|
4729
|
-
|
|
4854
|
+
xffForwardEnabled?: pulumi.Input<boolean>;
|
|
4730
4855
|
}
|
|
4731
4856
|
interface DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation {
|
|
4732
|
-
|
|
4857
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
4733
4858
|
/**
|
|
4734
|
-
*
|
|
4859
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
4735
4860
|
*/
|
|
4736
|
-
|
|
4861
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
4737
4862
|
/**
|
|
4738
4863
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
4739
4864
|
*/
|
|
4740
|
-
|
|
4865
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
4741
4866
|
/**
|
|
4742
|
-
*
|
|
4867
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
4743
4868
|
*/
|
|
4744
|
-
|
|
4869
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
4745
4870
|
/**
|
|
4746
|
-
*
|
|
4871
|
+
* Enable this option to authenticate users
|
|
4747
4872
|
*/
|
|
4748
|
-
|
|
4873
|
+
authRequired?: pulumi.Input<boolean>;
|
|
4749
4874
|
/**
|
|
4750
|
-
* when `
|
|
4875
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
4751
4876
|
*/
|
|
4752
|
-
|
|
4753
|
-
|
|
4754
|
-
|
|
4877
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
4878
|
+
/**
|
|
4879
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
4880
|
+
*/
|
|
4881
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
4882
|
+
/**
|
|
4883
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
4884
|
+
*/
|
|
4885
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
4886
|
+
/**
|
|
4887
|
+
* Network name
|
|
4888
|
+
*/
|
|
4889
|
+
name?: pulumi.Input<string>;
|
|
4755
4890
|
/**
|
|
4756
|
-
*
|
|
4891
|
+
* if `true`, enable the firewall control option
|
|
4757
4892
|
*/
|
|
4758
|
-
|
|
4893
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
4894
|
+
/**
|
|
4895
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
4896
|
+
*/
|
|
4897
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
4898
|
+
/**
|
|
4899
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
4900
|
+
*/
|
|
4901
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
4902
|
+
/**
|
|
4903
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
4904
|
+
*/
|
|
4905
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
4906
|
+
/**
|
|
4907
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
4908
|
+
*/
|
|
4909
|
+
upBandwidth?: pulumi.Input<number>;
|
|
4759
4910
|
}
|
|
4760
4911
|
interface DeviceprofileGatewayVrfConfig {
|
|
4761
4912
|
/**
|
|
@@ -4875,8 +5026,7 @@ export declare namespace org {
|
|
|
4875
5026
|
*/
|
|
4876
5027
|
exportPolicy?: pulumi.Input<string>;
|
|
4877
5028
|
/**
|
|
4878
|
-
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
|
|
4879
|
-
* for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
5029
|
+
* by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
|
|
4880
5030
|
*/
|
|
4881
5031
|
extendedV4Nexthop?: pulumi.Input<boolean>;
|
|
4882
5032
|
/**
|
|
@@ -5112,6 +5262,9 @@ export declare namespace org {
|
|
|
5112
5262
|
routedForNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5113
5263
|
subnet: pulumi.Input<string>;
|
|
5114
5264
|
subnet6?: pulumi.Input<string>;
|
|
5265
|
+
/**
|
|
5266
|
+
* Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
|
|
5267
|
+
*/
|
|
5115
5268
|
tenants?: pulumi.Input<{
|
|
5116
5269
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplateNetworkTenants>;
|
|
5117
5270
|
}>;
|
|
@@ -5129,7 +5282,7 @@ export declare namespace org {
|
|
|
5129
5282
|
interface GatewaytemplateNetworkInternetAccess {
|
|
5130
5283
|
createSimpleServicePolicy?: pulumi.Input<boolean>;
|
|
5131
5284
|
/**
|
|
5132
|
-
* Property key
|
|
5285
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
5133
5286
|
*/
|
|
5134
5287
|
destinationNat?: pulumi.Input<{
|
|
5135
5288
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplateNetworkInternetAccessDestinationNat>;
|
|
@@ -5140,22 +5293,35 @@ export declare namespace org {
|
|
|
5140
5293
|
*/
|
|
5141
5294
|
restricted?: pulumi.Input<boolean>;
|
|
5142
5295
|
/**
|
|
5143
|
-
* Property key may be an IP Address (i.e. "
|
|
5296
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
5144
5297
|
*/
|
|
5145
5298
|
staticNat?: pulumi.Input<{
|
|
5146
5299
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplateNetworkInternetAccessStaticNat>;
|
|
5147
5300
|
}>;
|
|
5148
5301
|
}
|
|
5149
5302
|
interface GatewaytemplateNetworkInternetAccessDestinationNat {
|
|
5303
|
+
/**
|
|
5304
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
5305
|
+
*/
|
|
5150
5306
|
internalIp?: pulumi.Input<string>;
|
|
5151
5307
|
name?: pulumi.Input<string>;
|
|
5152
|
-
|
|
5308
|
+
/**
|
|
5309
|
+
* The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
|
|
5310
|
+
*/
|
|
5311
|
+
port?: pulumi.Input<string>;
|
|
5312
|
+
/**
|
|
5313
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
|
|
5314
|
+
*/
|
|
5315
|
+
wanName?: pulumi.Input<string>;
|
|
5153
5316
|
}
|
|
5154
5317
|
interface GatewaytemplateNetworkInternetAccessStaticNat {
|
|
5155
|
-
internalIp?: pulumi.Input<string>;
|
|
5156
|
-
name?: pulumi.Input<string>;
|
|
5157
5318
|
/**
|
|
5158
|
-
*
|
|
5319
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
5320
|
+
*/
|
|
5321
|
+
internalIp: pulumi.Input<string>;
|
|
5322
|
+
name: pulumi.Input<string>;
|
|
5323
|
+
/**
|
|
5324
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
|
|
5159
5325
|
*/
|
|
5160
5326
|
wanName?: pulumi.Input<string>;
|
|
5161
5327
|
}
|
|
@@ -5191,7 +5357,7 @@ export declare namespace org {
|
|
|
5191
5357
|
*/
|
|
5192
5358
|
allowPing?: pulumi.Input<boolean>;
|
|
5193
5359
|
/**
|
|
5194
|
-
* Property key
|
|
5360
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
5195
5361
|
*/
|
|
5196
5362
|
destinationNat?: pulumi.Input<{
|
|
5197
5363
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplateNetworkVpnAccessDestinationNat>;
|
|
@@ -5209,13 +5375,11 @@ export declare namespace org {
|
|
|
5209
5375
|
*/
|
|
5210
5376
|
noReadvertiseToLanOspf?: pulumi.Input<boolean>;
|
|
5211
5377
|
/**
|
|
5212
|
-
* toward overlay
|
|
5213
|
-
* how HUB should deal with routes it received from Spokes
|
|
5378
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
5214
5379
|
*/
|
|
5215
5380
|
noReadvertiseToOverlay?: pulumi.Input<boolean>;
|
|
5216
5381
|
/**
|
|
5217
|
-
* by default, the routes are only readvertised toward the same vrf on spoke
|
|
5218
|
-
* to allow it to be leaked to other vrfs
|
|
5382
|
+
* by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
|
|
5219
5383
|
*/
|
|
5220
5384
|
otherVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5221
5385
|
/**
|
|
@@ -5227,14 +5391,13 @@ export declare namespace org {
