@pulumi/juniper-mist 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/config/vars.d.ts +4 -0
  2. package/config/vars.js +6 -0
  3. package/config/vars.js.map +1 -1
  4. package/device/gateway.d.ts +3 -3
  5. package/device/switch.d.ts +12 -20
  6. package/device/switch.js +0 -2
  7. package/device/switch.js.map +1 -1
  8. package/org/deviceprofileGateway.d.ts +3 -3
  9. package/org/gatewaytemplate.d.ts +9 -6
  10. package/org/gatewaytemplate.js.map +1 -1
  11. package/org/nacidp.d.ts +36 -0
  12. package/org/nacidp.js +6 -0
  13. package/org/nacidp.js.map +1 -1
  14. package/org/network.d.ts +21 -0
  15. package/org/network.js +2 -0
  16. package/org/network.js.map +1 -1
  17. package/org/networktemplate.d.ts +3 -3
  18. package/org/sso.d.ts +15 -42
  19. package/org/sso.js +0 -4
  20. package/org/sso.js.map +1 -1
  21. package/package.json +2 -2
  22. package/provider.d.ts +4 -0
  23. package/provider.js +1 -0
  24. package/provider.js.map +1 -1
  25. package/site/networktemplate.d.ts +3 -3
  26. package/types/input.d.ts +716 -475
  27. package/types/output.d.ts +722 -481
package/types/output.d.ts CHANGED
@@ -679,8 +679,7 @@ export declare namespace device {
679
679
  */
680
680
  exportPolicy?: string;
681
681
  /**
682
- * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
683
- * for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
682
+ * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
684
683
  */
685
684
  extendedV4Nexthop?: boolean;
686
685
  /**
@@ -926,6 +925,9 @@ export declare namespace device {
926
925
  routedForNetworks?: string[];
927
926
  subnet: string;
928
927
  subnet6?: string;
928
+ /**
929
+ * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
930
+ */
929
931
  tenants?: {
930
932
  [key: string]: outputs.device.GatewayNetworkTenants;
931
933
  };
@@ -943,7 +945,7 @@ export declare namespace device {
943
945
  interface GatewayNetworkInternetAccess {
944
946
  createSimpleServicePolicy: boolean;
945
947
  /**
946
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
948
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
947
949
  */
948
950
  destinationNat?: {
949
951
  [key: string]: outputs.device.GatewayNetworkInternetAccessDestinationNat;
@@ -954,22 +956,35 @@ export declare namespace device {
954
956
  */
955
957
  restricted: boolean;
956
958
  /**
957
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
959
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
958
960
  */
959
961
  staticNat?: {
960
962
  [key: string]: outputs.device.GatewayNetworkInternetAccessStaticNat;
961
963
  };
962
964
  }
963
965
  interface GatewayNetworkInternetAccessDestinationNat {
966
+ /**
967
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
968
+ */
964
969
  internalIp?: string;
965
970
  name?: string;
966
- port?: number;
971
+ /**
972
+ * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
973
+ */
974
+ port?: string;
975
+ /**
976
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
977
+ */
978
+ wanName?: string;
967
979
  }
968
980
  interface GatewayNetworkInternetAccessStaticNat {
969
- internalIp?: string;
970
- name?: string;
971
981
  /**
972
- * If not set, we configure the nat policies against all WAN ports for simplicity
982
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
983
+ */
984
+ internalIp: string;
985
+ name: string;
986
+ /**
987
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
973
988
  */
974
989
  wanName?: string;
975
990
  }
@@ -1005,9 +1020,9 @@ export declare namespace device {
1005
1020
  */
1006
1021
  allowPing?: boolean;
1007
1022
  /**
1008
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
1023
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
1009
1024
  */
1010
- destinationNat: {
1025
+ destinationNat?: {
1011
1026
  [key: string]: outputs.device.GatewayNetworkVpnAccessDestinationNat;
1012
1027
  };
1013
1028
  /**
@@ -1023,13 +1038,11 @@ export declare namespace device {
1023
1038
  */
1024
1039
  noReadvertiseToLanOspf: boolean;
1025
1040
  /**
1026
- * toward overlay
1027
- * how HUB should deal with routes it received from Spokes
1041
+ * toward overlay, how HUB should deal with routes it received from Spokes
1028
1042
  */
1029
1043
  noReadvertiseToOverlay?: boolean;
1030
1044
  /**
1031
- * by default, the routes are only readvertised toward the same vrf on spoke
1032
- * to allow it to be leaked to other vrfs
1045
+ * by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
1033
1046
  */
1034
1047
  otherVrfs: string[];
1035
1048
  /**
@@ -1041,14 +1054,13 @@ export declare namespace device {
1041
1054
  */
1042
1055
  sourceNat: outputs.device.GatewayNetworkVpnAccessSourceNat;
1043
1056
  /**
1044
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
1057
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
1045
1058
  */
1046
1059
  staticNat: {
1047
1060
  [key: string]: outputs.device.GatewayNetworkVpnAccessStaticNat;
1048
1061
  };
1049
1062
  /**
1050
- * toward overlay
1051
- * how HUB should deal with routes it received from Spokes
1063
+ * toward overlay, how HUB should deal with routes it received from Spokes
1052
1064
  */
1053
1065
  summarizedSubnet?: string;
1054
1066
  /**
@@ -1061,20 +1073,22 @@ export declare namespace device {
1061
1073
  summarizedSubnetToLanOspf?: string;
1062
1074
  }
1063
1075
  interface GatewayNetworkVpnAccessDestinationNat {
1076
+ /**
1077
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
1078
+ */
1064
1079
  internalIp?: string;
1065
1080
  name?: string;
1066
- port?: number;
1081
+ port?: string;
1067
1082
  }
1068
1083
  interface GatewayNetworkVpnAccessSourceNat {
1069
1084
  externalIp?: string;
1070
1085
  }
1071
1086
  interface GatewayNetworkVpnAccessStaticNat {
1072
- internalIp?: string;
1073
- name?: string;
1074
1087
  /**
1075
- * If not set, we configure the nat policies against all WAN ports for simplicity
1088
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
1076
1089
  */
1077
- wanName?: string;
1090
+ internalIp: string;
1091
+ name: string;
1078
1092
  }
1079
1093
  interface GatewayOobIpConfig {
1080
1094
  /**
@@ -1100,7 +1114,7 @@ export declare namespace device {
1100
1114
  /**
1101
1115
  * if supported on the platform. If enabled, DNS will be using this routing-instance, too
1102
1116
  */
1103
- useMgmtVrf: boolean;
1117
+ useMgmtVrf?: boolean;
1104
1118
  /**
1105
1119
  * for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
1106
1120
  */
@@ -1185,9 +1199,7 @@ export declare namespace device {
1185
1199
  */
1186
1200
  aeIdx?: string;
1187
1201
  /**
1188
- * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n
1189
- * Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
1190
- * Note: Turning this on will enable force-up on one of the interfaces in the bundle only
1202
+ * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
1191
1203
  */
1192
1204
  aeLacpForceUp: boolean;
1193
1205
  aggregated: boolean;
@@ -1195,6 +1207,9 @@ export declare namespace device {
1195
1207
  * if want to generate port up/down alarm, set it to true
1196
1208
  */
1197
1209
  critical: boolean;
1210
+ /**
1211
+ * Interface Description. Can be a variable (i.e. "{{myvar}}")
1212
+ */
1198
1213
  description?: string;
1199
1214
  disableAutoneg: boolean;
1200
1215
  /**
@@ -1206,13 +1221,11 @@ export declare namespace device {
1206
1221
  */
1207
1222
  dslType: string;
1208
1223
  /**
1209
- * if `wanType`==`dsl`
1210
- * 16 bit int
1224
+ * if `wanType`==`dsl`, 16 bit int
1211
1225
  */
1212
1226
  dslVci: number;
1213
1227
  /**
1214
- * if `wanType`==`dsl`
1215
- * 8 bit int
1228
+ * if `wanType`==`dsl`, 8 bit int
1216
1229
  */
1217
1230
  dslVpi: number;
1218
1231
  /**
@@ -1246,7 +1259,7 @@ export declare namespace device {
1246
1259
  */
1247
1260
  name?: string;
1248
1261
  /**
1249
- * if `usage`==`lan`
1262
+ * if `usage`==`lan`, name of the `junipermist.org.Network` resource
1250
1263
  */
1251
1264
  networks: string[];
1252
1265
  /**
@@ -1255,7 +1268,7 @@ export declare namespace device {
1255
1268
  outerVlanId?: number;
1256
1269
  poeDisabled: boolean;
1257
1270
  /**
1258
- * if `usage`==`lan`
1271
+ * Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
1259
1272
  */
1260
1273
  portNetwork?: string;
1261
1274
  /**
@@ -1292,10 +1305,7 @@ export declare namespace device {
1292
1305
  * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
1293
1306
  */
1294
1307
  usage: string;
1295
- /**
1296
- * if WAN interface is on a VLAN
1297
- */
1298
- vlanId?: number;
1308
+ vlanId?: string;
1299
1309
  /**
1300
1310
  * Property key is the VPN name
1301
1311
  */
@@ -1303,29 +1313,33 @@ export declare namespace device {
1303
1313
  [key: string]: outputs.device.GatewayPortConfigVpnPaths;
1304
1314
  };
1305
1315
  /**
1306
- * when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
1316
+ * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
1307
1317
  */
1308
1318
  wanArpPolicer: string;
1309
1319
  /**
1310
- * optional, if spoke should reach this port by a different IP
1320
+ * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
1311
1321
  */
1312
1322
  wanExtIp?: string;
1313
1323
  /**
1314
- * Property Key is the destianation CIDR (e.g "100.100.100.0/24")
1324
+ * Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
1315
1325
  */
1316
1326
  wanExtraRoutes?: {
1317
1327
  [key: string]: outputs.device.GatewayPortConfigWanExtraRoutes;
1318
1328
  };
1319
1329
  /**
1320
- * if `usage`==`wan`
1330
+ * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
1331
+ */
1332
+ wanNetworks: string[];
1333
+ /**
1334
+ * Only if `usage`==`wan`
1321
1335
  */
1322
1336
  wanProbeOverride?: outputs.device.GatewayPortConfigWanProbeOverride;
1323
1337
  /**
1324
- * optional, by default, source-NAT is performed on all WAN Ports using the interface-ip
1338
+ * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
1325
1339
  */
1326
1340
  wanSourceNat?: outputs.device.GatewayPortConfigWanSourceNat;
1327
1341
  /**
1328
- * if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
1342
+ * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
1329
1343
  */
1330
1344
  wanType: string;
1331
1345
  }
@@ -1339,12 +1353,15 @@ export declare namespace device {
1339
1353
  */
1340
1354
  dnsSuffixes?: string[];
1341
1355
  /**
1342
- * except for out-of_band interface (vme/em0/fxp0)
1356
+ * except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
1343
1357
  */
1344
1358
  gateway?: string;
1359
+ /**
1360
+ * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
1361
+ */
1345
1362
  ip?: string;
1346
1363
  /**
1347
- * used only if `subnet` is not specified in `networks`
1364
+ * used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
1348
1365
  */
1349
1366
  netmask?: string;
1350
1367
  /**
@@ -1370,11 +1387,14 @@ export declare namespace device {
1370
1387
  }
1371
1388
  interface GatewayPortConfigTrafficShaping {
1372
1389
  /**
1373
- * percentages for differet class of traffic: high / medium / low / best-effort
1374
- * sum must be equal to 100
1390
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
1375
1391
  */
1376
1392
  classPercentages?: number[];
1377
1393
  enabled: boolean;
1394
+ /**
1395
+ * Interface Transmit Cap in kbps
1396
+ */
1397
+ maxTxKbps?: number;
1378
1398
  }
1379
1399
  interface GatewayPortConfigVpnPaths {
1380
1400
  /**
@@ -1401,11 +1421,14 @@ export declare namespace device {
1401
1421
  }
1402
1422
  interface GatewayPortConfigVpnPathsTrafficShaping {
1403
1423
  /**
1404
- * percentages for differet class of traffic: high / medium / low / best-effort
1405
- * sum must be equal to 100
1424
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
1406
1425
  */
1407
1426
  classPercentages?: number[];
1408
1427
  enabled: boolean;
1428
+ /**
1429
+ * Interface Transmit Cap in kbps
1430
+ */
1431
+ maxTxKbps?: number;
1409
1432
  }
1410
1433
  interface GatewayPortConfigWanExtraRoutes {
1411
1434
  via?: string;
@@ -1460,6 +1483,10 @@ export declare namespace device {
1460
1483
  * for SSR, hub decides how VRF routes are leaked on spoke
1461
1484
  */
1462
1485
  addTargetVrfs?: string[];
1486
+ /**
1487
+ * route aggregation
1488
+ */
1489
+ aggregates?: string[];
1463
1490
  /**
1464
1491
  * when used as export policy, optional
1465
1492
  */
@@ -1504,16 +1531,14 @@ export declare namespace device {
1504
1531
  vpnNeighborMacs?: string[];
