>
+ checkpoint_management_radius_group
+
diff --git a/website/docs/d/checkpoint_management_administrator.html.markdown b/website/docs/d/checkpoint_management_administrator.html.markdown
new file mode 100644
index 00000000..5941fb90
--- /dev/null
+++ b/website/docs/d/checkpoint_management_administrator.html.markdown
@@ -0,0 +1,57 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_administrator"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-administrator"
+description: |-
+Use this data source to get information on an existing Check Point Administrator.
+---
+
+# Data Source: checkpoint_management_administrator
+
+Use this data source to get information on an existing Check Point Administrator.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_administrator" "admin" {
+ name = "example"
+ permissions_profile {
+ domain = "domain1"
+ profile = "Read Only All"
+ }
+
+ multi_domain_profile = "domain level only"
+ password = "1233"
+
+}
+
+data "checkpoint_management_administrator" "data_admin" {
+ name = "${checkpoint_management_administrator.admin.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `authentication_method` - Authentication method.
+* `email` - Administrator email.
+* `expiration_date`
+* `multi_domain_profile` - Administrator multi-domain profile. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `must_change_password` - True if administrator must change password on the next login.
+* `permissions_profile` - Administrator permissions profile. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level. permissions_profile blocks are documented below.
+* `phone_number` - Administrator phone number.
+* `radius_server` - RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS". Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `sic_name` - Name of the Secure Internal Connection Trust.
+* `tacacs_server` - TACACS server object identified by the name or UID . Must be set when "authentication-method" was selected to be "TACACS". Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+
+`permissions_profile` supports the following:
+
+* `domain` - The domain's profile.
+* `profile` - Permission profile.
\ No newline at end of file
diff --git a/website/docs/d/checkpoint_management_azure_ad.html.markdown b/website/docs/d/checkpoint_management_azure_ad.html.markdown
new file mode 100644
index 00000000..6df0da40
--- /dev/null
+++ b/website/docs/d/checkpoint_management_azure_ad.html.markdown
@@ -0,0 +1,42 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_azur_ad"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-azur-ad"
+description: |-
+Use this data source to get information on an existing Check Point Azure Ad.
+---
+
+# Data Source: checkpoint_management_azure_ad
+
+Use this data source to get information on an existing Check Point Azure Ad.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_azure_ad" "azure_ad" {
+ name = "example"
+ password = "123"
+ user_authentication = "user-authentication"
+ username = "example"
+ application_id = "a8662b33-306f-42ba-9ffb-a0ac27c8903f"
+ application_key = "EjdJ2JcNGpw3[GV8:PMN_s2KH]JhtlpO"
+ directory_id = "19c063a8-3bee-4ea5-b984-e344asds37f7"
+}
+
+data "checkpoint_management_azure_ad" "data_azure_ad" {
+ name = "${checkpoint_management_azure_ad.azure_ad.name}"
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name.
+* `uid` - (Optional) Object unique identifier.
+* `properties` - Azure AD connection properties. properties blocks are documented below.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
diff --git a/website/docs/d/checkpoint_management_azure_ad_content.html.markdown b/website/docs/d/checkpoint_management_azure_ad_content.html.markdown
new file mode 100644
index 00000000..da0cbf83
--- /dev/null
+++ b/website/docs/d/checkpoint_management_azure_ad_content.html.markdown
@@ -0,0 +1,68 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_azure_ad_content"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-azure-ad-content"
+description: |-
+This resource allows you to execute Check Point Azure Ad Content.
+---
+
+# Data Source: checkpoint_management_azure_ad_content
+
+This resource allows you to execute Check Point Azure Ad Content.
+
+## Example Usage
+
+
+```hcl
+data "checkpoint_management_azure_ad_content" "azure_ad_content" {
+ azure_ad_name = "my_azureAD"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `azure_ad_name` - (Optional) Name of the Azure AD Server where to search for objects.
+* `azure_ad_uid` - (Optional) Unique identifier of the Azure AD Server where to search for objects.
+* `limit` - (Optional) The maximal number of returned results.
+* `offset` - (Optional) Number of the results to initially skip.
+* `order` - (Optional) Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. order blocks are documented below.
+* `uid_in_azure_ad` - (Optional) Return result matching the unique identifier of the object on the Azure AD Server.
+* `filter` - (Optional) Return results matching the specified filter. filter blocks are documented below.
+
+
+`order` supports the following:
+
+* `asc` - (Optional) Sorts results by the given field in ascending order.
+* `desc` - (Optional) Sorts results by the given field in descending order.
+
+
+`filter` supports the following:
+
+* `text` - (Optional) Return results containing the specified text value.