|
|
|
5227
5391
|
*/
|
|
5228
5392
|
sourceNat?: pulumi.Input<inputs.org.GatewaytemplateNetworkVpnAccessSourceNat>;
|
|
5229
5393
|
/**
|
|
5230
|
-
* Property key may be an IP Address (i.e. "
|
|
5394
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
5231
5395
|
*/
|
|
5232
5396
|
staticNat?: pulumi.Input<{
|
|
5233
5397
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplateNetworkVpnAccessStaticNat>;
|
|
5234
5398
|
}>;
|
|
5235
5399
|
/**
|
|
5236
|
-
* toward overlay
|
|
5237
|
-
* how HUB should deal with routes it received from Spokes
|
|
5400
|
+
* toward overlay, how HUB should deal with routes it received from Spokes
|
|
5238
5401
|
*/
|
|
5239
5402
|
summarizedSubnet?: pulumi.Input<string>;
|
|
5240
5403
|
/**
|
|
@@ -5247,20 +5410,22 @@ export declare namespace org {
|
|
|
5247
5410
|
summarizedSubnetToLanOspf?: pulumi.Input<string>;
|
|
5248
5411
|
}
|
|
5249
5412
|
interface GatewaytemplateNetworkVpnAccessDestinationNat {
|
|
5413
|
+
/**
|
|
5414
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
5415
|
+
*/
|
|
5250
5416
|
internalIp?: pulumi.Input<string>;
|
|
5251
5417
|
name?: pulumi.Input<string>;
|
|
5252
|
-
port?: pulumi.Input<
|
|
5418
|
+
port?: pulumi.Input<string>;
|
|
5253
5419
|
}
|
|
5254
5420
|
interface GatewaytemplateNetworkVpnAccessSourceNat {
|
|
5255
5421
|
externalIp?: pulumi.Input<string>;
|
|
5256
5422
|
}
|
|
5257
5423
|
interface GatewaytemplateNetworkVpnAccessStaticNat {
|
|
5258
|
-
internalIp?: pulumi.Input<string>;
|
|
5259
|
-
name?: pulumi.Input<string>;
|
|
5260
5424
|
/**
|
|
5261
|
-
*
|
|
5425
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
5262
5426
|
*/
|
|
5263
|
-
|
|
5427
|
+
internalIp: pulumi.Input<string>;
|
|
5428
|
+
name: pulumi.Input<string>;
|
|
5264
5429
|
}
|
|
5265
5430
|
interface GatewaytemplateOobIpConfig {
|
|
5266
5431
|
/**
|
|
@@ -5371,9 +5536,7 @@ export declare namespace org {
|
|
|
5371
5536
|
*/
|
|
5372
5537
|
aeIdx?: pulumi.Input<string>;
|
|
5373
5538
|
/**
|
|
5374
|
-
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability
|
|
5375
|
-
* Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
|
|
5376
|
-
* Note: Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
5539
|
+
* For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
|
|
5377
5540
|
*/
|
|
5378
5541
|
aeLacpForceUp?: pulumi.Input<boolean>;
|
|
5379
5542
|
aggregated?: pulumi.Input<boolean>;
|
|
@@ -5381,6 +5544,9 @@ export declare namespace org {
|
|
|
5381
5544
|
* if want to generate port up/down alarm, set it to true
|
|
5382
5545
|
*/
|
|
5383
5546
|
critical?: pulumi.Input<boolean>;
|
|
5547
|
+
/**
|
|
5548
|
+
* Interface Description. Can be a variable (i.e. "{{myvar}}")
|
|
5549
|
+
*/
|
|
5384
5550
|
description?: pulumi.Input<string>;
|
|
5385
5551
|
disableAutoneg?: pulumi.Input<boolean>;
|
|
5386
5552
|
/**
|
|
@@ -5392,13 +5558,11 @@ export declare namespace org {
|
|
|
5392
5558
|
*/
|
|
5393
5559
|
dslType?: pulumi.Input<string>;
|
|
5394
5560
|
/**
|
|
5395
|
-
* if `wanType`==`dsl
|
|
5396
|
-
* 16 bit int
|
|
5561
|
+
* if `wanType`==`dsl`, 16 bit int
|
|
5397
5562
|
*/
|
|
5398
5563
|
dslVci?: pulumi.Input<number>;
|
|
5399
5564
|
/**
|
|
5400
|
-
* if `wanType`==`dsl
|
|
5401
|
-
* 8 bit int
|
|
5565
|
+
* if `wanType`==`dsl`, 8 bit int
|
|
5402
5566
|
*/
|
|
5403
5567
|
dslVpi?: pulumi.Input<number>;
|
|
5404
5568
|
/**
|
|
@@ -5432,7 +5596,7 @@ export declare namespace org {
|
|
|
5432
5596
|
*/
|
|
5433
5597
|
name?: pulumi.Input<string>;
|
|
5434
5598
|
/**
|
|
5435
|
-
* if `usage`==`lan`
|
|
5599
|
+
* if `usage`==`lan`, name of the `junipermist.org.Network` resource
|
|
5436
5600
|
*/
|
|
5437
5601
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5438
5602
|
/**
|
|
@@ -5441,7 +5605,7 @@ export declare namespace org {
|
|
|
5441
5605
|
outerVlanId?: pulumi.Input<number>;
|
|
5442
5606
|
poeDisabled?: pulumi.Input<boolean>;
|
|
5443
5607
|
/**
|
|
5444
|
-
* if `usage`==`lan
|
|
5608
|
+
* Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
|
|
5445
5609
|
*/
|
|
5446
5610
|
portNetwork?: pulumi.Input<string>;
|
|
5447
5611
|
/**
|
|
@@ -5478,10 +5642,7 @@ export declare namespace org {
|
|
|
5478
5642
|
* port usage name. enum: `haControl`, `haData`, `lan`, `wan`
|
|
5479
5643
|
*/
|
|
5480
5644
|
usage: pulumi.Input<string>;
|
|
5481
|
-
|
|
5482
|
-
* if WAN interface is on a VLAN
|
|
5483
|
-
*/
|
|
5484
|
-
vlanId?: pulumi.Input<number>;
|
|
5645
|
+
vlanId?: pulumi.Input<string>;
|
|
5485
5646
|
/**
|
|
5486
5647
|
* Property key is the VPN name
|
|
5487
5648
|
*/
|
|
@@ -5489,29 +5650,33 @@ export declare namespace org {
|
|
|
5489
5650
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplatePortConfigVpnPaths>;
|
|
5490
5651
|
}>;
|
|
5491
5652
|
/**
|
|
5492
|
-
* when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
5653
|
+
* Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
|
|
5493
5654
|
*/
|
|
5494
5655
|
wanArpPolicer?: pulumi.Input<string>;
|
|
5495
5656
|
/**
|
|
5496
|
-
*
|
|
5657
|
+
* Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
|
|
5497
5658
|
*/
|
|
5498
5659
|
wanExtIp?: pulumi.Input<string>;
|
|
5499
5660
|
/**
|
|
5500
|
-
* Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
5661
|
+
* Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
|
|
5501
5662
|
*/
|
|
5502
5663
|
wanExtraRoutes?: pulumi.Input<{
|
|
5503
5664
|
[key: string]: pulumi.Input<inputs.org.GatewaytemplatePortConfigWanExtraRoutes>;
|
|
5504
5665
|
}>;
|
|
5505
5666
|
/**
|
|
5506
|
-
* if `usage`==`wan
|
|
5667
|
+
* Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
|
|
5668
|
+
*/
|
|
5669
|
+
wanNetworks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5670
|
+
/**
|
|
5671
|
+
* Only if `usage`==`wan`
|
|
5507
5672
|
*/
|
|
5508
5673
|
wanProbeOverride?: pulumi.Input<inputs.org.GatewaytemplatePortConfigWanProbeOverride>;
|
|
5509
5674
|
/**
|
|
5510
|
-
* optional
|
|
5675
|
+
* Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
|
|
5511
5676
|
*/
|
|
5512
5677
|
wanSourceNat?: pulumi.Input<inputs.org.GatewaytemplatePortConfigWanSourceNat>;
|
|
5513
5678
|
/**
|
|
5514
|
-
* if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
5679
|
+
* Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
|
|
5515
5680
|
*/
|
|
5516
5681
|
wanType?: pulumi.Input<string>;
|
|
5517
5682
|
}
|
|
@@ -5525,12 +5690,15 @@ export declare namespace org {
|
|
|
5525
5690
|
*/
|
|
5526
5691
|
dnsSuffixes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5527
5692
|
/**
|
|
5528
|
-
* except for out-of_band interface (vme/em0/fxp0)
|
|
5693
|
+
* except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
|
|
5529
5694
|
*/
|
|
5530
5695
|