1505
1532
  vpnPathSla?: outputs.device.GatewayRoutingPoliciesTermMatchingVpnPathSla;
1506
1533
  /**
1507
- * overlay-facing criteria (used for bgpConfig where via=vpn)
1508
- * ordered-
1534
+ * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
1509
1535
  */
1510
1536
  vpnPaths?: string[];
1511
1537
  }
1512
1538
  interface GatewayRoutingPoliciesTermMatchingRouteExists {
1513
1539
  route?: string;
1514
1540
  /**
1515
- * name of the vrf instance
1516
- * it can also be the name of the VPN or wan if they
1541
+ * name of the vrf instance, it can also be the name of the VPN or wan if they
1517
1542
  */
1518
1543
  vrfName: string;
1519
1544
  }
@@ -1542,8 +1567,7 @@ export declare namespace device {
1542
1567
  */
1543
1568
  name?: string;
1544
1569
  /**
1545
- * by default, we derive all paths available and use them
1546
- * optionally, you can customize by using `pathPreference`
1570
+ * by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
1547
1571
  */
1548
1572
  pathPreference?: string;
1549
1573
  /**
@@ -1586,70 +1610,81 @@ export declare namespace device {
1586
1610
  interface GatewayTunnelConfigs {
1587
1611
  autoProvision?: outputs.device.GatewayTunnelConfigsAutoProvision;
1588
1612
  /**
1589
- * Only if `provider`== `custom-ipsec`
1613
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
1590
1614
  */
1591
1615
  ikeLifetime?: number;
1592
1616
  /**
1593
- * Only if `provider`== `custom-ipsec`. enum: `aggressive`, `main`
1617
+ * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
1594
1618
  */
1595
1619
  ikeMode: string;
1596
1620
  /**
1597
- * if `provider`== `custom-ipsec`
1621
+ * if `provider`==`custom-ipsec`
1598
1622
  */
1599
1623
  ikeProposals?: outputs.device.GatewayTunnelConfigsIkeProposal[];
1600
1624
  /**
1601
- * if `provider`== `custom-ipsec`
1625
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
1602
1626
  */
1603
1627
  ipsecLifetime?: number;
1604
1628
  /**
1605
- * Only if `provider`== `custom-ipsec`
1629
+ * Only if `provider`==`custom-ipsec`
1606
1630
  */
1607
1631
  ipsecProposals?: outputs.device.GatewayTunnelConfigsIpsecProposal[];
1608
1632
  /**
1609
- * Only if:
1610
- * * `provider`== `zscaler-ipsec`
1611
- * * `provider`==`jse-ipsec`
1612
- * * `provider`== `custom-ipsec`
1633
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1613
1634
  */
1614
1635
  localId?: string;
1615
1636
  /**
1616
- * enum: `active-active`, `active-standby`
1637
+ * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
1617
1638
  */
1618
1639
  mode: string;
1619
1640
  /**
1620
- * networks reachable via this tunnel
1641
+ * if `provider`==`custom-ipsec`, networks reachable via this tunnel
1621
1642
  */
1622
1643
  networks: string[];
1644
+ /**
1645
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1646
+ */
1623
1647
  primary?: outputs.device.GatewayTunnelConfigsPrimary;
1624
1648
  /**
1625
- * Only if `provider`== `custom-ipsec`
1649
+ * Only if `provider`==`custom-ipsec`
1626
1650
  */
1627
1651
  probe?: outputs.device.GatewayTunnelConfigsProbe;
1628
1652
  /**
1629
- * Only if `provider`== `custom-ipsec`. enum: `gre`, `ipsec`
1653
+ * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
1630
1654
  */
1631
1655
  protocol?: string;
1632
1656
  /**
1633
- * enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
1657
+ * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
1634
1658
  */
1635
1659
  provider?: string;
1636
1660
  /**
1637
- * Only if:
1638
- * * `provider`== `zscaler-ipsec`
1639
- * * `provider`==`jse-ipsec`
1640
- * * `provider`== `custom-ipsec`
1661
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1641
1662
  */
1642
1663
  psk?: string;
1664
+ /**
1665
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1666
+ */
1643
1667
  secondary?: outputs.device.GatewayTunnelConfigsSecondary;
1644
1668
  /**
1645
- * Only if `provider`== `custom-gre` or `provider`== `custom-ipsec`. enum: `1`, `2`
1669
+ * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
1646
1670
  */
1647
1671
  version: string;
1648
1672
  }
1649
1673
  interface GatewayTunnelConfigsAutoProvision {
1650
1674
  enable?: boolean;
1675
+ /**
1676
+ * API override for POP selection
1677
+ */
1651
1678
  latlng?: outputs.device.GatewayTunnelConfigsAutoProvisionLatlng;
1652
1679
  primary?: outputs.device.GatewayTunnelConfigsAutoProvisionPrimary;
1680
+ /**
1681
+ * enum: `jse-ipsec`, `zscaler-ipsec`
1682
+ */
1683
+ provider: string;
1684
+ /**
1685
+ * API override for POP selection
1686
+ */
1687
+ region?: string;
1653
1688
  secondary?: outputs.device.GatewayTunnelConfigsAutoProvisionSecondary;
1654
1689
  }
1655
1690
  interface GatewayTunnelConfigsAutoProvisionLatlng {
@@ -1657,14 +1692,14 @@ export declare namespace device {
1657
1692
  lng: number;
1658
1693
  }
1659
1694
  interface GatewayTunnelConfigsAutoProvisionPrimary {
1660
- numHosts?: string;
1695
+ probeIps?: string[];
1661
1696
  /**
1662
1697
  * optional, only needed if `varsOnly`==`false`
1663
1698
  */
1664
1699
  wanNames?: string[];
1665
1700
  }
1666
1701
  interface GatewayTunnelConfigsAutoProvisionSecondary {
1667
- numHosts?: string;
1702
+ probeIps?: string[];
1668
1703
  /**
1669
1704
  * optional, only needed if `varsOnly`==`false`
1670
1705
  */
@@ -1700,7 +1735,7 @@ export declare namespace device {
1700
1735
  */
1701
1736
  authAlgo?: string;
1702
1737
  /**
1703
- * Only if `provider`== `custom-ipsec`. enum:
1738
+ * Only if `provider`==`custom-ipsec`. enum:
1704
1739
  * * 1
1705
1740
  * * 2 (1024-bit)
1706
1741
  * * 5
@@ -1719,19 +1754,17 @@ export declare namespace device {
1719
1754
  encAlgo: string;
1720
1755
  }
1721
1756
  interface GatewayTunnelConfigsPrimary {
1722
- hosts?: string[];
1757
+ hosts: string[];
1723
1758
  /**
1724
- * Only if:
1725
- * * `provider`== `zscaler-gre`
1726
- * * `provider`== `custom-gre`
1759
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
1727
1760
  */
1728
1761
  internalIps?: string[];
1729
1762
  probeIps?: string[];
1730
1763
  /**
1731
- * Only if `provider`== `custom-ipsec`
1764
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1732
1765
  */
1733
1766
  remoteIds?: string[];
1734
- wanNames?: string[];
1767
+ wanNames: string[];
1735
1768
  }
1736
1769
  interface GatewayTunnelConfigsProbe {
1737
1770
  /**
@@ -1752,19 +1785,17 @@ export declare namespace device {
1752
1785
  type: string;
1753
1786
  }
1754
1787
  interface GatewayTunnelConfigsSecondary {
1755
- hosts?: string[];
1788
+ hosts: string[];
1756
1789
  /**
1757
- * Only if:
1758
- * * `provider`== `zscaler-gre`
1759
- * * `provider`== `custom-gre`
1790
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
1760
1791
  */
1761
1792
  internalIps?: string[];
1762
1793
  probeIps?: string[];
1763
1794
  /**
1764
- * Only if `provider`== `custom-ipsec`
1795
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
1765
1796
  */
1766
1797
  remoteIds?: string[];
1767
- wanNames?: string[];
1798
+ wanNames: string[];
1768
1799
  }
1769
1800
  interface GatewayTunnelProviderOptions {
1770
1801
  /**
@@ -1777,74 +1808,125 @@ export declare namespace device {
1777
1808
  zscaler?: outputs.device.GatewayTunnelProviderOptionsZscaler;
1778
1809
  }
1779
1810
  interface GatewayTunnelProviderOptionsJse {
1780
- name?: string;
1781
1811
  numUsers?: number;
1812
+ /**
1813
+ * JSE Organization name
1814
+ */
1815
+ orgName?: string;
1782
1816
  }
1783
1817
  interface GatewayTunnelProviderOptionsZscaler {
1784
- aupAcceptanceRequired: boolean;
1818
+ aupBlockInternetUntilAccepted?: boolean;
1785
1819
  /**
1786
- * days before AUP is requested again
1820
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
1787
1821
  */
1788
- aupExpire: number;
1822
+ aupEnabled?: boolean;
1789
1823
  /**
1790
1824
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
1791
1825
  */
1792
- aupSslProxy: boolean;
1826
+ aupForceSslInspection?: boolean;
1793
1827
  /**
1794
- * the download bandwidth cap of the link, in Mbps
1828
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
1795
1829
  */
1796
- downloadMbps?: number;
1830
+ aupTimeoutInDays?: number;
1797
1831
  /**
1798
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
1832
+ * Enable this option to enforce user authentication
1799
1833
  */
1800
- enableAup: boolean;
1834
+ authRequired?: boolean;
1801
1835
  /**
1802
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
1836
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
1803
1837
  */
1804
- enableCaution: boolean;
1805
- enforceAuthentication: boolean;
1806
- name?: string;
1838
+ cautionEnabled?: boolean;
1839
+ /**
1840
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
1841
+ */
1842
+ dnBandwidth?: number;
1843
+ /**
1844
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
1845
+ */
1846
+ idleTimeInMinutes?: number;
1847
+ /**
1848
+ * if `true`, enable the firewall control option
1849
+ */
1850
+ ofwEnabled?: boolean;
1807
1851
  /**
1808
- * if `useXff`==`true`
1852
+ * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
1809
1853
  */
1810
1854
  subLocations?: outputs.device.GatewayTunnelProviderOptionsZscalerSubLocation[];
1811
1855
  /**
1812
- * the download bandwidth cap of the link, in Mbps
1856
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
1813
1857
  */
1814
- uploadMbps?: number;
1858
+ surrogateIp?: boolean;
1859
+ /**
1860
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
1861
+ */
1862
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
1863
+ /**
1864
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
1865
+ */
1866
+ surrogateRefreshTimeInMinutes?: number;
1867
+ /**
1868
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
1869
+ */
1870
+ upBandwidth?: number;
1815
1871
  /**
1816
1872
  * location uses proxy chaining to forward traffic
1817
1873
  */
1818
- useXff?: boolean;
1874
+ xffForwardEnabled?: boolean;
1819
1875
  }
1820
1876
  interface GatewayTunnelProviderOptionsZscalerSubLocation {
1821
- aupAcceptanceRequired: boolean;
1877
+ aupBlockInternetUntilAccepted?: boolean;
1822
1878
  /**
1823
- * days before AUP is requested again
1879
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
1824
1880
  */
1825
- aupExpire: number;
1881
+ aupEnabled?: boolean;
1826
1882
  /**
1827
1883
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
1828
1884
  */
1829
- aupSslProxy: boolean;
1885
+ aupForceSslInspection?: boolean;
1886
+ /**
1887
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
1888
+ */
1889
+ aupTimeoutInDays?: number;
1890
+ /**
1891
+ * Enable this option to authenticate users
1892
+ */
1893
+ authRequired?: boolean;
1830
1894
  /**
1831
- * the download bandwidth cap of the link, in Mbps
1895
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
1832
1896
  */
1833
- downloadMbps?: number;
1897
+ cautionEnabled?: boolean;
1834
1898
  /**
1835
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
1899
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
1836
1900
  */
1837
- enableAup?: boolean;
1901
+ dnBandwidth?: number;
1838
1902
  /**
1839
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
1903
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
1840
1904
  */
1841
- enableCaution: boolean;
1842
- enforceAuthentication: boolean;
1843
- subnets?: string[];
1905
+ idleTimeInMinutes?: number;
1844
1906
  /**
1845
- * the download bandwidth cap of the link, in Mbps
1907
+ * Network name
1846
1908
  */
1847
- uploadMbps?: number;
1909
+ name?: string;
1910
+ /**
1911
+ * if `true`, enable the firewall control option
1912
+ */
1913
+ ofwEnabled?: boolean;
1914
+ /**
1915
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
1916
+ */
1917
+ surrogateIp?: boolean;
1918
+ /**
1919
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
1920
+ */
1921
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
1922
+ /**
1923
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
1924
+ */
1925
+ surrogateRefreshTimeInMinutes?: number;
1926
+ /**
1927
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
1928
+ */
1929
+ upBandwidth?: number;
1848
1930
  }
1849
1931
  interface GatewayVrfConfig {
1850
1932
  /**
@@ -3301,14 +3383,16 @@ export declare namespace device {
3301
3383
  }
3302
3384
  interface SwitchAclPolicy {
3303
3385
  /**
3304
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
3305
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
3386
+ * ACL Policy Actions:
3387
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
3388
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
3306
3389
  */
3307
3390
  actions?: outputs.device.SwitchAclPolicyAction[];
3308
3391
  name?: string;
3309
3392
  /**
3310
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
3311
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
3393
+ * ACL Policy Source Tags:
3394
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
3395
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
3312
3396
  */
3313
3397
  srcTags?: string[];
3314
3398
  }
@@ -3322,9 +3406,9 @@ export declare namespace device {
3322
3406
  interface SwitchAclTags {
3323
3407
  /**
3324
3408
  * required if
3325
- * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
3326
- * - `type`==`gbpResource`
3327
- * - `type`==`staticGbp` (applying gbp tag against matching conditions)
3409
+ * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
3410
+ * - `type`==`gbpResource`
3411
+ * - `type`==`staticGbp` (applying gbp tag against matching conditions)
3328
3412
  */
3329
3413
  gbpTag?: number;
3330
3414
  /**
@@ -3350,8 +3434,7 @@ export declare namespace device {
3350
3434
  */
3351
3435
  radiusGroup?: string;
3352
3436
  /**
3353
- * if `type`==`resource` or `type`==`gbpResource`
3354
- * empty means unrestricted, i.e. any
3437
+ * if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
3355
3438
  */
3356
3439
  specs?: outputs.device.SwitchAclTagsSpec[];
3357
3440
  /**
@@ -3381,7 +3464,7 @@ export declare namespace device {
3381
3464
  */
3382
3465
  portRange: string;
3383
3466
  /**
3384
- * `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`. `protocolNumber` is between 1-254
3467
+ * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
3385
3468
  */
3386
3469
  protocol: string;
3387
3470
  }
@@ -3506,13 +3589,6 @@ export declare namespace device {
3506
3589
  type?: string;
3507
3590
  value?: string;
3508
3591
  }
3509
- interface SwitchEvpnConfig {
3510
- enabled: boolean;
3511
- /**
3512
- * enum: `access`, `collapsed-core`, `core`, `distribution`, `esilag-access`, `none`
3513
- */
3514
- role: string;
3515
- }
3516
3592
  interface SwitchExtraRoutes {
3517
3593
  /**
3518
3594
  * this takes precedence
@@ -3580,9 +3656,7 @@ export declare namespace device {
3580
3656
  */
3581
3657
  allNetworks: boolean;
3582
3658
  /**
3583
- * If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
3584
- * All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
3585
- * When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
3659
+ * If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
3586
3660
  */
3587
3661
  allowDhcpd?: boolean;
3588
3662
  allowMultipleSupplicants: boolean;
@@ -3621,8 +3695,7 @@ export declare namespace device {
3621
3695
  */
3622
3696
  guestNetwork?: string;
3623
3697
  /**
3624
- * inter_switch_link is used together with "isolation" under networks
3625
- * NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
3698
+ * inter_switch_link is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
3626
3699
  */
3627
3700
  interSwitchLink: boolean;
3628
3701
  /**
@@ -3653,6 +3726,10 @@ export declare namespace device {
3653
3726
  * Only if `mode`==`trunk`, the list of network/vlans
3654
3727
  */
3655
3728
  networks?: string[];
3729
+ /**
3730
+ * Additional note for the port config override
3731
+ */
3732
+ note?: string;
3656
3733
  /**
3657
3734
  * Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
3658
3735
  */
@@ -3744,8 +3821,7 @@ export declare namespace device {
3744
3821
  */
3745
3822
  gateway6?: string;
3746
3823
  /**
3747
- * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
3748
- * NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
3824
+ * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
3749
3825
  */
3750
3826
  isolation: boolean;
3751
3827
  isolationVlanId?: string;
@@ -3935,9 +4011,7 @@ export declare namespace device {
3935
4011
  */
3936
4012
  allNetworks: boolean;
3937
4013
  /**
3938
- * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
3939
- * All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
3940
- * When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
4014
+ * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
3941
4015
  */
3942
4016
  allowDhcpd?: boolean;
3943
4017
  /**
@@ -3985,8 +4059,7 @@ export declare namespace device {
3985
4059
  */
3986
4060
  guestNetwork?: string;
3987
4061
  /**
3988
- * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
3989
- * NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
4062
+ * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
3990
4063
  */
3991
4064
  interSwitchLink: boolean;
3992
4065
  /**
@@ -4058,8 +4131,7 @@ export declare namespace device {
4058
4131
  */
4059
4132
  speed: string;
4060
4133
  /**
4061
- * Switch storm control
4062
- * Only if `mode`!=`dynamic`
4134
+ * Switch storm control. Only if `mode`!=`dynamic`
4063
4135
  */
4064
4136
  stormControl?: outputs.device.SwitchPortUsagesStormControl;
4065
4137
  /**
@@ -4136,8 +4208,7 @@ export declare namespace device {
4136
4208
  */
4137
4209
  authServersTimeout: number;
4138
4210
  /**
4139
- * use `network`or `sourceIp`
4140
- * which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
4211
+ * use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
4141
4212
  */
4142
4213
  network?: string;
4143
4214
  /**
@@ -4417,8 +4488,7 @@ export declare namespace device {
4417
4488
  }
4418
4489
  interface SwitchSnmpConfigV3ConfigUsmUser {
4419
4490
  /**
4420
- * Not required if `authenticationType`==`authenticationNone`
4421
- * include alphabetic, numeric, and special characters, but it cannot include control characters.
4491
+ * Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
4422
4492
  */
4423
4493
  authenticationPassword?: string;
4424
4494
  /**
@@ -4426,8 +4496,7 @@ export declare namespace device {
4426
4496
  */
4427
4497
  authenticationType?: string;
4428
4498
  /**
4429
- * Not required if `encryptionType`==`privacy-none`
4430
- * include alphabetic, numeric, and special characters, but it cannot include control characters
4499
+ * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
4431
4500
  */
4432
4501
  encryptionPassword?: string;
4433
4502
  /**
@@ -5215,8 +5284,7 @@ export declare namespace org {
5215
5284
  */
5216
5285
  exportPolicy?: string;
5217
5286
  /**
5218
- * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
5219
- * for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
5287
+ * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
5220
5288
  */
5221
5289
  extendedV4Nexthop?: boolean;
5222
5290
  /**
@@ -5452,6 +5520,9 @@ export declare namespace org {
5452
5520
  routedForNetworks?: string[];
5453
5521
  subnet: string;
5454
5522
  subnet6?: string;
5523
+ /**
5524
+ * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
5525
+ */
5455
5526
  tenants?: {
5456
5527
  [key: string]: outputs.org.DeviceprofileGatewayNetworkTenants;
5457
5528
  };
@@ -5469,7 +5540,7 @@ export declare namespace org {
5469
5540
  interface DeviceprofileGatewayNetworkInternetAccess {
5470
5541
  createSimpleServicePolicy: boolean;
5471
5542
  /**
5472
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
5543
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
5473
5544
  */
5474
5545
  destinationNat?: {
5475
5546
  [key: string]: outputs.org.DeviceprofileGatewayNetworkInternetAccessDestinationNat;
@@ -5480,22 +5551,35 @@ export declare namespace org {
5480
5551
  */
5481
5552
  restricted: boolean;
5482
5553
  /**
5483
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
5554
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
5484
5555
  */
5485
5556
  staticNat?: {
5486
5557
  [key: string]: outputs.org.DeviceprofileGatewayNetworkInternetAccessStaticNat;
5487
5558
  };
5488
5559
  }
5489
5560
  interface DeviceprofileGatewayNetworkInternetAccessDestinationNat {
5561
+ /**
5562
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
5563
+ */
5490
5564
  internalIp?: string;
5491
5565
  name?: string;
5492
- port?: number;
5566
+ /**
5567
+ * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
5568
+ */
5569
+ port?: string;
5570
+ /**
5571
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
5572
+ */
5573
+ wanName?: string;
5493
5574
  }
5494
5575
  interface DeviceprofileGatewayNetworkInternetAccessStaticNat {
5495
- internalIp?: string;
5496
- name?: string;
5497
5576
  /**
5498
- * If not set, we configure the nat policies against all WAN ports for simplicity
5577
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
5578
+ */
5579
+ internalIp: string;
5580
+ name: string;
5581
+ /**
5582
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
5499
5583
  */
5500
5584
  wanName?: string;
5501
5585
  }
@@ -5531,9 +5615,9 @@ export declare namespace org {
5531
5615
  */
5532
5616
  allowPing?: boolean;
5533
5617
  /**
5534
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
5618
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
5535
5619
  */
5536
- destinationNat: {
5620
+ destinationNat?: {
5537
5621
  [key: string]: outputs.org.DeviceprofileGatewayNetworkVpnAccessDestinationNat;
5538
5622
  };
5539
5623
  /**
@@ -5549,13 +5633,11 @@ export declare namespace org {
5549
5633
  */
5550
5634
  noReadvertiseToLanOspf: boolean;
5551
5635
  /**
5552
- * toward overlay
5553
- * how HUB should deal with routes it received from Spokes
5636
+ * toward overlay, how HUB should deal with routes it received from Spokes
5554
5637
  */
5555
5638
  noReadvertiseToOverlay?: boolean;
5556
5639
  /**
5557
- * by default, the routes are only readvertised toward the same vrf on spoke
5558
- * to allow it to be leaked to other vrfs
5640
+ * by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
5559
5641
  */
5560
5642
  otherVrfs: string[];
5561
5643
  /**
@@ -5567,14 +5649,13 @@ export declare namespace org {
5567
5649
  */
5568
5650
  sourceNat: outputs.org.DeviceprofileGatewayNetworkVpnAccessSourceNat;
5569
5651
  /**
5570
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
5652
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
5571
5653
  */
5572
5654
  staticNat: {
5573
5655
  [key: string]: outputs.org.DeviceprofileGatewayNetworkVpnAccessStaticNat;
5574
5656
  };
5575
5657
  /**
5576
- * toward overlay
5577
- * how HUB should deal with routes it received from Spokes
5658
+ * toward overlay, how HUB should deal with routes it received from Spokes
5578
5659
  */
5579
5660
  summarizedSubnet?: string;
5580
5661
  /**
@@ -5587,20 +5668,22 @@ export declare namespace org {
5587
5668
  summarizedSubnetToLanOspf?: string;
5588
5669
  }
5589
5670
  interface DeviceprofileGatewayNetworkVpnAccessDestinationNat {
5671
+ /**
5672
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
5673
+ */
5590
5674
  internalIp?: string;
5591
5675
  name?: string;
5592
- port?: number;
5676
+ port?: string;
5593
5677
  }
5594
5678
  interface DeviceprofileGatewayNetworkVpnAccessSourceNat {
5595
5679
  externalIp?: string;
5596
5680
  }
5597
5681
  interface DeviceprofileGatewayNetworkVpnAccessStaticNat {
5598
- internalIp?: string;
5599
- name?: string;
5600
5682
  /**
5601
- * If not set, we configure the nat policies against all WAN ports for simplicity
5683
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
5602
5684
  */
5603
- wanName?: string;
5685
+ internalIp: string;
5686
+ name: string;
5604
5687
  }
5605
5688
  interface DeviceprofileGatewayOobIpConfig {
5606
5689
  /**
@@ -5711,9 +5794,7 @@ export declare namespace org {
5711
5794
  */
5712
5795
  aeIdx?: string;
5713
5796
  /**
5714
- * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n
5715
- * Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
5716
- * Note: Turning this on will enable force-up on one of the interfaces in the bundle only
5797
+ * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
5717
5798
  */
5718
5799
  aeLacpForceUp: boolean;
5719
5800
  aggregated: boolean;
@@ -5721,6 +5802,9 @@ export declare namespace org {
5721
5802
  * if want to generate port up/down alarm, set it to true
5722
5803
  */
5723
5804
  critical: boolean;
5805
+ /**
5806
+ * Interface Description. Can be a variable (i.e. "{{myvar}}")
5807
+ */
5724
5808
  description?: string;
5725
5809
  disableAutoneg: boolean;
5726
5810
  /**
@@ -5732,13 +5816,11 @@ export declare namespace org {
5732
5816
  */