+* `uri` - (Optional) Return results under the specified Data Center Object (identified by URI).
+* `parent_uid_in_data_center` - (Optional) Return results under the specified Data Center Object (identified by UID).
+
+Output:
+
+* `from` - From which element number the query was done.
+* `objects` - Remote objects views. objects blocks are documented below.
+* `to` - To which element number the query was done.
+* `total` - Total number of elements returned by the query.
+
+
+`objects` supports the following:
+
+* `name_in_azure_ad` - Object name in the Azure AD.
+* `uid_in_azure_ad` - Unique identifier of the object in the Azure AD.
+* `azure_ad_object` - The imported management object (if exists). Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `name` - Object management name.
+* `type_in_azure_ad` - Object type in Azure AD.
+* `additional_properties` - Additional properties on the object. additional_properties blocks are documented below.
+
+
+`additional_properties` supports the following:
+
+* `name`
+* `value`
\ No newline at end of file
diff --git a/website/docs/d/checkpoint_management_lsv_profile.html.markdown b/website/docs/d/checkpoint_management_lsv_profile.html.markdown
new file mode 100644
index 00000000..0727787b
--- /dev/null
+++ b/website/docs/d/checkpoint_management_lsv_profile.html.markdown
@@ -0,0 +1,46 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_lsv_profile"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-lsv-profile"
+description: |-
+Use this data source to get information on an existing Check Point Lsv Profile.
+---
+
+# Data Source: checkpoint_management_lsv_profile
+
+Use this data source to get information on an existing Check Point Lsv Profile.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_lsv_profile" "lsv_profile" {
+ name = "Lsv profile"
+ certificate_authority = "internal_ca"
+}
+
+
+data "checkpoint_management_lsv_profile" "data_lsv_profile" {
+ name = "${checkpoint_management_lsv_profile.lsv_profile.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `allowed_ip_addresses` - Collection of network objects identified by name or UID that represent IP addresses allowed in profile's VPN domain.
+* `certificate_authority` - Trusted Certificate authority for establishing trust between VPN peers, identified by name or UID.
+* `restrict_allowed_addresses` - Indicate whether the IP addresses allowed in the VPN Domain will be restricted or not, according to allowed-ip-addresses field.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `vpn_domain` - peers' VPN Domain properties. vpn_domain blocks are documented below.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+
+
+`vpn_domain` supports the following:
+
+* `limit_peer_domain_size` - Use this parameter to limit the number of IP addresses in the VPN Domain of each peer according to the value in the max-allowed-addresses field.
+* `max_allowed_addresses` - Maximum number of IP addresses in the VPN Domain of each peer. This value will be enforced only when limit-peer-domain-size field is set to true. Select a value between 1 and 256. Default value is 256.
diff --git a/website/docs/d/checkpoint_management_nutanix_data_center_server.html.markdown b/website/docs/d/checkpoint_management_nutanix_data_center_server.html.markdown
new file mode 100644
index 00000000..c7f6fa3d
--- /dev/null
+++ b/website/docs/d/checkpoint_management_nutanix_data_center_server.html.markdown
@@ -0,0 +1,42 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_nutanix_data_center_server"
+sidebar_current: "docs-checkpoint-Resource-checkpoint-management-nutanix-data-center-server"
+description: |- Use this data source to get information on an existing Nutanix data center server.
+---
+
+# Data Source: checkpoint_management_nutanix_data_center_server
+
+Use this data source to get information on an existing Nutanix Data Center Server.
+
+## Example Usage
+
+```hcl
+resource "checkpoint_management_nutanix_data_center_server" "testNutanix" {
+ name = "MY-NUTANIX"
+ hostname = "127.0.0.1"
+ username = "admin"
+ password = "admin"
+}
+
+data "checkpoint_management_nutanix_data_center_server" "data_nutanix_data_center_server" {
+ name = "${checkpoint_management_nutanix_data_center_server.testNutanix.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name.
+* `uid` - (Optional) Object unique identifier.
+* `automatic_refresh` - Indicates whether the data center server's content is automatically updated.
+* `data_center_type` - Data center type.
+* `properties` - Data center properties. properties blocks are documented below.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+
+
+`properties` supports the following:
+
+* `name`
+* `value`
\ No newline at end of file
diff --git a/website/docs/d/checkpoint_management_oracle_cloud_data_center_server.html.markdown b/website/docs/d/checkpoint_management_oracle_cloud_data_center_server.html.markdown
new file mode 100644
index 00000000..eade4fa5
--- /dev/null
+++ b/website/docs/d/checkpoint_management_oracle_cloud_data_center_server.html.markdown
@@ -0,0 +1,48 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_oracle_cloud_data_center_server"
+sidebar_current: "docs-checkpoint-Resource-checkpoint-management-oracle-cloud-data-center-server"
+description: |- Use this data source to get information on an existing Oracle Cloud data center server.