gateway?: pulumi.Input<string>;
|
|
5696
|
+
/**
|
|
5697
|
+
* Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
|
|
5698
|
+
*/
|
|
5531
5699
|
ip?: pulumi.Input<string>;
|
|
5532
5700
|
/**
|
|
5533
|
-
* used only if `subnet` is not specified in `networks
|
|
5701
|
+
* used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
|
|
5534
5702
|
*/
|
|
5535
5703
|
netmask?: pulumi.Input<string>;
|
|
5536
5704
|
/**
|
|
@@ -5556,11 +5724,14 @@ export declare namespace org {
|
|
|
5556
5724
|
}
|
|
5557
5725
|
interface GatewaytemplatePortConfigTrafficShaping {
|
|
5558
5726
|
/**
|
|
5559
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
5560
|
-
* sum must be equal to 100
|
|
5727
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
5561
5728
|
*/
|
|
5562
5729
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
5563
5730
|
enabled?: pulumi.Input<boolean>;
|
|
5731
|
+
/**
|
|
5732
|
+
* Interface Transmit Cap in kbps
|
|
5733
|
+
*/
|
|
5734
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
5564
5735
|
}
|
|
5565
5736
|
interface GatewaytemplatePortConfigVpnPaths {
|
|
5566
5737
|
/**
|
|
@@ -5587,11 +5758,14 @@ export declare namespace org {
|
|
|
5587
5758
|
}
|
|
5588
5759
|
interface GatewaytemplatePortConfigVpnPathsTrafficShaping {
|
|
5589
5760
|
/**
|
|
5590
|
-
* percentages for differet class of traffic: high / medium / low / best-effort
|
|
5591
|
-
* sum must be equal to 100
|
|
5761
|
+
* percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
|
|
5592
5762
|
*/
|
|
5593
5763
|
classPercentages?: pulumi.Input<pulumi.Input<number>[]>;
|
|
5594
5764
|
enabled?: pulumi.Input<boolean>;
|
|
5765
|
+
/**
|
|
5766
|
+
* Interface Transmit Cap in kbps
|
|
5767
|
+
*/
|
|
5768
|
+
maxTxKbps?: pulumi.Input<number>;
|
|
5595
5769
|
}
|
|
5596
5770
|
interface GatewaytemplatePortConfigWanExtraRoutes {
|
|
5597
5771
|
via?: pulumi.Input<string>;
|
|
@@ -5636,6 +5810,10 @@ export declare namespace org {
|
|
|
5636
5810
|
* for SSR, hub decides how VRF routes are leaked on spoke
|
|
5637
5811
|
*/
|
|
5638
5812
|
addTargetVrfs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5813
|
+
/**
|
|
5814
|
+
* route aggregation
|
|
5815
|
+
*/
|
|
5816
|
+
aggregates?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5639
5817
|
/**
|
|
5640
5818
|
* when used as export policy, optional
|
|
5641
5819
|
*/
|
|
@@ -5680,16 +5858,14 @@ export declare namespace org {
|
|
|
5680
5858
|
vpnNeighborMacs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5681
5859
|
vpnPathSla?: pulumi.Input<inputs.org.GatewaytemplateRoutingPoliciesTermMatchingVpnPathSla>;
|
|
5682
5860
|
/**
|
|
5683
|
-
* overlay-facing criteria (used for bgpConfig where via=vpn)
|
|
5684
|
-
* ordered-
|
|
5861
|
+
* overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
|
|
5685
5862
|
*/
|
|
5686
5863
|
vpnPaths?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5687
5864
|
}
|
|
5688
5865
|
interface GatewaytemplateRoutingPoliciesTermMatchingRouteExists {
|
|
5689
5866
|
route?: pulumi.Input<string>;
|
|
5690
5867
|
/**
|
|
5691
|
-
* name of the vrf instance
|
|
5692
|
-
* it can also be the name of the VPN or wan if they
|
|
5868
|
+
* name of the vrf instance, it can also be the name of the VPN or wan if they
|
|
5693
5869
|
*/
|
|
5694
5870
|
vrfName?: pulumi.Input<string>;
|
|
5695
5871
|
}
|
|
@@ -5718,8 +5894,7 @@ export declare namespace org {
|
|
|
5718
5894
|
*/
|
|
5719
5895
|
name?: pulumi.Input<string>;
|
|
5720
5896
|
/**
|
|
5721
|
-
* by default, we derive all paths available and use them
|
|
5722
|
-
* optionally, you can customize by using `pathPreference`
|
|
5897
|
+
* by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
|
|
5723
5898
|
*/
|
|
5724
5899
|
pathPreference?: pulumi.Input<string>;
|
|
5725
5900
|
/**
|
|
@@ -5762,70 +5937,81 @@ export declare namespace org {
|
|
|
5762
5937
|
interface GatewaytemplateTunnelConfigs {
|
|
5763
5938
|
autoProvision?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsAutoProvision>;
|
|
5764
5939
|
/**
|
|
5765
|
-
* Only if `provider
|
|
5940
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
5766
5941
|
*/
|
|
5767
5942
|
ikeLifetime?: pulumi.Input<number>;
|
|
5768
5943
|
/**
|
|
5769
|
-
* Only if `provider
|
|
5944
|
+
* Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
|
|
5770
5945
|
*/
|
|
5771
5946
|
ikeMode?: pulumi.Input<string>;
|
|
5772
5947
|
/**
|
|
5773
|
-
* if `provider
|
|
5948
|
+
* if `provider`==`custom-ipsec`
|
|
5774
5949
|
*/
|
|
5775
5950
|
ikeProposals?: pulumi.Input<pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsIkeProposal>[]>;
|
|
5776
5951
|
/**
|
|
5777
|
-
* if `provider
|
|
5952
|
+
* Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
|
|
5778
5953
|
*/
|
|
5779
5954
|
ipsecLifetime?: pulumi.Input<number>;
|
|
5780
5955
|
/**
|
|
5781
|
-
* Only if `provider
|
|
5956
|
+
* Only if `provider`==`custom-ipsec`
|
|
5782
5957
|
*/
|
|
5783
5958
|
ipsecProposals?: pulumi.Input<pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsIpsecProposal>[]>;
|
|
5784
5959
|
/**
|
|
5785
|
-
*
|
|
5786
|
-
* * `provider`== `zscaler-ipsec`
|
|
5787
|
-
* * `provider`==`jse-ipsec`
|
|
5788
|
-
* * `provider`== `custom-ipsec`
|
|
5960
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5789
5961
|
*/
|
|
5790
5962
|
localId?: pulumi.Input<string>;
|
|
5791
5963
|
/**
|
|
5792
|
-
* enum: `active-active`, `active-standby`
|
|
5964
|
+
* Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
|
|
5793
5965
|
*/
|
|
5794
5966
|
mode?: pulumi.Input<string>;
|
|
5795
5967
|
/**
|
|
5796
|
-
* networks reachable via this tunnel
|
|
5968
|
+
* if `provider`==`custom-ipsec`, networks reachable via this tunnel
|
|
5797
5969
|
*/
|
|
5798
5970
|
networks?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5971
|
+
/**
|
|
5972
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5973
|
+
*/
|
|
5799
5974
|
primary?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsPrimary>;
|
|
5800
5975
|
/**
|
|
5801
|
-
* Only if `provider
|
|
5976
|
+
* Only if `provider`==`custom-ipsec`
|
|
5802
5977
|
*/
|
|
5803
5978
|
probe?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsProbe>;
|
|
5804
5979
|
/**
|
|
5805
|
-
* Only if `provider
|
|
5980
|
+
* Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
|
|
5806
5981
|
*/
|
|
5807
5982
|
protocol?: pulumi.Input<string>;
|
|
5808
5983
|
/**
|
|
5809
|
-
* enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
5984
|
+
* Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
|
|
5810
5985
|
*/
|
|
5811
5986
|
provider?: pulumi.Input<string>;
|
|
5812
5987
|
/**
|
|
5813
|
-
*
|
|
5814
|
-
* * `provider`== `zscaler-ipsec`
|
|
5815
|
-
* * `provider`==`jse-ipsec`