5733
5817
  dslType: string;
5734
5818
  /**
5735
- * if `wanType`==`dsl`
5736
- * 16 bit int
5819
+ * if `wanType`==`dsl`, 16 bit int
5737
5820
  */
5738
5821
  dslVci: number;
5739
5822
  /**
5740
- * if `wanType`==`dsl`
5741
- * 8 bit int
5823
+ * if `wanType`==`dsl`, 8 bit int
5742
5824
  */
5743
5825
  dslVpi: number;
5744
5826
  /**
@@ -5772,7 +5854,7 @@ export declare namespace org {
5772
5854
  */
5773
5855
  name?: string;
5774
5856
  /**
5775
- * if `usage`==`lan`
5857
+ * if `usage`==`lan`, name of the `junipermist.org.Network` resource
5776
5858
  */
5777
5859
  networks: string[];
5778
5860
  /**
@@ -5781,7 +5863,7 @@ export declare namespace org {
5781
5863
  outerVlanId?: number;
5782
5864
  poeDisabled: boolean;
5783
5865
  /**
5784
- * if `usage`==`lan`
5866
+ * Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
5785
5867
  */
5786
5868
  portNetwork?: string;
5787
5869
  /**
@@ -5818,10 +5900,7 @@ export declare namespace org {
5818
5900
  * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
5819
5901
  */
5820
5902
  usage: string;
5821
- /**
5822
- * if WAN interface is on a VLAN
5823
- */
5824
- vlanId?: number;
5903
+ vlanId?: string;
5825
5904
  /**
5826
5905
  * Property key is the VPN name
5827
5906
  */
@@ -5829,29 +5908,33 @@ export declare namespace org {
5829
5908
  [key: string]: outputs.org.DeviceprofileGatewayPortConfigVpnPaths;
5830
5909
  };
5831
5910
  /**
5832
- * when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
5911
+ * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
5833
5912
  */
5834
5913
  wanArpPolicer: string;
5835
5914
  /**
5836
- * optional, if spoke should reach this port by a different IP
5915
+ * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
5837
5916
  */
5838
5917
  wanExtIp?: string;
5839
5918
  /**
5840
- * Property Key is the destianation CIDR (e.g "100.100.100.0/24")
5919
+ * Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
5841
5920
  */
5842
5921
  wanExtraRoutes?: {
5843
5922
  [key: string]: outputs.org.DeviceprofileGatewayPortConfigWanExtraRoutes;
5844
5923
  };
5845
5924
  /**
5846
- * if `usage`==`wan`
5925
+ * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
5926
+ */
5927
+ wanNetworks: string[];
5928
+ /**
5929
+ * Only if `usage`==`wan`
5847
5930
  */
5848
5931
  wanProbeOverride?: outputs.org.DeviceprofileGatewayPortConfigWanProbeOverride;
5849
5932
  /**
5850
- * optional, by default, source-NAT is performed on all WAN Ports using the interface-ip
5933
+ * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
5851
5934
  */
5852
5935
  wanSourceNat?: outputs.org.DeviceprofileGatewayPortConfigWanSourceNat;
5853
5936
  /**
5854
- * if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
5937
+ * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
5855
5938
  */
5856
5939
  wanType: string;
5857
5940
  }
@@ -5865,12 +5948,15 @@ export declare namespace org {
5865
5948
  */
5866
5949
  dnsSuffixes?: string[];
5867
5950
  /**
5868
- * except for out-of_band interface (vme/em0/fxp0)
5951
+ * except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
5869
5952
  */
5870
5953
  gateway?: string;
5954
+ /**
5955
+ * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
5956
+ */
5871
5957
  ip?: string;
5872
5958
  /**
5873
- * used only if `subnet` is not specified in `networks`
5959
+ * used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
5874
5960
  */
5875
5961
  netmask?: string;
5876
5962
  /**
@@ -5896,11 +5982,14 @@ export declare namespace org {
5896
5982
  }
5897
5983
  interface DeviceprofileGatewayPortConfigTrafficShaping {
5898
5984
  /**
5899
- * percentages for differet class of traffic: high / medium / low / best-effort
5900
- * sum must be equal to 100
5985
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
5901
5986
  */
5902
5987
  classPercentages?: number[];
5903
5988
  enabled: boolean;
5989
+ /**
5990
+ * Interface Transmit Cap in kbps
5991
+ */
5992
+ maxTxKbps?: number;
5904
5993
  }
5905
5994
  interface DeviceprofileGatewayPortConfigVpnPaths {
5906
5995
  /**
@@ -5927,11 +6016,14 @@ export declare namespace org {
5927
6016
  }
5928
6017
  interface DeviceprofileGatewayPortConfigVpnPathsTrafficShaping {
5929
6018
  /**
5930
- * percentages for differet class of traffic: high / medium / low / best-effort
5931
- * sum must be equal to 100
6019
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
5932
6020
  */
5933
6021
  classPercentages?: number[];
5934
6022
  enabled: boolean;
6023
+ /**
6024
+ * Interface Transmit Cap in kbps
6025
+ */
6026
+ maxTxKbps?: number;
5935
6027
  }
5936
6028
  interface DeviceprofileGatewayPortConfigWanExtraRoutes {
5937
6029
  via?: string;
@@ -5976,6 +6068,10 @@ export declare namespace org {
5976
6068
  * for SSR, hub decides how VRF routes are leaked on spoke
5977
6069
  */
5978
6070
  addTargetVrfs?: string[];
6071
+ /**
6072
+ * route aggregation
6073
+ */
6074
+ aggregates?: string[];
5979
6075
  /**
5980
6076
  * when used as export policy, optional
5981
6077
  */
@@ -6020,16 +6116,14 @@ export declare namespace org {
6020
6116
  vpnNeighborMacs?: string[];
6021
6117
  vpnPathSla?: outputs.org.DeviceprofileGatewayRoutingPoliciesTermMatchingVpnPathSla;
6022
6118
  /**
6023
- * overlay-facing criteria (used for bgpConfig where via=vpn)
6024
- * ordered-
6119
+ * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
6025
6120
  */
6026
6121
  vpnPaths?: string[];
6027
6122
  }
6028
6123
  interface DeviceprofileGatewayRoutingPoliciesTermMatchingRouteExists {
6029
6124
  route?: string;
6030
6125
  /**
6031
- * name of the vrf instance
6032
- * it can also be the name of the VPN or wan if they
6126
+ * name of the vrf instance, it can also be the name of the VPN or wan if they
6033
6127
  */
6034
6128
  vrfName: string;
6035
6129
  }
@@ -6058,8 +6152,7 @@ export declare namespace org {
6058
6152
  */
6059
6153
  name?: string;
6060
6154
  /**
6061
- * by default, we derive all paths available and use them
6062
- * optionally, you can customize by using `pathPreference`
6155
+ * by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
6063
6156
  */
6064
6157
  pathPreference?: string;
6065
6158
  /**
@@ -6102,70 +6195,81 @@ export declare namespace org {
6102
6195
  interface DeviceprofileGatewayTunnelConfigs {
6103
6196
  autoProvision?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvision;
6104
6197
  /**
6105
- * Only if `provider`== `custom-ipsec`
6198
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
6106
6199
  */
6107
6200
  ikeLifetime?: number;
6108
6201
  /**
6109
- * Only if `provider`== `custom-ipsec`. enum: `aggressive`, `main`
6202
+ * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
6110
6203
  */
6111
6204
  ikeMode: string;
6112
6205
  /**
6113
- * if `provider`== `custom-ipsec`
6206
+ * if `provider`==`custom-ipsec`
6114
6207
  */
6115
6208
  ikeProposals?: outputs.org.DeviceprofileGatewayTunnelConfigsIkeProposal[];
6116
6209
  /**
6117
- * if `provider`== `custom-ipsec`
6210
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
6118
6211
  */
6119
6212
  ipsecLifetime?: number;
6120
6213
  /**
6121
- * Only if `provider`== `custom-ipsec`
6214
+ * Only if `provider`==`custom-ipsec`
6122
6215
  */
6123
6216
  ipsecProposals?: outputs.org.DeviceprofileGatewayTunnelConfigsIpsecProposal[];
6124
6217
  /**
6125
- * Only if:
6126
- * * `provider`== `zscaler-ipsec`
6127
- * * `provider`==`jse-ipsec`
6128
- * * `provider`== `custom-ipsec`
6218
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6129
6219
  */
6130
6220
  localId?: string;
6131
6221
  /**
6132
- * enum: `active-active`, `active-standby`
6222
+ * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
6133
6223
  */
6134
6224
  mode: string;
6135
6225
  /**
6136
- * networks reachable via this tunnel
6226
+ * if `provider`==`custom-ipsec`, networks reachable via this tunnel
6137
6227
  */
6138
6228
  networks: string[];
6229
+ /**
6230
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6231
+ */
6139
6232
  primary?: outputs.org.DeviceprofileGatewayTunnelConfigsPrimary;
6140
6233
  /**
6141
- * Only if `provider`== `custom-ipsec`
6234
+ * Only if `provider`==`custom-ipsec`
6142
6235
  */
6143
6236
  probe?: outputs.org.DeviceprofileGatewayTunnelConfigsProbe;
6144
6237
  /**
6145
- * Only if `provider`== `custom-ipsec`. enum: `gre`, `ipsec`
6238
+ * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
6146
6239
  */
6147
6240
  protocol?: string;
6148
6241
  /**
6149
- * enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
6242
+ * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
6150
6243
  */
6151
6244
  provider?: string;
6152
6245
  /**
6153
- * Only if:
6154
- * * `provider`== `zscaler-ipsec`
6155
- * * `provider`==`jse-ipsec`
6156
- * * `provider`== `custom-ipsec`
6246
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6157
6247
  */
6158
6248
  psk?: string;
6249
+ /**
6250
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6251
+ */
6159
6252
  secondary?: outputs.org.DeviceprofileGatewayTunnelConfigsSecondary;
6160
6253
  /**
6161
- * Only if `provider`== `custom-gre` or `provider`== `custom-ipsec`. enum: `1`, `2`
6254
+ * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
6162
6255
  */
6163
6256
  version: string;
6164
6257
  }
6165
6258
  interface DeviceprofileGatewayTunnelConfigsAutoProvision {
6166
6259
  enable?: boolean;
6260
+ /**
6261
+ * API override for POP selection
6262
+ */
6167
6263
  latlng?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng;
6168
6264
  primary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary;
6265
+ /**
6266
+ * enum: `jse-ipsec`, `zscaler-ipsec`
6267
+ */
6268
+ provider: string;
6269
+ /**
6270
+ * API override for POP selection
6271
+ */
6272
+ region?: string;
6169
6273
  secondary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary;
6170
6274
  }
6171
6275
  interface DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng {
@@ -6173,14 +6277,14 @@ export declare namespace org {
6173
6277
  lng: number;
6174
6278
  }
6175
6279
  interface DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary {
6176
- numHosts?: string;
6280
+ probeIps?: string[];
6177
6281
  /**
6178
6282
  * optional, only needed if `varsOnly`==`false`
6179
6283
  */
6180
6284
  wanNames?: string[];
6181
6285
  }
6182
6286
  interface DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary {
6183
- numHosts?: string;
6287
+ probeIps?: string[];
6184
6288
  /**
6185
6289
  * optional, only needed if `varsOnly`==`false`
6186
6290
  */
@@ -6216,7 +6320,7 @@ export declare namespace org {
6216
6320
  */
6217
6321
  authAlgo?: string;
6218
6322
  /**
6219
- * Only if `provider`== `custom-ipsec`. enum:
6323
+ * Only if `provider`==`custom-ipsec`. enum:
6220
6324
  * * 1
6221
6325
  * * 2 (1024-bit)
6222
6326
  * * 5
@@ -6235,19 +6339,17 @@ export declare namespace org {
6235
6339
  encAlgo: string;
6236
6340
  }
6237
6341
  interface DeviceprofileGatewayTunnelConfigsPrimary {
6238
- hosts?: string[];
6342
+ hosts: string[];
6239
6343
  /**
6240
- * Only if:
6241
- * * `provider`== `zscaler-gre`
6242
- * * `provider`== `custom-gre`
6344
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
6243
6345
  */
6244
6346
  internalIps?: string[];
6245
6347
  probeIps?: string[];
6246
6348
  /**
6247
- * Only if `provider`== `custom-ipsec`
6349
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6248
6350
  */
6249
6351
  remoteIds?: string[];
6250
- wanNames?: string[];
6352
+ wanNames: string[];
6251
6353
  }
6252
6354
  interface DeviceprofileGatewayTunnelConfigsProbe {
6253
6355
  /**
@@ -6268,19 +6370,17 @@ export declare namespace org {
6268
6370
  type: string;
6269
6371
  }
6270
6372
  interface DeviceprofileGatewayTunnelConfigsSecondary {
6271
- hosts?: string[];
6373
+ hosts: string[];
6272
6374
  /**
6273
- * Only if:
6274
- * * `provider`== `zscaler-gre`
6275
- * * `provider`== `custom-gre`
6375
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
6276
6376
  */
6277
6377
  internalIps?: string[];
6278
6378
  probeIps?: string[];
6279
6379
  /**
6280
- * Only if `provider`== `custom-ipsec`
6380
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
6281
6381
  */
6282
6382
  remoteIds?: string[];
6283
- wanNames?: string[];
6383
+ wanNames: string[];
6284
6384
  }
6285
6385
  interface DeviceprofileGatewayTunnelProviderOptions {
6286
6386
  /**
@@ -6293,74 +6393,125 @@ export declare namespace org {