|
|
5816
|
-
* * `provider`== `custom-ipsec`
|
|
5988
|
+
* Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5817
5989
|
*/
|
|
5818
5990
|
psk?: pulumi.Input<string>;
|
|
5991
|
+
/**
|
|
5992
|
+
* Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5993
|
+
*/
|
|
5819
5994
|
secondary?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsSecondary>;
|
|
5820
5995
|
/**
|
|
5821
|
-
* Only if `provider
|
|
5996
|
+
* Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
|
|
5822
5997
|
*/
|
|
5823
5998
|
version?: pulumi.Input<string>;
|
|
5824
5999
|
}
|
|
5825
6000
|
interface GatewaytemplateTunnelConfigsAutoProvision {
|
|
5826
6001
|
enable?: pulumi.Input<boolean>;
|
|
6002
|
+
/**
|
|
6003
|
+
* API override for POP selection
|
|
6004
|
+
*/
|
|
5827
6005
|
latlng?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsAutoProvisionLatlng>;
|
|
5828
6006
|
primary?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsAutoProvisionPrimary>;
|
|
6007
|
+
/**
|
|
6008
|
+
* enum: `jse-ipsec`, `zscaler-ipsec`
|
|
6009
|
+
*/
|
|
6010
|
+
provider: pulumi.Input<string>;
|
|
6011
|
+
/**
|
|
6012
|
+
* API override for POP selection
|
|
6013
|
+
*/
|
|
6014
|
+
region?: pulumi.Input<string>;
|
|
5829
6015
|
secondary?: pulumi.Input<inputs.org.GatewaytemplateTunnelConfigsAutoProvisionSecondary>;
|
|
5830
6016
|
}
|
|
5831
6017
|
interface GatewaytemplateTunnelConfigsAutoProvisionLatlng {
|
|
@@ -5833,14 +6019,14 @@ export declare namespace org {
|
|
|
5833
6019
|
lng: pulumi.Input<number>;
|
|
5834
6020
|
}
|
|
5835
6021
|
interface GatewaytemplateTunnelConfigsAutoProvisionPrimary {
|
|
5836
|
-
|
|
6022
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5837
6023
|
/**
|
|
5838
6024
|
* optional, only needed if `varsOnly`==`false`
|
|
5839
6025
|
*/
|
|
5840
6026
|
wanNames?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5841
6027
|
}
|
|
5842
6028
|
interface GatewaytemplateTunnelConfigsAutoProvisionSecondary {
|
|
5843
|
-
|
|
6029
|
+
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5844
6030
|
/**
|
|
5845
6031
|
* optional, only needed if `varsOnly`==`false`
|
|
5846
6032
|
*/
|
|
@@ -5876,7 +6062,7 @@ export declare namespace org {
|
|
|
5876
6062
|
*/
|
|
5877
6063
|
authAlgo?: pulumi.Input<string>;
|
|
5878
6064
|
/**
|
|
5879
|
-
* Only if `provider
|
|
6065
|
+
* Only if `provider`==`custom-ipsec`. enum:
|
|
5880
6066
|
* * 1
|
|
5881
6067
|
* * 2 (1024-bit)
|
|
5882
6068
|
* * 5
|
|
@@ -5895,19 +6081,17 @@ export declare namespace org {
|
|
|
5895
6081
|
encAlgo?: pulumi.Input<string>;
|
|
5896
6082
|
}
|
|
5897
6083
|
interface GatewaytemplateTunnelConfigsPrimary {
|
|
5898
|
-
hosts
|
|
6084
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
5899
6085
|
/**
|
|
5900
|
-
* Only if
|
|
5901
|
-
* * `provider`== `zscaler-gre`
|
|
5902
|
-
* * `provider`== `custom-gre`
|
|
6086
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
5903
6087
|
*/
|
|
5904
6088
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5905
6089
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5906
6090
|
/**
|
|
5907
|
-
* Only if
|
|
6091
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5908
6092
|
*/
|
|
5909
6093
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5910
|
-
wanNames
|
|
6094
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
5911
6095
|
}
|
|
5912
6096
|
interface GatewaytemplateTunnelConfigsProbe {
|
|
5913
6097
|
/**
|
|
@@ -5928,19 +6112,17 @@ export declare namespace org {
|
|
|
5928
6112
|
type?: pulumi.Input<string>;
|
|
5929
6113
|
}
|
|
5930
6114
|
interface GatewaytemplateTunnelConfigsSecondary {
|
|
5931
|
-
hosts
|
|
6115
|
+
hosts: pulumi.Input<pulumi.Input<string>[]>;
|
|
5932
6116
|
/**
|
|
5933
|
-
* Only if
|
|
5934
|
-
* * `provider`== `zscaler-gre`
|
|
5935
|
-
* * `provider`== `custom-gre`
|
|
6117
|
+
* Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
|
|
5936
6118
|
*/
|
|
5937
6119
|
internalIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5938
6120
|
probeIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5939
6121
|
/**
|
|
5940
|
-
* Only if
|
|
6122
|
+
* Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
|
|
5941
6123
|
*/
|
|
5942
6124
|
remoteIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
5943
|
-
wanNames
|
|
6125
|
+
wanNames: pulumi.Input<pulumi.Input<string>[]>;
|
|
5944
6126
|
}
|
|
5945
6127
|
interface GatewaytemplateTunnelProviderOptions {
|
|
5946
6128
|
/**
|
|
@@ -5953,74 +6135,125 @@ export declare namespace org {
|
|
|
5953
6135
|
zscaler?: pulumi.Input<inputs.org.GatewaytemplateTunnelProviderOptionsZscaler>;
|
|
5954
6136
|
}
|
|
5955
6137
|
interface GatewaytemplateTunnelProviderOptionsJse {
|
|
5956
|
-
name?: pulumi.Input<string>;
|
|
5957
6138
|
numUsers?: pulumi.Input<number>;
|
|
6139
|
+
/**
|
|
6140
|
+
* JSE Organization name
|
|
6141
|
+
*/
|
|
6142
|
+
orgName?: pulumi.Input<string>;
|
|
5958
6143
|
}
|
|
5959
6144
|
interface GatewaytemplateTunnelProviderOptionsZscaler {
|
|
5960
|
-
|
|
6145
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
5961
6146
|
/**
|
|
5962
|
-
*
|
|
6147
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
5963
6148
|
*/
|
|
5964
|
-
|
|
6149
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
5965
6150
|
/**
|
|
5966
6151
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
5967
6152
|
*/
|
|
5968
|
-
|
|
6153
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
5969
6154
|
/**
|
|
5970
|
-
*
|
|
6155
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
5971
6156
|
*/
|
|
5972
|
-
|
|
6157
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
5973
6158
|
/**
|
|
5974
|
-
*
|
|
6159
|
+
* Enable this option to enforce user authentication
|
|
5975
6160
|
*/
|
|
5976
|
-
|
|
6161
|
+
authRequired?: pulumi.Input<boolean>;
|
|
5977
6162
|
/**
|
|
5978
|
-
* when `
|
|
6163
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
5979
6164
|
*/
|
|
5980
|
-
|
|
5981
|
-
|
|
5982
|
-
|
|
6165
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
6166
|
+
/**
|
|
6167
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
6168
|
+
*/
|
|
6169
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
6170
|
+
/**
|
|
6171
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
6172
|
+
*/
|
|
6173
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
5983
6174
|
/**
|
|
5984
|
-
* if `
|
|
6175
|
+
* if `true`, enable the firewall control option
|
|
6176
|
+
*/
|
|
6177
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
6178
|
+
/**
|
|
6179
|
+
* `sub-locations` can be used for specific uses cases to define different configuration based on the user network
|
|
5985
6180
|
*/
|
|
5986
6181
|
subLocations?: pulumi.Input<pulumi.Input<inputs.org.GatewaytemplateTunnelProviderOptionsZscalerSubLocation>[]>;
|
|
5987
6182
|
/**
|
|
5988
|
-
* the
|
|
6183
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
6184
|
+
*/
|
|
6185
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
6186
|
+
/**
|
|
6187
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
6188
|
+
*/
|
|
6189
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
6190
|
+
/**
|
|
6191
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
6192
|
+
*/
|
|
6193
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
6194
|
+
/**
|
|
6195
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
5989
6196
|
*/
|
|
5990
|
-
|
|
6197
|
+
upBandwidth?: pulumi.Input<number>;
|
|
5991
6198
|
/**
|
|
5992
6199
|
* location uses proxy chaining to forward traffic
|
|
5993
6200
|
*/
|
|
5994
|
-
|
|
6201
|
+
xffForwardEnabled?: pulumi.Input<boolean>;
|
|
5995
6202
|
}
|
|
5996
6203
|
interface GatewaytemplateTunnelProviderOptionsZscalerSubLocation {
|
|
5997
|
-
|
|
6204
|
+
aupBlockInternetUntilAccepted?: pulumi.Input<boolean>;
|
|
5998
6205
|
/**
|
|
5999
|
-
*
|
|
6206
|
+
* Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
|
|
6000
6207
|
*/
|
|
6001
|
-
|
|
6208
|
+
aupEnabled?: pulumi.Input<boolean>;
|
|
6002
6209
|
/**
|
|
6003
6210
|
* proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
|
|
6004
6211
|
*/
|
|
6005
|
-
|
|
6212
|
+
aupForceSslInspection?: pulumi.Input<boolean>;
|
|
6006
6213
|
/**
|
|
6007
|
-
*
|
|
6214
|
+
* Required if `aupEnabled`==`true`. Days before AUP is requested again
|
|
6008
6215
|
*/
|
|
6009
|
-
|
|
6216
|
+
aupTimeoutInDays?: pulumi.Input<number>;
|
|
6010
6217
|
/**
|
|
6011
|
-
*
|
|
6218
|
+
* Enable this option to authenticate users
|
|
6012
6219
|
*/
|
|
6013
|
-
|
|
6220
|
+
authRequired?: pulumi.Input<boolean>;
|
|
6014
6221
|
/**
|
|
6015
|
-
* when `
|
|
6222
|
+
* Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
|
|
6016
6223
|
*/
|
|
6017
|
-
|
|
6018
|
-
|
|
6019
|
-
|
|
6224
|
+
cautionEnabled?: pulumi.Input<boolean>;
|
|
6225
|
+
/**
|
|
6226
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
6227
|
+
*/
|
|
6228
|
+
dnBandwidth?: pulumi.Input<number>;
|
|
6229
|
+
/**
|
|
6230
|
+
* Required if `surrogate_IP`==`true`, idle Time to Disassociation
|
|
6231
|
+
*/
|
|
6232
|
+
idleTimeInMinutes?: pulumi.Input<number>;
|
|
6233
|
+
/**
|
|
6234
|
+
* Network name
|
|
6235
|
+
*/
|
|
6236
|
+
name?: pulumi.Input<string>;
|
|
6020
6237
|
/**
|
|
6021
|
-
*
|
|
6238
|
+
* if `true`, enable the firewall control option
|
|
6022
6239
|
*/
|
|
6023
|
-
|
|
6240
|
+
ofwEnabled?: pulumi.Input<boolean>;
|
|
6241
|
+
/**
|
|
6242
|
+
* Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
|
|
6243
|
+
*/
|
|
6244
|
+
surrogateIp?: pulumi.Input<boolean>;
|
|
6245
|
+
/**
|
|
6246
|
+
* Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
|
|
6247
|
+
*/
|
|
6248
|
+
surrogateIpEnforcedForKnownBrowsers?: pulumi.Input<boolean>;
|
|
6249
|
+
/**
|
|
6250
|
+
* Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
|
|
6251
|
+
*/
|
|
6252
|
+
surrogateRefreshTimeInMinutes?: pulumi.Input<number>;
|
|
6253
|
+
/**
|
|
6254
|
+
* the download bandwidth cap of the link, in Mbps. Disabled if not set
|
|
6255
|
+
*/
|
|
6256
|
+
upBandwidth?: pulumi.Input<number>;
|
|
6024
6257
|
}
|
|
6025
6258
|
interface GatewaytemplateVrfConfig {
|
|
6026
6259
|
/**
|
|
@@ -6187,7 +6420,7 @@ export declare namespace org {
|
|
|
6187
6420
|
interface NetworkInternetAccess {
|
|
6188
6421
|
createSimpleServicePolicy?: pulumi.Input<boolean>;
|
|
6189
6422
|
/**
|
|
6190
|
-
* Property key
|
|
6423
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
6191
6424
|
*/
|
|
6192
6425
|
destinationNat?: pulumi.Input<{
|
|
6193
6426
|
[key: string]: pulumi.Input<inputs.org.NetworkInternetAccessDestinationNat>;
|
|
@@ -6198,25 +6431,57 @@ export declare namespace org {
|
|
|
6198
6431
|
*/
|
|
6199
6432
|
restricted?: pulumi.Input<boolean>;
|
|
6200
6433
|
/**
|
|
6201
|
-
* Property key may be an IP Address (i.e. "
|
|
6434
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
6202
6435
|
*/
|
|
6203
6436
|
staticNat?: pulumi.Input<{
|
|
6204
6437
|
[key: string]: pulumi.Input<inputs.org.NetworkInternetAccessStaticNat>;
|
|
6205
6438
|
}>;
|
|
6206
6439
|
}
|
|
6207
6440
|
interface NetworkInternetAccessDestinationNat {
|
|
6441
|
+
/**
|
|
6442
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
6443
|
+
*/
|
|
6208
6444
|
internalIp?: pulumi.Input<string>;
|
|
6209
6445
|
name?: pulumi.Input<string>;
|
|
6210
|
-
|
|
6446
|
+
/**
|
|
6447
|
+
* The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
|
|
6448
|
+
*/
|
|
6449
|
+
port?: pulumi.Input<string>;
|
|
6450
|
+
/**
|
|
6451
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
|
|
6452
|
+
*/
|
|
6453
|
+
wanName?: pulumi.Input<string>;
|
|
6211
6454
|
}
|
|
6212
6455
|
interface NetworkInternetAccessStaticNat {
|
|
6213
|
-
internalIp?: pulumi.Input<string>;
|
|
6214
|
-
name?: pulumi.Input<string>;
|
|
6215
6456
|
/**
|
|
6216
|
-
*
|
|
6457
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
6458
|
+
*/
|
|
6459
|
+
internalIp: pulumi.Input<string>;
|
|
6460
|
+
name: pulumi.Input<string>;
|
|
6461
|
+
/**
|
|
6462
|
+
* SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
|
|
6217
6463
|
*/
|
|
6218
6464
|
wanName?: pulumi.Input<string>;
|
|
6219
6465
|
}
|
|
6466
|
+
interface NetworkMulticast {
|
|
6467
|
+
/**
|
|
6468
|
+
* if the network will only be the soruce of the multicast traffic, IGMP can be disabled
|
|
6469
|
+
*/
|
|
6470
|
+
disableIgmp?: pulumi.Input<boolean>;
|
|
6471
|
+
enabled?: pulumi.Input<boolean>;
|
|
6472
|
+
/**
|
|
6473
|
+
* Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
|
|
6474
|
+
*/
|
|
6475
|
+
groups?: pulumi.Input<{
|
|
6476
|
+
[key: string]: pulumi.Input<inputs.org.NetworkMulticastGroups>;
|
|
6477
|
+
}>;
|
|
6478
|
+
}
|
|
6479
|
+
interface NetworkMulticastGroups {
|
|
6480
|
+
/**
|
|
6481
|
+
* RP (rendezvous point) IP Address
|
|
6482
|
+
*/
|
|
6483
|
+
rpIp?: pulumi.Input<string>;
|
|
6484
|
+
}
|
|
6220
6485
|
interface NetworkTenants {
|
|
6221
6486
|
addresses?: pulumi.Input<pulumi.Input<string>[]>;
|
|
6222
6487
|
}
|
|
@@ -6230,7 +6495,7 @@ export declare namespace org {
|
|
|
6230
6495
|
*/
|
|
6231
6496
|
allowPing?: pulumi.Input<boolean>;
|
|
6232
6497
|
/**
|
|
6233
|
-
* Property key
|
|
6498
|
+
* Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
|
|
6234
6499
|
*/
|
|
6235
6500
|
destinationNat?: pulumi.Input<{
|
|
6236
6501
|
[key: string]: pulumi.Input<inputs.org.NetworkVpnAccessDestinationNat>;
|
|
@@ -6266,7 +6531,7 @@ export declare namespace org {
|
|
|
6266