6293
6393
  zscaler?: outputs.org.DeviceprofileGatewayTunnelProviderOptionsZscaler;
6294
6394
  }
6295
6395
  interface DeviceprofileGatewayTunnelProviderOptionsJse {
6296
- name?: string;
6297
6396
  numUsers?: number;
6397
+ /**
6398
+ * JSE Organization name
6399
+ */
6400
+ orgName?: string;
6298
6401
  }
6299
6402
  interface DeviceprofileGatewayTunnelProviderOptionsZscaler {
6300
- aupAcceptanceRequired: boolean;
6403
+ aupBlockInternetUntilAccepted?: boolean;
6301
6404
  /**
6302
- * days before AUP is requested again
6405
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
6303
6406
  */
6304
- aupExpire: number;
6407
+ aupEnabled?: boolean;
6305
6408
  /**
6306
6409
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
6307
6410
  */
6308
- aupSslProxy: boolean;
6411
+ aupForceSslInspection?: boolean;
6309
6412
  /**
6310
- * the download bandwidth cap of the link, in Mbps
6413
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
6311
6414
  */
6312
- downloadMbps?: number;
6415
+ aupTimeoutInDays?: number;
6313
6416
  /**
6314
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
6417
+ * Enable this option to enforce user authentication
6315
6418
  */
6316
- enableAup: boolean;
6419
+ authRequired?: boolean;
6317
6420
  /**
6318
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
6421
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
6319
6422
  */
6320
- enableCaution: boolean;
6321
- enforceAuthentication: boolean;
6322
- name?: string;
6423
+ cautionEnabled?: boolean;
6424
+ /**
6425
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
6426
+ */
6427
+ dnBandwidth?: number;
6323
6428
  /**
6324
- * if `useXff`==`true`
6429
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
6430
+ */
6431
+ idleTimeInMinutes?: number;
6432
+ /**
6433
+ * if `true`, enable the firewall control option
6434
+ */
6435
+ ofwEnabled?: boolean;
6436
+ /**
6437
+ * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
6325
6438
  */
6326
6439
  subLocations?: outputs.org.DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation[];
6327
6440
  /**
6328
- * the download bandwidth cap of the link, in Mbps
6441
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
6442
+ */
6443
+ surrogateIp?: boolean;
6444
+ /**
6445
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
6446
+ */
6447
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
6448
+ /**
6449
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
6329
6450
  */
6330
- uploadMbps?: number;
6451
+ surrogateRefreshTimeInMinutes?: number;
6452
+ /**
6453
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
6454
+ */
6455
+ upBandwidth?: number;
6331
6456
  /**
6332
6457
  * location uses proxy chaining to forward traffic
6333
6458
  */
6334
- useXff?: boolean;
6459
+ xffForwardEnabled?: boolean;
6335
6460
  }
6336
6461
  interface DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation {
6337
- aupAcceptanceRequired: boolean;
6462
+ aupBlockInternetUntilAccepted?: boolean;
6338
6463
  /**
6339
- * days before AUP is requested again
6464
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
6340
6465
  */
6341
- aupExpire: number;
6466
+ aupEnabled?: boolean;
6342
6467
  /**
6343
6468
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
6344
6469
  */
6345
- aupSslProxy: boolean;
6470
+ aupForceSslInspection?: boolean;
6471
+ /**
6472
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
6473
+ */
6474
+ aupTimeoutInDays?: number;
6475
+ /**
6476
+ * Enable this option to authenticate users
6477
+ */
6478
+ authRequired?: boolean;
6479
+ /**
6480
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
6481
+ */
6482
+ cautionEnabled?: boolean;
6346
6483
  /**
6347
- * the download bandwidth cap of the link, in Mbps
6484
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
6348
6485
  */
6349
- downloadMbps?: number;
6486
+ dnBandwidth?: number;
6350
6487
  /**
6351
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
6488
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
6352
6489
  */
6353
- enableAup?: boolean;
6490
+ idleTimeInMinutes?: number;
6354
6491
  /**
6355
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
6492
+ * Network name
6356
6493
  */
6357
- enableCaution: boolean;
6358
- enforceAuthentication: boolean;
6359
- subnets?: string[];
6494
+ name?: string;
6495
+ /**
6496
+ * if `true`, enable the firewall control option
6497
+ */
6498
+ ofwEnabled?: boolean;
6360
6499
  /**
6361
- * the download bandwidth cap of the link, in Mbps
6500
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
6362
6501
  */
6363
- uploadMbps?: number;
6502
+ surrogateIp?: boolean;
6503
+ /**
6504
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
6505
+ */
6506
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
6507
+ /**
6508
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
6509
+ */
6510
+ surrogateRefreshTimeInMinutes?: number;
6511
+ /**
6512
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
6513
+ */
6514
+ upBandwidth?: number;
6364
6515
  }
6365
6516
  interface DeviceprofileGatewayVrfConfig {
6366
6517
  /**
@@ -6480,8 +6631,7 @@ export declare namespace org {
6480
6631
  */
6481
6632
  exportPolicy?: string;
6482
6633
  /**
6483
- * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6)
6484
- * for v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
6634
+ * by default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
6485
6635
  */
6486
6636
  extendedV4Nexthop?: boolean;
6487
6637
  /**
@@ -6717,6 +6867,9 @@ export declare namespace org {
6717
6867
  routedForNetworks?: string[];
6718
6868
  subnet: string;
6719
6869
  subnet6?: string;
6870
+ /**
6871
+ * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
6872
+ */
6720
6873
  tenants?: {
6721
6874
  [key: string]: outputs.org.GatewaytemplateNetworkTenants;
6722
6875
  };
@@ -6734,7 +6887,7 @@ export declare namespace org {
6734
6887
  interface GatewaytemplateNetworkInternetAccess {
6735
6888
  createSimpleServicePolicy: boolean;
6736
6889
  /**
6737
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
6890
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
6738
6891
  */
6739
6892
  destinationNat?: {
6740
6893
  [key: string]: outputs.org.GatewaytemplateNetworkInternetAccessDestinationNat;
@@ -6745,22 +6898,35 @@ export declare namespace org {
6745
6898
  */
6746
6899
  restricted: boolean;
6747
6900
  /**
6748
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
6901
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
6749
6902
  */
6750
6903
  staticNat?: {
6751
6904
  [key: string]: outputs.org.GatewaytemplateNetworkInternetAccessStaticNat;
6752
6905
  };
6753
6906
  }
6754
6907
  interface GatewaytemplateNetworkInternetAccessDestinationNat {
6908
+ /**
6909
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
6910
+ */
6755
6911
  internalIp?: string;
6756
6912
  name?: string;
6757
- port?: number;
6913
+ /**
6914
+ * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
6915
+ */
6916
+ port?: string;
6917
+ /**
6918
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
6919
+ */
6920
+ wanName?: string;
6758
6921
  }
6759
6922
  interface GatewaytemplateNetworkInternetAccessStaticNat {
6760
- internalIp?: string;
6761
- name?: string;
6762
6923
  /**
6763
- * If not set, we configure the nat policies against all WAN ports for simplicity
6924
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
6925
+ */
6926
+ internalIp: string;
6927
+ name: string;
6928
+ /**
6929
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
6764
6930
  */
6765
6931
  wanName?: string;
6766
6932
  }
@@ -6796,9 +6962,9 @@ export declare namespace org {
6796
6962
  */
6797
6963
  allowPing?: boolean;
6798
6964
  /**
6799
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
6965
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
6800
6966
  */
6801
- destinationNat: {
6967
+ destinationNat?: {
6802
6968
  [key: string]: outputs.org.GatewaytemplateNetworkVpnAccessDestinationNat;
6803
6969
  };
6804
6970
  /**
@@ -6814,13 +6980,11 @@ export declare namespace org {
6814
6980
  */
6815
6981
  noReadvertiseToLanOspf: boolean;
6816
6982
  /**
6817
- * toward overlay
6818
- * how HUB should deal with routes it received from Spokes
6983
+ * toward overlay, how HUB should deal with routes it received from Spokes
6819
6984
  */
6820
6985
  noReadvertiseToOverlay?: boolean;
6821
6986
  /**
6822
- * by default, the routes are only readvertised toward the same vrf on spoke
6823
- * to allow it to be leaked to other vrfs
6987
+ * by default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
6824
6988
  */
6825
6989
  otherVrfs: string[];
6826
6990
  /**
@@ -6832,14 +6996,13 @@ export declare namespace org {
6832
6996
  */
6833
6997
  sourceNat: outputs.org.GatewaytemplateNetworkVpnAccessSourceNat;
6834
6998
  /**
6835
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
6999
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
6836
7000
  */
6837
7001
  staticNat: {
6838
7002
  [key: string]: outputs.org.GatewaytemplateNetworkVpnAccessStaticNat;
6839
7003
  };
6840
7004
  /**
6841
- * toward overlay
6842
- * how HUB should deal with routes it received from Spokes
7005
+ * toward overlay, how HUB should deal with routes it received from Spokes
6843
7006
  */
6844
7007
  summarizedSubnet?: string;
6845
7008
  /**
@@ -6852,20 +7015,22 @@ export declare namespace org {
6852
7015
  summarizedSubnetToLanOspf?: string;
6853
7016
  }
6854
7017
  interface GatewaytemplateNetworkVpnAccessDestinationNat {
7018
+ /**
7019
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
7020
+ */
6855
7021
  internalIp?: string;
6856
7022
  name?: string;
6857
- port?: number;
7023
+ port?: string;
6858
7024
  }
6859
7025
  interface GatewaytemplateNetworkVpnAccessSourceNat {
6860
7026
  externalIp?: string;
6861
7027
  }
6862
7028
  interface GatewaytemplateNetworkVpnAccessStaticNat {
6863
- internalIp?: string;
6864
- name?: string;
6865
7029
  /**
6866
- * If not set, we configure the nat policies against all WAN ports for simplicity
7030
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
6867
7031
  */
6868
- wanName?: string;
7032
+ internalIp: string;
7033
+ name: string;
6869
7034
  }
6870
7035
  interface GatewaytemplateOobIpConfig {
6871
7036
  /**
@@ -6976,9 +7141,7 @@ export declare namespace org {
6976
7141
  */
6977
7142
  aeIdx?: string;
6978
7143
  /**
6979
- * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n
6980
- * Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n
6981
- * Note: Turning this on will enable force-up on one of the interfaces in the bundle only
7144
+ * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
6982
7145
  */
6983
7146
  aeLacpForceUp: boolean;
6984
7147
  aggregated: boolean;
@@ -6986,6 +7149,9 @@ export declare namespace org {
6986
7149
  * if want to generate port up/down alarm, set it to true
6987
7150
  */
6988
7151
  critical: boolean;
7152
+ /**
7153
+ * Interface Description. Can be a variable (i.e. "{{myvar}}")
7154
+ */
6989
7155
  description?: string;
6990
7156
  disableAutoneg: boolean;
6991
7157
  /**
@@ -6997,13 +7163,11 @@ export declare namespace org {
6997
7163
  */
6998
7164
  dslType: string;
6999
7165
  /**
7000
- * if `wanType`==`dsl`
7001
- * 16 bit int
7166
+ * if `wanType`==`dsl`, 16 bit int
7002
7167
  */
7003
7168
  dslVci: number;
7004
7169
  /**
7005
- * if `wanType`==`dsl`
7006
- * 8 bit int
7170
+ * if `wanType`==`dsl`, 8 bit int
7007
7171
  */
7008
7172
  dslVpi: number;
7009
7173
  /**
@@ -7037,7 +7201,7 @@ export declare namespace org {
7037
7201
  */
7038
7202
  name?: string;
7039
7203
  /**
7040
- * if `usage`==`lan`
7204
+ * if `usage`==`lan`, name of the `junipermist.org.Network` resource
7041
7205
  */
7042
7206
  networks: string[];
7043
7207
  /**
@@ -7046,7 +7210,7 @@ export declare namespace org {
7046
7210
  outerVlanId?: number;
7047
7211
  poeDisabled: boolean;
7048
7212
  /**
7049
- * if `usage`==`lan`
7213
+ * Only for SRX and if `usage`==`lan`, the Untagged VLAN Network
7050
7214
  */
7051
7215
  portNetwork?: string;
7052
7216
  /**
@@ -7056,7 +7220,7 @@ export declare namespace org {
7056
7220
  /**
7057
7221
  * if HA mode
7058
7222
  */
7059
- redundant?: boolean;
7223
+ redundant: boolean;
7060
7224
  /**
7061
7225
  * if HA mode
7062
7226
  */
@@ -7083,10 +7247,7 @@ export declare namespace org {
7083
7247
  * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