6531
|
*/
|
|
6267
6532
|
sourceNat?: pulumi.Input<inputs.org.NetworkVpnAccessSourceNat>;
|
|
6268
6533
|
/**
|
|
6269
|
-
* Property key may be an IP Address (i.e. "
|
|
6534
|
+
* Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
|
|
6270
6535
|
*/
|
|
6271
6536
|
staticNat?: pulumi.Input<{
|
|
6272
6537
|
[key: string]: pulumi.Input<inputs.org.NetworkVpnAccessStaticNat>;
|
|
@@ -6286,31 +6551,35 @@ export declare namespace org {
|
|
|
6286
6551
|
summarizedSubnetToLanOspf?: pulumi.Input<string>;
|
|
6287
6552
|
}
|
|
6288
6553
|
interface NetworkVpnAccessDestinationNat {
|
|
6554
|
+
/**
|
|
6555
|
+
* The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
|
|
6556
|
+
*/
|
|
6289
6557
|
internalIp?: pulumi.Input<string>;
|
|
6290
6558
|
name?: pulumi.Input<string>;
|
|
6291
|
-
port?: pulumi.Input<
|
|
6559
|
+
port?: pulumi.Input<string>;
|
|
6292
6560
|
}
|
|
6293
6561
|
interface NetworkVpnAccessSourceNat {
|
|
6294
6562
|
externalIp?: pulumi.Input<string>;
|
|
6295
6563
|
}
|
|
6296
6564
|
interface NetworkVpnAccessStaticNat {
|
|
6297
|
-
internalIp?: pulumi.Input<string>;
|
|
6298
|
-
name?: pulumi.Input<string>;
|
|
6299
6565
|
/**
|
|
6300
|
-
*
|
|
6566
|
+
* The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
|
|
6301
6567
|
*/
|
|
6302
|
-
|
|
6568
|
+
internalIp: pulumi.Input<string>;
|
|
6569
|
+
name: pulumi.Input<string>;
|
|
6303
6570
|
}
|
|
6304
6571
|
interface NetworktemplateAclPolicy {
|
|
6305
6572
|
/**
|
|
6306
|
-
*
|
|
6307
|
-
*
|
|
6573
|
+
* ACL Policy Actions:
|
|
6574
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
6575
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
6308
6576
|
*/
|
|
6309
6577
|
actions?: pulumi.Input<pulumi.Input<inputs.org.NetworktemplateAclPolicyAction>[]>;
|
|
6310
6578
|
name?: pulumi.Input<string>;
|
|
6311
6579
|
/**
|
|
6312
|
-
*
|
|
6313
|
-
*
|
|
6580
|
+
* ACL Policy Source Tags:
|
|
6581
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
6582
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
6314
6583
|
*/
|
|
6315
6584
|
srcTags?: pulumi.Input<pulumi.Input<string>[]>;
|
|
6316
6585
|
}
|
|
@@ -6324,9 +6593,9 @@ export declare namespace org {
|
|
|
6324
6593
|
interface NetworktemplateAclTags {
|
|
6325
6594
|
/**
|
|
6326
6595
|
* required if
|
|
6327
|
-
*
|
|
6328
|
-
*
|
|
6329
|
-
*
|
|
6596
|
+
* - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
|
|
6597
|
+
* - `type`==`gbpResource`
|
|
6598
|
+
* - `type`==`staticGbp` (applying gbp tag against matching conditions)
|
|
6330
6599
|
*/
|
|
6331
6600
|
gbpTag?: pulumi.Input<number>;
|
|
6332
6601
|
/**
|
|
@@ -6352,8 +6621,7 @@ export declare namespace org {
|
|
|
6352
6621
|
*/
|
|
6353
6622
|
radiusGroup?: pulumi.Input<string>;
|
|
6354
6623
|
/**
|
|
6355
|
-
* if `type`==`resource` or `type`==`gbpResource
|
|
6356
|
-
* empty means unrestricted, i.e. any
|
|
6624
|
+
* if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
|
|
6357
6625
|
*/
|
|
6358
6626
|
specs?: pulumi.Input<pulumi.Input<inputs.org.NetworktemplateAclTagsSpec>[]>;
|
|
6359
6627
|
/**
|
|
@@ -6383,7 +6651,7 @@ export declare namespace org {
|
|
|
6383
6651
|
*/
|
|
6384
6652
|
portRange?: pulumi.Input<string>;
|
|
6385
6653
|
/**
|
|
6386
|
-
* `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number
|
|
6654
|
+
* `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
|
|
6387
6655
|
*/
|
|
6388
6656
|
protocol?: pulumi.Input<string>;
|
|
6389
6657
|
}
|
|
@@ -6457,8 +6725,7 @@ export declare namespace org {
|
|
|
6457
6725
|
*/
|
|
6458
6726
|
gateway6?: pulumi.Input<string>;
|
|
6459
6727
|
/**
|
|
6460
|
-
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
|
|
6461
|
-
* NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
6728
|
+
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
6462
6729
|
*/
|
|
6463
6730
|
isolation?: pulumi.Input<boolean>;
|
|
6464
6731
|
isolationVlanId?: pulumi.Input<string>;
|
|
@@ -6544,9 +6811,7 @@ export declare namespace org {
|
|
|
6544
6811
|
*/
|
|
6545
6812
|
allNetworks?: pulumi.Input<boolean>;
|
|
6546
6813
|
/**
|
|
6547
|
-
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
|
|
6548
|
-
* All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
|
|
6549
|
-
* When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
6814
|
+
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
6550
6815
|
*/
|
|
6551
6816
|
allowDhcpd?: pulumi.Input<boolean>;
|
|
6552
6817
|
/**
|
|
@@ -6594,8 +6859,7 @@ export declare namespace org {
|
|
|
6594
6859
|
*/
|
|
6595
6860
|
guestNetwork?: pulumi.Input<string>;
|
|
6596
6861
|
/**
|
|
6597
|
-
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
|
|
6598
|
-
* NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
6862
|
+
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
6599
6863
|
*/
|
|
6600
6864
|
interSwitchLink?: pulumi.Input<boolean>;
|
|
6601
6865
|
/**
|
|
@@ -6667,8 +6931,7 @@ export declare namespace org {
|
|
|
6667
6931
|
*/
|
|
6668
6932
|
speed?: pulumi.Input<string>;
|
|
6669
6933
|
/**
|
|
6670
|
-
* Switch storm control
|
|
6671
|
-
* Only if `mode`!=`dynamic`
|
|
6934
|
+
* Switch storm control. Only if `mode`!=`dynamic`
|
|
6672
6935
|
*/
|
|
6673
6936
|
stormControl?: pulumi.Input<inputs.org.NetworktemplatePortUsagesStormControl>;
|
|
6674
6937
|
/**
|
|
@@ -6749,8 +7012,7 @@ export declare namespace org {
|
|
|
6749
7012
|
*/
|
|
6750
7013
|
authServersTimeout?: pulumi.Input<number>;
|
|
6751
7014
|
/**
|
|
6752
|
-
* use `network`or `sourceIp
|
|
6753
|
-
* which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
7015
|
+
* use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
6754
7016
|
*/
|
|
6755
7017
|
network?: pulumi.Input<string>;
|
|
6756
7018
|
/**
|
|
@@ -7030,8 +7292,7 @@ export declare namespace org {
|
|
|
7030
7292
|
}
|
|
7031
7293
|
interface NetworktemplateSnmpConfigV3ConfigUsmUser {
|
|
7032
7294
|
/**
|
|
7033
|
-
* Not required if `authenticationType`==`authenticationNone
|
|
7034
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
7295
|
+
* Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
7035
7296
|
*/
|
|
7036
7297
|
authenticationPassword?: pulumi.Input<string>;
|
|
7037
7298
|
/**
|
|
@@ -7039,8 +7300,7 @@ export declare namespace org {
|
|
|
7039
7300
|
*/
|
|
7040
7301
|
authenticationType?: pulumi.Input<string>;
|
|
7041
7302
|
/**
|
|
7042
|
-
* Not required if `encryptionType`==`privacy-none
|
|
7043
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
7303
|
+
* Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
7044
7304
|
*/
|
|
7045
7305
|
encryptionPassword?: pulumi.Input<string>;
|
|
7046
7306
|
/**
|
|
@@ -7165,8 +7425,7 @@ Please update your configurations.