7084
7248
  */
7085
7249
  usage: string;
7086
- /**
7087
- * if WAN interface is on a VLAN
7088
- */
7089
- vlanId?: number;
7250
+ vlanId?: string;
7090
7251
  /**
7091
7252
  * Property key is the VPN name
7092
7253
  */
@@ -7094,29 +7255,33 @@ export declare namespace org {
7094
7255
  [key: string]: outputs.org.GatewaytemplatePortConfigVpnPaths;
7095
7256
  };
7096
7257
  /**
7097
- * when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
7258
+ * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
7098
7259
  */
7099
7260
  wanArpPolicer: string;
7100
7261
  /**
7101
- * optional, if spoke should reach this port by a different IP
7262
+ * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
7102
7263
  */
7103
7264
  wanExtIp?: string;
7104
7265
  /**
7105
- * Property Key is the destianation CIDR (e.g "100.100.100.0/24")
7266
+ * Only if `usage`==`wan`. Property Key is the destianation CIDR (e.g "100.100.100.0/24")
7106
7267
  */
7107
7268
  wanExtraRoutes?: {
7108
7269
  [key: string]: outputs.org.GatewaytemplatePortConfigWanExtraRoutes;
7109
7270
  };
7110
7271
  /**
7111
- * if `usage`==`wan`
7272
+ * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
7273
+ */
7274
+ wanNetworks: string[];
7275
+ /**
7276
+ * Only if `usage`==`wan`
7112
7277
  */
7113
7278
  wanProbeOverride?: outputs.org.GatewaytemplatePortConfigWanProbeOverride;
7114
7279
  /**
7115
- * optional, by default, source-NAT is performed on all WAN Ports using the interface-ip
7280
+ * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
7116
7281
  */
7117
7282
  wanSourceNat?: outputs.org.GatewaytemplatePortConfigWanSourceNat;
7118
7283
  /**
7119
- * if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
7284
+ * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
7120
7285
  */
7121
7286
  wanType: string;
7122
7287
  }
@@ -7130,12 +7295,15 @@ export declare namespace org {
7130
7295
  */
7131
7296
  dnsSuffixes?: string[];
7132
7297
  /**
7133
- * except for out-of_band interface (vme/em0/fxp0)
7298
+ * except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
7134
7299
  */
7135
7300
  gateway?: string;
7301
+ /**
7302
+ * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
7303
+ */
7136
7304
  ip?: string;
7137
7305
  /**
7138
- * used only if `subnet` is not specified in `networks`
7306
+ * used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
7139
7307
  */
7140
7308
  netmask?: string;
7141
7309
  /**
@@ -7161,11 +7329,14 @@ export declare namespace org {
7161
7329
  }
7162
7330
  interface GatewaytemplatePortConfigTrafficShaping {
7163
7331
  /**
7164
- * percentages for differet class of traffic: high / medium / low / best-effort
7165
- * sum must be equal to 100
7332
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
7166
7333
  */
7167
7334
  classPercentages?: number[];
7168
7335
  enabled: boolean;
7336
+ /**
7337
+ * Interface Transmit Cap in kbps
7338
+ */
7339
+ maxTxKbps?: number;
7169
7340
  }
7170
7341
  interface GatewaytemplatePortConfigVpnPaths {
7171
7342
  /**
@@ -7192,11 +7363,14 @@ export declare namespace org {
7192
7363
  }
7193
7364
  interface GatewaytemplatePortConfigVpnPathsTrafficShaping {
7194
7365
  /**
7195
- * percentages for differet class of traffic: high / medium / low / best-effort
7196
- * sum must be equal to 100
7366
+ * percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100
7197
7367
  */
7198
7368
  classPercentages?: number[];
7199
7369
  enabled: boolean;
7370
+ /**
7371
+ * Interface Transmit Cap in kbps
7372
+ */
7373
+ maxTxKbps?: number;
7200
7374
  }
7201
7375
  interface GatewaytemplatePortConfigWanExtraRoutes {
7202
7376
  via?: string;
@@ -7241,6 +7415,10 @@ export declare namespace org {
7241
7415
  * for SSR, hub decides how VRF routes are leaked on spoke
7242
7416
  */
7243
7417
  addTargetVrfs?: string[];
7418
+ /**
7419
+ * route aggregation
7420
+ */
7421
+ aggregates?: string[];
7244
7422
  /**
7245
7423
  * when used as export policy, optional
7246
7424
  */
@@ -7285,16 +7463,14 @@ export declare namespace org {
7285
7463
  vpnNeighborMacs?: string[];
7286
7464
  vpnPathSla?: outputs.org.GatewaytemplateRoutingPoliciesTermMatchingVpnPathSla;
7287
7465
  /**
7288
- * overlay-facing criteria (used for bgpConfig where via=vpn)
7289
- * ordered-
7466
+ * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
7290
7467
  */
7291
7468
  vpnPaths?: string[];
7292
7469
  }
7293
7470
  interface GatewaytemplateRoutingPoliciesTermMatchingRouteExists {
7294
7471
  route?: string;
7295
7472
  /**
7296
- * name of the vrf instance
7297
- * it can also be the name of the VPN or wan if they
7473
+ * name of the vrf instance, it can also be the name of the VPN or wan if they
7298
7474
  */
7299
7475
  vrfName: string;
7300
7476
  }
@@ -7323,8 +7499,7 @@ export declare namespace org {
7323
7499
  */
7324
7500
  name?: string;
7325
7501
  /**
7326
- * by default, we derive all paths available and use them
7327
- * optionally, you can customize by using `pathPreference`
7502
+ * by default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
7328
7503
  */
7329
7504
  pathPreference?: string;
7330
7505
  /**
@@ -7367,70 +7542,81 @@ export declare namespace org {
7367
7542
  interface GatewaytemplateTunnelConfigs {
7368
7543
  autoProvision?: outputs.org.GatewaytemplateTunnelConfigsAutoProvision;
7369
7544
  /**
7370
- * Only if `provider`== `custom-ipsec`
7545
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
7371
7546
  */
7372
7547
  ikeLifetime?: number;
7373
7548
  /**
7374
- * Only if `provider`== `custom-ipsec`. enum: `aggressive`, `main`
7549
+ * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
7375
7550
  */
7376
7551
  ikeMode: string;
7377
7552
  /**
7378
- * if `provider`== `custom-ipsec`
7553
+ * if `provider`==`custom-ipsec`
7379
7554
  */
7380
7555
  ikeProposals?: outputs.org.GatewaytemplateTunnelConfigsIkeProposal[];
7381
7556
  /**
7382
- * if `provider`== `custom-ipsec`
7557
+ * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
7383
7558
  */
7384
7559
  ipsecLifetime?: number;
7385
7560
  /**
7386
- * Only if `provider`== `custom-ipsec`
7561
+ * Only if `provider`==`custom-ipsec`
7387
7562
  */
7388
7563
  ipsecProposals?: outputs.org.GatewaytemplateTunnelConfigsIpsecProposal[];
7389
7564
  /**
7390
- * Only if:
7391
- * * `provider`== `zscaler-ipsec`
7392
- * * `provider`==`jse-ipsec`
7393
- * * `provider`== `custom-ipsec`
7565
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7394
7566
  */
7395
7567
  localId?: string;
7396
7568
  /**
7397
- * enum: `active-active`, `active-standby`
7569
+ * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
7398
7570
  */
7399
7571
  mode: string;
7400
7572
  /**
7401
- * networks reachable via this tunnel
7573
+ * if `provider`==`custom-ipsec`, networks reachable via this tunnel
7402
7574
  */
7403
7575
  networks: string[];
7576
+ /**
7577
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7578
+ */
7404
7579
  primary?: outputs.org.GatewaytemplateTunnelConfigsPrimary;
7405
7580
  /**
7406
- * Only if `provider`== `custom-ipsec`
7581
+ * Only if `provider`==`custom-ipsec`
7407
7582
  */
7408
7583
  probe?: outputs.org.GatewaytemplateTunnelConfigsProbe;
7409
7584
  /**
7410
- * Only if `provider`== `custom-ipsec`. enum: `gre`, `ipsec`
7585
+ * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
7411
7586
  */
7412
7587
  protocol?: string;
7413
7588
  /**
7414
- * enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
7589
+ * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `customer-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
7415
7590
  */
7416
7591
  provider?: string;
7417
7592
  /**
7418
- * Only if:
7419
- * * `provider`== `zscaler-ipsec`
7420
- * * `provider`==`jse-ipsec`
7421
- * * `provider`== `custom-ipsec`
7593
+ * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7422
7594
  */
7423
7595
  psk?: string;
7596
+ /**
7597
+ * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7598
+ */
7424
7599
  secondary?: outputs.org.GatewaytemplateTunnelConfigsSecondary;
7425
7600
  /**
7426
- * Only if `provider`== `custom-gre` or `provider`== `custom-ipsec`. enum: `1`, `2`
7601
+ * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
7427
7602
  */
7428
7603
  version: string;
7429
7604
  }
7430
7605
  interface GatewaytemplateTunnelConfigsAutoProvision {
7431
7606
  enable?: boolean;
7607
+ /**
7608
+ * API override for POP selection
7609
+ */
7432
7610
  latlng?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionLatlng;
7433
7611
  primary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionPrimary;
7612
+ /**
7613
+ * enum: `jse-ipsec`, `zscaler-ipsec`
7614
+ */
7615
+ provider: string;
7616
+ /**
7617
+ * API override for POP selection
7618
+ */
7619
+ region?: string;
7434
7620
  secondary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionSecondary;
7435
7621
  }
7436
7622
  interface GatewaytemplateTunnelConfigsAutoProvisionLatlng {
@@ -7438,14 +7624,14 @@ export declare namespace org {
7438
7624
  lng: number;
7439
7625
  }
7440
7626
  interface GatewaytemplateTunnelConfigsAutoProvisionPrimary {
7441
- numHosts?: string;
7627
+ probeIps?: string[];
7442
7628
  /**
7443
7629
  * optional, only needed if `varsOnly`==`false`
7444
7630
  */
7445
7631
  wanNames?: string[];
7446
7632
  }
7447
7633
  interface GatewaytemplateTunnelConfigsAutoProvisionSecondary {
7448
- numHosts?: string;
7634
+ probeIps?: string[];
7449
7635
  /**
7450
7636
  * optional, only needed if `varsOnly`==`false`
7451
7637
  */
@@ -7481,7 +7667,7 @@ export declare namespace org {
7481
7667
  */
7482
7668
  authAlgo?: string;
7483
7669
  /**
7484
- * Only if `provider`== `custom-ipsec`. enum:
7670
+ * Only if `provider`==`custom-ipsec`. enum:
7485
7671
  * * 1
7486
7672
  * * 2 (1024-bit)
7487
7673
  * * 5
@@ -7500,19 +7686,17 @@ export declare namespace org {
7500
7686
  encAlgo: string;
7501
7687
  }
7502
7688
  interface GatewaytemplateTunnelConfigsPrimary {
7503
- hosts?: string[];
7689
+ hosts: string[];
7504
7690
  /**
7505
- * Only if:
7506
- * * `provider`== `zscaler-gre`
7507
- * * `provider`== `custom-gre`
7691
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
7508
7692
  */
7509
7693
  internalIps?: string[];
7510
7694
  probeIps?: string[];
7511
7695
  /**
7512
- * Only if `provider`== `custom-ipsec`
7696
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7513
7697
  */
7514
7698
  remoteIds?: string[];
7515
- wanNames?: string[];
7699
+ wanNames: string[];
7516
7700
  }
7517
7701
  interface GatewaytemplateTunnelConfigsProbe {
7518
7702
  /**
@@ -7533,19 +7717,17 @@ export declare namespace org {
7533
7717
  type: string;
7534
7718
  }
7535
7719
  interface GatewaytemplateTunnelConfigsSecondary {
7536
- hosts?: string[];
7720
+ hosts: string[];
7537
7721
  /**
7538
- * Only if:
7539
- * * `provider`== `zscaler-gre`
7540
- * * `provider`== `custom-gre`
7722
+ * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
7541
7723
  */
7542
7724
  internalIps?: string[];
7543
7725
  probeIps?: string[];
7544
7726
  /**
7545
- * Only if `provider`== `custom-ipsec`
7727
+ * Only if `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
7546
7728
  */
7547
7729
  remoteIds?: string[];
7548
- wanNames?: string[];
7730
+ wanNames: string[];
7549
7731
  }
7550
7732
  interface GatewaytemplateTunnelProviderOptions {
7551
7733
  /**
@@ -7558,74 +7740,125 @@ export declare namespace org {
7558
7740
  zscaler?: outputs.org.GatewaytemplateTunnelProviderOptionsZscaler;
7559
7741
  }
7560
7742
  interface GatewaytemplateTunnelProviderOptionsJse {
7561
- name?: string;
7562
7743
  numUsers?: number;
7744
+ /**
7745
+ * JSE Organization name
7746
+ */
7747
+ orgName?: string;
7563
7748
  }
7564
7749
  interface GatewaytemplateTunnelProviderOptionsZscaler {
7565
- aupAcceptanceRequired?: boolean;
7750
+ aupBlockInternetUntilAccepted?: boolean;
7566
7751
  /**
7567
- * days before AUP is requested again
7752
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
7568
7753
  */
7569
- aupExpire?: number;
7754
+ aupEnabled?: boolean;
7570
7755
  /**
7571
7756
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
7572
7757
  */
7573
- aupSslProxy?: boolean;
7758
+ aupForceSslInspection?: boolean;
7574
7759
  /**
7575
- * the download bandwidth cap of the link, in Mbps
7760
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
7576
7761
  */
7577
- downloadMbps?: number;
7762
+ aupTimeoutInDays?: number;
7578
7763
  /**
7579
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
7764
+ * Enable this option to enforce user authentication
7580
7765
  */
7581
- enableAup?: boolean;
7766
+ authRequired?: boolean;
7582
7767
  /**
7583
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
7768
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
7584
7769
  */
7585
- enableCaution?: boolean;
7586
- enforceAuthentication?: boolean;
7587
- name?: string;
7770
+ cautionEnabled?: boolean;
7588
7771
  /**
7589
- * if `useXff`==`true`
7772
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
7773
+ */
7774
+ dnBandwidth?: number;
7775
+ /**
7776
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
7777
+ */
7778
+ idleTimeInMinutes?: number;
7779
+ /**
7780
+ * if `true`, enable the firewall control option
7781
+ */
7782
+ ofwEnabled?: boolean;
7783
+ /**
7784
+ * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
7590
7785
  */
7591
7786
  subLocations?: outputs.org.GatewaytemplateTunnelProviderOptionsZscalerSubLocation[];
7592
7787
  /**
7593
- * the download bandwidth cap of the link, in Mbps
7788
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
7789
+ */
7790
+ surrogateIp?: boolean;
7791
+ /**
7792
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
7594
7793
  */
7595
- uploadMbps?: number;
7794
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
7795
+ /**
7796
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
7797
+ */
7798
+ surrogateRefreshTimeInMinutes?: number;
7799
+ /**
7800
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
7801
+ */
7802
+ upBandwidth?: number;
7596
7803
  /**
7597
7804
  * location uses proxy chaining to forward traffic
7598
7805
  */
7599
- useXff?: boolean;
7806
+ xffForwardEnabled?: boolean;
7600
7807
  }
7601
7808
  interface GatewaytemplateTunnelProviderOptionsZscalerSubLocation {
7602
- aupAcceptanceRequired: boolean;
7809
+ aupBlockInternetUntilAccepted?: boolean;
7603
7810
  /**
7604
- * days before AUP is requested again
7811
+ * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
7605
7812
  */
7606
- aupExpire: number;
7813
+ aupEnabled?: boolean;
7607
7814
  /**
7608
7815
  * proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
7609
7816
  */
7610
- aupSslProxy: boolean;
7817
+ aupForceSslInspection?: boolean;
7818
+ /**
7819
+ * Required if `aupEnabled`==`true`. Days before AUP is requested again
7820
+ */
7821
+ aupTimeoutInDays?: number;
7611
7822
  /**
7612
- * the download bandwidth cap of the link, in Mbps
7823
+ * Enable this option to authenticate users
7613
7824
  */
7614
- downloadMbps?: number;
7825
+ authRequired?: boolean;
7615
7826
  /**
7616
- * if `useXff`==`true`, display Acceptable Use Policy (AUP)
7827
+ * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
7617
7828
  */
7618
- enableAup?: boolean;
7829
+ cautionEnabled?: boolean;
7619
7830
  /**
7620
- * when `enforceAuthentication`==`false`, display caution notification for non-authenticated users
7831
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
7621
7832
  */
7622
- enableCaution: boolean;
7623
- enforceAuthentication: boolean;
7624
- subnets?: string[];
7833
+ dnBandwidth?: number;
7834
+ /**
7835
+ * Required if `surrogate_IP`==`true`, idle Time to Disassociation
7836
+ */
7837
+ idleTimeInMinutes?: number;
7838
+ /**
7839
+ * Network name
7840
+ */
7841
+ name?: string;
7625
7842
  /**
7626
- * the download bandwidth cap of the link, in Mbps
7843
+ * if `true`, enable the firewall control option
7627
7844
  */
7628
- uploadMbps?: number;
7845
+ ofwEnabled?: boolean;
7846
+ /**
7847
+ * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
7848
+ */
7849
+ surrogateIp?: boolean;
7850
+ /**
7851
+ * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
7852
+ */
7853
+ surrogateIpEnforcedForKnownBrowsers?: boolean;
7854
+ /**
7855
+ * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
7856
+ */
7857
+ surrogateRefreshTimeInMinutes?: number;
7858
+ /**
7859
+ * the download bandwidth cap of the link, in Mbps. Disabled if not set
7860
+ */
7861
+ upBandwidth?: number;
7629
7862
  }
7630
7863
  interface GatewaytemplateVrfConfig {
7631
7864
  /**
@@ -8235,7 +8468,7 @@ export declare namespace org {
8235
8468
  interface NetworkInternetAccess {
8236
8469
  createSimpleServicePolicy: boolean;
8237
8470
  /**
8238
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
8471
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
8239
8472
  */
8240
8473
  destinationNat?: {
8241
8474
  [key: string]: outputs.org.NetworkInternetAccessDestinationNat;
@@ -8246,25 +8479,57 @@ export declare namespace org {
8246
8479
  */
8247
8480
  restricted: boolean;
8248
8481
  /**
8249
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
8482
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
8250
8483
  */
8251
8484
  staticNat?: {
8252
8485
  [key: string]: outputs.org.NetworkInternetAccessStaticNat;
8253
8486
  };
8254
8487
  }
8255
8488
  interface NetworkInternetAccessDestinationNat {
8489
+ /**
8490
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
8491
+ */
8256
8492
  internalIp?: string;
8257
8493
  name?: string;
8258
- port?: number;
8494
+ /**
8495
+ * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
8496
+ */
8497
+ port?: string;
8498
+ /**
8499
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
8500
+ */
8501
+ wanName?: string;
8259
8502
  }
8260
8503
  interface NetworkInternetAccessStaticNat {
8261
- internalIp?: string;
8262
- name?: string;
8263
8504
  /**
8264
- * If not set, we configure the nat policies against all WAN ports for simplicity
8505
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
8506
+ */
8507
+ internalIp: string;
8508
+ name: string;
8509
+ /**
8510
+ * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
8265
8511
  */
8266
8512
  wanName?: string;
8267
8513
  }
8514
+ interface NetworkMulticast {
8515
+ /**
8516
+ * if the network will only be the soruce of the multicast traffic, IGMP can be disabled
8517
+ */
8518
+ disableIgmp: boolean;
8519
+ enabled: boolean;
8520
+ /**
8521
+ * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
8522
+ */
8523
+ groups?: {
8524
+ [key: string]: outputs.org.NetworkMulticastGroups;
8525
+ };
8526
+ }
8527
+ interface NetworkMulticastGroups {
8528
+ /**
8529
+ * RP (rendezvous point) IP Address
8530
+ */
8531
+ rpIp?: string;
8532
+ }
8268
8533
  interface NetworkTenants {
8269
8534
  addresses?: string[];
8270
8535
  }
@@ -8278,9 +8543,9 @@ export declare namespace org {
8278
8543
  */
8279
8544
  allowPing?: boolean;
8280
8545
  /**
8281
- * Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222")
8546
+ * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
8282
8547
  */
8283
- destinationNat: {
8548
+ destinationNat?: {
8284
8549
  [key: string]: outputs.org.NetworkVpnAccessDestinationNat;
8285
8550
  };
8286
8551
  /**
@@ -8314,7 +8579,7 @@ export declare namespace org {
8314
8579
  */
8315
8580
  sourceNat: outputs.org.NetworkVpnAccessSourceNat;
8316
8581
  /**
8317
- * Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20")
8582
+ * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
8318
8583
  */
8319
8584
  staticNat: {
8320
8585
  [key: string]: outputs.org.NetworkVpnAccessStaticNat;
@@ -8334,31 +8599,35 @@ export declare namespace org {
8334
8599
  summarizedSubnetToLanOspf?: string;
8335
8600
  }
8336
8601
  interface NetworkVpnAccessDestinationNat {
8602
+ /**
8603
+ * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
8604
+ */
8337
8605
  internalIp?: string;
8338
8606
  name?: string;
8339
- port?: number;
8607
+ port?: string;
8340
8608
  }
8341
8609
  interface NetworkVpnAccessSourceNat {
8342
8610
  externalIp?: string;
8343
8611
  }
8344
8612
  interface NetworkVpnAccessStaticNat {
8345
- internalIp?: string;
8346
- name?: string;
8347
8613
  /**
8348
- * If not set, we configure the nat policies against all WAN ports for simplicity
8614
+ * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
8349
8615
  */
8350
- wanName?: string;
8616
+ internalIp: string;
8617
+ name: string;
8351
8618
  }
8352
8619
  interface NetworktemplateAclPolicy {
8353
8620
  /**
8354
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
8355
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
8621
+ * ACL Policy Actions:
8622
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
8623
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
8356
8624
  */
8357
8625
  actions?: outputs.org.NetworktemplateAclPolicyAction[];
8358
8626
  name?: string;
8359
8627
  /**
8360
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
8361
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
8628
+ * ACL Policy Source Tags:
8629
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
8630
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
8362
8631
  */
8363
8632
  srcTags?: string[];
8364
8633
  }
@@ -8372,9 +8641,9 @@ export declare namespace org {
8372
8641
  interface NetworktemplateAclTags {
8373
8642
  /**
8374
8643
  * required if
8375
- * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
8376
- * - `type`==`gbpResource`
8377
- * - `type`==`staticGbp` (applying gbp tag against matching conditions)
8644
+ * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
8645
+ * - `type`==`gbpResource`
8646
+ * - `type`==`staticGbp` (applying gbp tag against matching conditions)
8378
8647
  */
8379
8648
  gbpTag?: number;
8380
8649
  /**
@@ -8400,8 +8669,7 @@ export declare namespace org {
8400
8669
  */
8401
8670
  radiusGroup?: string;
8402
8671
  /**
8403
- * if `type`==`resource` or `type`==`gbpResource`
8404
- * empty means unrestricted, i.e. any
8672
+ * if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
8405
8673
  */
8406
8674
  specs?: outputs.org.NetworktemplateAclTagsSpec[];
8407
8675
  /**
@@ -8431,7 +8699,7 @@ export declare namespace org {
8431
8699
  */
8432
8700
  portRange: string;
8433
8701
  /**
8434
- * `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`. `protocolNumber` is between 1-254
8702
+ * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
8435
8703
  */
8436
8704
  protocol: string;
8437
8705
  }
@@ -8505,8 +8773,7 @@ export declare namespace org {
8505
8773
  */
8506
8774
  gateway6?: string;
8507
8775
  /**
8508
- * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
8509
- * NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
8776
+ * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
8510
8777
  */
8511
8778
  isolation: boolean;
8512
8779
  isolationVlanId?: string;
@@ -8592,9 +8859,7 @@ export declare namespace org {
8592
8859
  */
8593
8860
  allNetworks: boolean;
8594
8861
  /**
8595
- * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
8596
- * All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
8597
- * When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
8862
+ * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
8598
8863
  */
8599
8864
  allowDhcpd?: boolean;
8600
8865
  /**
@@ -8642,8 +8907,7 @@ export declare namespace org {
8642
8907
  */
8643
8908
  guestNetwork?: string;
8644
8909
  /**
8645
- * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
8646
- * NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
8910
+ * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
8647
8911
  */
8648
8912
  interSwitchLink: boolean;
8649
8913
  /**
@@ -8715,8 +8979,7 @@ export declare namespace org {
8715
8979
  */
8716
8980
  speed: string;
8717
8981
  /**
8718
- * Switch storm control
8719
- * Only if `mode`!=`dynamic`
8982
+ * Switch storm control. Only if `mode`!=`dynamic`
8720
8983
  */
8721
8984
  stormControl?: outputs.org.NetworktemplatePortUsagesStormControl;
8722
8985
  /**
@@ -8797,8 +9060,7 @@ export declare namespace org {
8797
9060
  */
8798
9061
  authServersTimeout: number;
8799
9062
  /**
8800
- * use `network`or `sourceIp`
8801
- * which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
9063
+ * use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
8802
9064
  */
8803
9065
  network?: string;
8804
9066
  /**
@@ -9078,8 +9340,7 @@ export declare namespace org {
9078
9340
  }
9079
9341
  interface NetworktemplateSnmpConfigV3ConfigUsmUser {
9080
9342
  /**
9081
- * Not required if `authenticationType`==`authenticationNone`
9082
- * include alphabetic, numeric, and special characters, but it cannot include control characters.