|
|
|
7165
7425
|
[key: string]: pulumi.Input<inputs.org.NetworktemplateSwitchMatchingRulePortConfig>;
|
|
7166
7426
|
}>;
|
|
7167
7427
|
/**
|
|
7168
|
-
* Property key is the port mirroring instance name
|
|
7169
|
-
* portMirroring can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
|
|
7428
|
+
* Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
|
|
7170
7429
|
*/
|
|
7171
7430
|
portMirroring?: pulumi.Input<{
|
|
7172
7431
|
[key: string]: pulumi.Input<inputs.org.NetworktemplateSwitchMatchingRulePortMirroring>;
|
|
@@ -8092,8 +8351,7 @@ Please update your configurations.
|
|
|
8092
8351
|
}>;
|
|
8093
8352
|
enabled?: pulumi.Input<boolean>;
|
|
8094
8353
|
/**
|
|
8095
|
-
* Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps
|
|
8096
|
-
* Property key is the wxtag id
|
|
8354
|
+
* Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
|
|
8097
8355
|
*/
|
|
8098
8356
|
wxtagIds?: pulumi.Input<{
|
|
8099
8357
|
[key: string]: pulumi.Input<number>;
|
|
@@ -8258,8 +8516,7 @@ Please update your configurations.
|
|
|
8258
8516
|
interface WlanDnsServerRewrite {
|
|
8259
8517
|
enabled?: pulumi.Input<boolean>;
|
|
8260
8518
|
/**
|
|
8261
|
-
* map between radiusGroup and the desired DNS server (IPv4 only)
|
|
8262
|
-
* Property key is the RADIUS group, property value is the desired DNS Server
|
|
8519
|
+
* map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
|
|
8263
8520
|
*/
|
|
8264
8521
|
radiusGroups?: pulumi.Input<{
|
|
8265
8522
|
[key: string]: pulumi.Input<string>;
|
|
@@ -8273,8 +8530,7 @@ Please update your configurations.
|
|
|
8273
8530
|
defaultVlanId?: pulumi.Input<string>;
|
|
8274
8531
|
enabled?: pulumi.Input<boolean>;
|
|
8275
8532
|
/**
|
|
8276
|
-
* when 11r is enabled, we'll try to use the cached PMK, this can be disabled
|
|
8277
|
-
* `false` means auto
|
|
8533
|
+
* when 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
|
|
8278
8534
|
*/
|
|
8279
8535
|
forceLookup?: pulumi.Input<boolean>;
|
|
8280
8536
|
/**
|
|
@@ -9332,13 +9588,11 @@ Please update your configurations.
|
|
|
9332
9588
|
enabled?: pulumi.Input<boolean>;
|
|
9333
9589
|
idleTimeout?: pulumi.Input<number>;
|
|
9334
9590
|
/**
|
|
9335
|
-
* To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids.
|
|
9336
|
-
* Org mxedge(s) identified by mxcluster_ids
|
|
9591
|
+
* To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
|
|
9337
9592
|
*/
|
|
9338
9593
|
mxclusterIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
9339
9594
|
/**
|
|
9340
|
-
* default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts
|
|
9341
|
-
* when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
|
|
9595
|
+
* default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
|
|
9342
9596
|
*/
|
|
9343
9597
|
proxyHosts?: pulumi.Input<pulumi.Input<string>[]>;
|
|
9344
9598
|
/**
|
|
@@ -9537,14 +9791,16 @@ export declare namespace site {
|
|
|
9537
9791
|
}
|
|
9538
9792
|
interface NetworktemplateAclPolicy {
|
|
9539
9793
|
/**
|
|
9540
|
-
*
|
|
9541
|
-
*
|
|
9794
|
+
* ACL Policy Actions:
|
|
9795
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
9796
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
9542
9797
|
*/
|
|
9543
9798
|
actions?: pulumi.Input<pulumi.Input<inputs.site.NetworktemplateAclPolicyAction>[]>;
|
|
9544
9799
|
name?: pulumi.Input<string>;
|
|
9545
9800
|
/**
|
|
9546
|
-
*
|
|
9547
|
-
*
|
|
9801
|
+
* ACL Policy Source Tags:
|
|
9802
|
+
* - for GBP-based policy, all srcTags and dstTags have to be gbp-based
|
|
9803
|
+
* - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
|
|
9548
9804
|
*/
|
|
9549
9805
|
srcTags?: pulumi.Input<pulumi.Input<string>[]>;
|
|
9550
9806
|
}
|
|
@@ -9558,9 +9814,9 @@ export declare namespace site {
|
|
|
9558
9814
|
interface NetworktemplateAclTags {
|
|
9559
9815
|
/**
|
|
9560
9816
|
* required if
|
|
9561
|
-
*
|
|
9562
|
-
*
|
|
9563
|
-
*
|
|
9817
|
+
* - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
|
|
9818
|
+
* - `type`==`gbpResource`
|
|
9819
|
+
* - `type`==`staticGbp` (applying gbp tag against matching conditions)
|
|
9564
9820
|
*/
|
|
9565
9821
|
gbpTag?: pulumi.Input<number>;
|
|
9566
9822
|
/**
|
|
@@ -9586,8 +9842,7 @@ export declare namespace site {
|
|
|
9586
9842
|
*/
|
|
9587
9843
|
radiusGroup?: pulumi.Input<string>;
|
|
9588
9844
|
/**
|
|
9589
|
-
* if `type`==`resource` or `type`==`gbpResource
|
|
9590
|
-
* empty means unrestricted, i.e. any
|
|
9845
|
+
* if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
|
|
9591
9846
|
*/
|
|
9592
9847
|
specs?: pulumi.Input<pulumi.Input<inputs.site.NetworktemplateAclTagsSpec>[]>;
|
|
9593
9848
|
/**
|
|
@@ -9617,7 +9872,7 @@ export declare namespace site {
|
|
|
9617
9872
|
*/
|
|
9618
9873
|
portRange?: pulumi.Input<string>;
|
|
9619
9874
|
/**
|
|
9620
|
-
* `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number
|
|
9875
|
+
* `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
|
|
9621
9876
|
*/
|
|
9622
9877
|
protocol?: pulumi.Input<string>;
|
|
9623
9878
|
}
|
|
@@ -9691,8 +9946,7 @@ export declare namespace site {
|
|
|
9691
9946
|
*/
|
|
9692
9947
|
gateway6?: pulumi.Input<string>;
|
|
9693
9948
|
/**
|
|
9694
|
-
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
|
|
9695
|
-
* NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
9949
|
+
* whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
|
|
9696
9950
|
*/
|
|
9697
9951
|
isolation?: pulumi.Input<boolean>;
|
|
9698
9952
|
isolationVlanId?: pulumi.Input<string>;
|
|
@@ -9778,9 +10032,7 @@ export declare namespace site {
|
|
|
9778
10032
|
*/
|
|
9779
10033
|
allNetworks?: pulumi.Input<boolean>;
|
|
9780
10034
|