9343
+ * Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
9083
9344
  */
9084
9345
  authenticationPassword?: string;
9085
9346
  /**
@@ -9087,8 +9348,7 @@ export declare namespace org {
9087
9348
  */
9088
9349
  authenticationType?: string;
9089
9350
  /**
9090
- * Not required if `encryptionType`==`privacy-none`
9091
- * include alphabetic, numeric, and special characters, but it cannot include control characters
9351
+ * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
9092
9352
  */
9093
9353
  encryptionPassword?: string;
9094
9354
  /**
@@ -9213,8 +9473,7 @@ Please update your configurations.
9213
9473
  [key: string]: outputs.org.NetworktemplateSwitchMatchingRulePortConfig;
9214
9474
  };
9215
9475
  /**
9216
- * Property key is the port mirroring instance name
9217
- * portMirroring can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
9476
+ * Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
9218
9477
  */
9219
9478
  portMirroring?: {
9220
9479
  [key: string]: outputs.org.NetworktemplateSwitchMatchingRulePortMirroring;
@@ -10140,8 +10399,7 @@ Please update your configurations.
10140
10399
  };
10141
10400
  enabled: boolean;
10142
10401
  /**
10143
- * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps
10144
- * Property key is the wxtag id
10402
+ * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
10145
10403
  */
10146
10404
  wxtagIds: {
10147
10405
  [key: string]: number;
@@ -10306,8 +10564,7 @@ Please update your configurations.
10306
10564
  interface WlanDnsServerRewrite {
10307
10565
  enabled: boolean;
10308
10566
  /**
10309
- * map between radiusGroup and the desired DNS server (IPv4 only)
10310
- * Property key is the RADIUS group, property value is the desired DNS Server
10567
+ * map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
10311
10568
  */
10312
10569
  radiusGroups?: {
10313
10570
  [key: string]: string;
@@ -10321,8 +10578,7 @@ Please update your configurations.
10321
10578
  defaultVlanId?: string;
10322
10579
  enabled: boolean;
10323
10580
  /**
10324
- * when 11r is enabled, we'll try to use the cached PMK, this can be disabled
10325
- * `false` means auto
10581
+ * when 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
10326
10582
  */
10327
10583
  forceLookup: boolean;
10328
10584
  /**
@@ -11380,13 +11636,11 @@ Please update your configurations.
11380
11636
  enabled?: boolean;
11381
11637
  idleTimeout?: number;
11382
11638
  /**
11383
- * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids.
11384
- * Org mxedge(s) identified by mxcluster_ids
11639
+ * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
11385
11640
  */
11386
11641
  mxclusterIds: string[];
11387
11642
  /**
11388
- * default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts
11389
- * when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
11643
+ * default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
11390
11644
  */
11391
11645
  proxyHosts: string[];
11392
11646
  /**
@@ -11712,14 +11966,16 @@ export declare namespace site {
11712
11966
  }
11713
11967
  interface NetworktemplateAclPolicy {
11714
11968
  /**
11715
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
11716
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
11969
+ * ACL Policy Actions:
11970
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
11971
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
11717
11972
  */
11718
11973
  actions?: outputs.site.NetworktemplateAclPolicyAction[];
11719
11974
  name?: string;
11720
11975
  /**
11721
- * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
11722
- * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
11976
+ * ACL Policy Source Tags:
11977
+ * - for GBP-based policy, all srcTags and dstTags have to be gbp-based
11978
+ * - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
11723
11979
  */
11724
11980
  srcTags?: string[];
11725
11981
  }
@@ -11733,9 +11989,9 @@ export declare namespace site {
11733
11989
  interface NetworktemplateAclTags {
11734
11990
  /**
11735
11991
  * required if
11736
- * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
11737
- * - `type`==`gbpResource`
11738
- * - `type`==`staticGbp` (applying gbp tag against matching conditions)
11992
+ * - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
11993
+ * - `type`==`gbpResource`
11994
+ * - `type`==`staticGbp` (applying gbp tag against matching conditions)
11739
11995
  */
11740
11996
  gbpTag?: number;
11741
11997
  /**
@@ -11761,8 +12017,7 @@ export declare namespace site {
11761
12017
  */
11762
12018
  radiusGroup?: string;
11763
12019
  /**
11764
- * if `type`==`resource` or `type`==`gbpResource`
11765
- * empty means unrestricted, i.e. any
12020
+ * if `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
11766
12021
  */
11767
12022
  specs?: outputs.site.NetworktemplateAclTagsSpec[];
11768
12023
  /**
@@ -11792,7 +12047,7 @@ export declare namespace site {
11792
12047
  */
11793
12048
  portRange: string;
11794
12049
  /**
11795
- * `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`. `protocolNumber` is between 1-254
12050
+ * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
11796
12051
  */
11797
12052
  protocol: string;
11798
12053
  }
@@ -11866,8 +12121,7 @@ export declare namespace site {
11866
12121
  */
11867
12122
  gateway6?: string;
11868
12123
  /**
11869
- * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required)
11870
- * NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
12124
+ * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
11871
12125
  */
11872
12126
  isolation: boolean;
11873
12127
  isolationVlanId?: string;
@@ -11953,9 +12207,7 @@ export declare namespace site {
11953
12207
  */
11954
12208
  allNetworks: boolean;
11955
12209
  /**
11956
- * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with.
11957
- * All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state.
11958
- * When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
12210
+ * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is a access or trunk port.
11959
12211
  */
11960
12212
  allowDhcpd?: boolean;
11961
12213
  /**
@@ -12003,8 +12255,7 @@ export declare namespace site {
12003
12255
  */
12004
12256
  guestNetwork?: string;
12005
12257
  /**
12006
- * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks
12007
- * NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
12258
+ * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
12008
12259
  */
12009
12260
  interSwitchLink: boolean;
12010
12261
  /**
@@ -12076,8 +12327,7 @@ export declare namespace site {
12076
12327
  */
12077
12328
  speed: string;
12078
12329
  /**
12079
- * Switch storm control
12080
- * Only if `mode`!=`dynamic`
12330
+ * Switch storm control. Only if `mode`!=`dynamic`
12081
12331
  */
12082
12332
  stormControl?: outputs.site.NetworktemplatePortUsagesStormControl;
12083
12333
  /**
@@ -12158,8 +12408,7 @@ export declare namespace site {
12158
12408
  */
12159
12409
  authServersTimeout: number;
12160
12410
  /**
12161
- * use `network`or `sourceIp`
12162
- * which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
12411
+ * use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
12163
12412
  */
12164
12413
  network?: string;
12165
12414
  /**
@@ -12439,8 +12688,7 @@ export declare namespace site {
12439
12688
  }
12440
12689
  interface NetworktemplateSnmpConfigV3ConfigUsmUser {
12441
12690
  /**
12442
- * Not required if `authenticationType`==`authenticationNone`
12443
- * include alphabetic, numeric, and special characters, but it cannot include control characters.
12691
+ * Not required if `authenticationType`==`authenticationNone`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
12444
12692
  */
12445
12693
  authenticationPassword?: string;
12446
12694
  /**
@@ -12448,8 +12696,7 @@ export declare namespace site {
12448
12696
  */
12449
12697
  authenticationType?: string;
12450
12698
  /**
12451
- * Not required if `encryptionType`==`privacy-none`
12452
- * include alphabetic, numeric, and special characters, but it cannot include control characters
12699
+ * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
12453
12700
  */
12454
12701
  encryptionPassword?: string;
12455
12702
  /**
@@ -12574,8 +12821,7 @@ Please update your configurations.
12574
12821
  [key: string]: outputs.site.NetworktemplateSwitchMatchingRulePortConfig;
12575
12822
  };
12576
12823
  /**
12577
- * Property key is the port mirroring instance name
12578
- * portMirroring can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
12824
+ * Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 port mirrorings is allowed
12579
12825
  */
12580
12826
  portMirroring?: {
12581
12827
  [key: string]: outputs.site.NetworktemplateSwitchMatchingRulePortMirroring;
@@ -13396,8 +13642,7 @@ Please update your configurations.
13396
13642
  };
13397
13643
  enabled: boolean;
13398
13644
  /**
13399
- * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps
13400
- * Property key is the wxtag id
13645
+ * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
13401
13646
  */
13402
13647
  wxtagIds: {
13403
13648
  [key: string]: number;
@@ -13562,8 +13807,7 @@ Please update your configurations.
13562
13807
  interface WlanDnsServerRewrite {
13563
13808
  enabled: boolean;
13564
13809
  /**
13565
- * map between radiusGroup and the desired DNS server (IPv4 only)
13566
- * Property key is the RADIUS group, property value is the desired DNS Server
13810
+ * map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
13567
13811
  */
13568
13812
  radiusGroups?: {
13569
13813
  [key: string]: string;
@@ -13577,8 +13821,7 @@ Please update your configurations.
13577
13821
  defaultVlanId?: string;
13578
13822
  enabled: boolean;
13579
13823
  /**
13580
- * when 11r is enabled, we'll try to use the cached PMK, this can be disabled
13581
- * `false` means auto
13824
+ * when 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
13582
13825
  */
13583
13826
  forceLookup: boolean;
13584
13827
  /**
@@ -14636,13 +14879,11 @@ Please update your configurations.
14636
14879
  enabled?: boolean;
14637
14880
  idleTimeout?: number;
14638
14881
  /**
14639
- * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids.
14640
- * Org mxedge(s) identified by mxcluster_ids
14882
+ * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
14641
14883
  */
14642
14884
  mxclusterIds: string[];
14643
14885
  /**
14644
- * default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts
14645
- * when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
14886
+ * default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
14646
14887
  */
14647
14888
  proxyHosts: string[];
14648
14889
  /**