/**
|
|
9781
|
-
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
|
|
9782
|
-
* All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
|
|
9783
|
-
* When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
10035
|
+
* Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
|
|
9784
10036
|
*/
|
|
9785
10037
|
allowDhcpd?: pulumi.Input<boolean>;
|
|
9786
10038
|
/**
|
|
@@ -9828,8 +10080,7 @@ export declare namespace site {
|
|
|
9828
10080
|
*/
|
|
9829
10081
|
guestNetwork?: pulumi.Input<string>;
|
|
9830
10082
|
/**
|
|
9831
|
-
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
|
|
9832
|
-
* NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
10083
|
+
* Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
|
|
9833
10084
|
*/
|
|
9834
10085
|
interSwitchLink?: pulumi.Input<boolean>;
|
|
9835
10086
|
/**
|
|
@@ -9901,8 +10152,7 @@ export declare namespace site {
|
|
|
9901
10152
|
*/
|
|
9902
10153
|
speed?: pulumi.Input<string>;
|
|
9903
10154
|
/**
|
|
9904
|
-
* Switch storm control
|
|
9905
|
-
* Only if `mode`!=`dynamic`
|
|
10155
|
+
* Switch storm control. Only if `mode`!=`dynamic`
|
|
9906
10156
|
*/
|
|
9907
10157
|
stormControl?: pulumi.Input<inputs.site.NetworktemplatePortUsagesStormControl>;
|
|
9908
10158
|
/**
|
|
@@ -9983,8 +10233,7 @@ export declare namespace site {
|
|
|
9983
10233
|
*/
|
|
9984
10234
|
authServersTimeout?: pulumi.Input<number>;
|
|
9985
10235
|
/**
|
|
9986
|
-
* use `network`or `sourceIp
|
|
9987
|
-
* which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
10236
|
+
* use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
|
|
9988
10237
|
*/
|
|
9989
10238
|
network?: pulumi.Input<string>;
|
|
9990
10239
|
/**
|
|
@@ -10264,8 +10513,7 @@ export declare namespace site {
|
|
|
10264
10513
|
}
|
|
10265
10514
|
interface NetworktemplateSnmpConfigV3ConfigUsmUser {
|
|
10266
10515
|
/**
|
|
10267
|
-
* Not required if `authenticationType`==`authenticationNone
|
|
10268
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
10516
|
+
* Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
|
|
10269
10517
|
*/
|
|
10270
10518
|
authenticationPassword?: pulumi.Input<string>;
|
|
10271
10519
|
/**
|
|
@@ -10273,8 +10521,7 @@ export declare namespace site {
|
|
|
10273
10521
|
*/
|
|
10274
10522
|
authenticationType?: pulumi.Input<string>;
|
|
10275
10523
|
/**
|
|
10276
|
-
* Not required if `encryptionType`==`privacy-none
|
|
10277
|
-
* include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
10524
|
+
* Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
|
|
10278
10525
|
*/
|
|
10279
10526
|
encryptionPassword?: pulumi.Input<string>;
|
|
10280
10527
|
/**
|
|
@@ -10399,8 +10646,7 @@ Please update your configurations.
|
|
|
10399
10646
|
[key: string]: pulumi.Input<inputs.site.NetworktemplateSwitchMatchingRulePortConfig>;
|
|
10400
10647
|
}>;
|
|
10401
10648
|
/**
|
|
10402
|
-
* Property key is the port mirroring instance name
|
|
10403
|
-
* portMirroring can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
|
|
10649
|
+
* Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
|
|
10404
10650
|
*/
|
|
10405
10651
|
portMirroring?: pulumi.Input<{
|
|
10406
10652
|
[key: string]: pulumi.Input<inputs.site.NetworktemplateSwitchMatchingRulePortMirroring>;
|
|
@@ -11221,8 +11467,7 @@ Please update your configurations.
|
|
|
11221
11467
|
}>;
|
|
11222
11468
|
enabled?: pulumi.Input<boolean>;
|
|
11223
11469
|
/**
|
|
11224
|
-
* Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps
|
|
11225
|
-
* Property key is the wxtag id
|
|
11470
|
+
* Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
|
|
11226
11471
|
*/
|
|
11227
11472
|
wxtagIds?: pulumi.Input<{
|
|
11228
11473
|
[key: string]: pulumi.Input<number>;
|
|
@@ -11387,8 +11632,7 @@ Please update your configurations.
|
|
|
11387
11632
|
interface WlanDnsServerRewrite {
|
|
11388
11633
|
enabled?: pulumi.Input<boolean>;
|
|
11389
11634
|
/**
|
|
11390
|
-
* map between radiusGroup and the desired DNS server (IPv4 only)
|
|
11391
|
-
* Property key is the RADIUS group, property value is the desired DNS Server
|
|
11635
|
+
* map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
|
|
11392
11636
|
*/
|
|
11393
11637
|
radiusGroups?: pulumi.Input<{
|
|
11394
11638
|
[key: string]: pulumi.Input<string>;
|
|
@@ -11402,8 +11646,7 @@ Please update your configurations.
|
|
|
11402
11646
|
defaultVlanId?: pulumi.Input<string>;
|
|
11403
11647
|
enabled?: pulumi.Input<boolean>;
|
|
11404
11648
|
/**
|
|
11405
|
-
* when 11r is enabled, we'll try to use the cached PMK, this can be disabled
|
|
11406
|
-
* `false` means auto
|
|
11649
|
+
* when 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
|
|
11407
11650
|
*/
|
|
11408
11651
|
forceLookup?: pulumi.Input<boolean>;
|
|
11409
11652
|
/**
|
|
@@ -12461,13 +12704,11 @@ Please update your configurations.
|
|
|
12461
12704
|
enabled?: pulumi.Input<boolean>;
|
|
12462
12705
|
idleTimeout?: pulumi.Input<number>;
|
|
12463
12706
|
/**
|
|
12464
|
-
* To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids.
|
|
12465
|
-
* Org mxedge(s) identified by mxcluster_ids
|
|
12707
|
+
* To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
|
|
12466
12708
|
*/
|
|
12467
12709
|
mxclusterIds?: pulumi.Input<pulumi.Input<string>[]>;
|
|
12468
12710
|
/**
|
|
12469
|
-
* default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts
|
|
12470
|
-
* when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
|
|
12711
|
+
* default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
|
|
12471
12712
|
*/
|
|
12472
12713
|
proxyHosts?: pulumi.Input<pulumi.Input<string>[]>;
|
|
12473
12714
|
/**
|