+---
+
+# Data Source: checkpoint_management_oracle_cloud_data_center_server
+
+Use this data source to get information on an existing Oracle Cloud Data Center Server.
+
+```hcl
+resource "checkpoint_management_oracle_cloud_data_center_server" "testOracleCloud" {
+ name = "MY-ORACLE-CLOUD"
+ authentication_method = "key-authentication"
+ private_key = "0SLtLS1CRUdJTiBQUklWQVRFIEtS0FWtLS0tDQpNSUlFdkFJQkFEQU5CZ2txaGtpRzl3AAAAUUVGQUFTQ0JLWXdnZ1NpQWdFQUFvSUJBUURUdmVrK1laMmNSekVmDQp1QkNoMkFxS2hzUFcrQUhUajY4dE5VbVl4OUFTRXBsREhnMkF0bCtMRWRRWUFRSUtLMUZ5L1JHRitkK3RkWjUrDQpabmprN0hESTQ5V3Rib0xodWN3YjBpNU4xbEVKWHVhOHhEN0FROTJXQy9PdzhzVktPRlJGNVJhMmxSa0svRS8xDQpxeDhKYnRoMGdXdHg0NHBQaWJwU3crMTB0QUhHR2FTLzVwN3hNUXhzajZTOThwL1hnalg5NzN4VStZZ2dLNUx3DQp6WlkzSDQ3UVREcmpyZzhOVmpDSFU3b3IrcEpCbjdldGF0V3psK3BQcVd4ODZub2tjdG5abUQxcHNnWnkwTEdDDQpRYys5ejdURGhEOFhuVERwckxiRGZXRnZqOTVKSmc3Q1krd29zN05vSENEOG5RWjFZZURVQkJjUkVlZXJVRlhBDQpaZ1I3UGNCN0FnTUJBQUVDZ2dFQUdkUWxCZVFER3ROMXJaTXNERGRUU2RudDU3b2NWdXlac2grNW1PRVVMakF3DQptOXhTOUt3ZnlYeTZRaXlxb3JKQ3REa2trR2c0OHhWOFBrVDN1RTBUTzU0aDF1UmxJMjNMbjcvVmFzOUZnVlFmDQpQS1dLVmdwYjdFMWhtT2gwVFNmRDRwRnpETlh4SzhMaXYycWVxdTJTTlRGWVR1M2RBRWpNL3EyWERmdXJQN2tiDQprZ3FKRFBwd2g4RWRXMVg1VVAyVE9CVWxwQllDTndxUkFJQ1E3eWlzbW5xeFlZS3RKc21MK21IQ3JYM3hNRHVTDQp4NHJCVDUvcXVrdVc4MmwrbGZmU3ZTNGpsb0VhajJ2QmozSk1udy9lYlNucFplU3FENTFjOUZlOCtocU4rU3NoDQozTnc0QXVybE1RRG5vZy9STUF3QUR3KzBRUlIwNVdaWDhMVXllVTBVVVFLQmdRRHd6R2I0b25BWHlNeUNkbHB3DQpRRnFCR0pwQnlsWEJjSkZnMGpCd1JMV2tQL3VjWnNoZlFlbkFWbkRZZS9yQ0FnWWxSdFFOVFRvb3BFSjlGcGgyDQp6TkVzd1EwcnV4WjFrVm41U1hwS2dF4668KalUxT3dGa3R1WFlJcEtBNGk5dFoxT04zb1lqdVRtMUlzb2xWZXVTDQpqK3Mwd1o3ZDAyYTNXcDN1UXJ3TFUwVjdpUUtCZ1FEaEcrc2xsNDYveGxONldWWEs3RVpkOGFEcTlTNEU0aEQvDQpvTmUwS0dVcHhZYngyTnFWN1VLSEwzOE41eG5qNGllWGt2U1BnL0twVUpqUmtLN0xJMnZsNmlndUJkdW01VUR1DQp5dW4rL1dNcVdnb2p4anZBbmxsS2lIa0JRMTJ2UFRqcE9HSGIrY0RqVWxROGVnOThFOEJ0ZktUQjFkRlcxUnBlDQorMXY0aXR3RzR3S0JnQzJLeXpMZExnd2hpeVJsbEFkRTlKa1QrU0RXVHMvT0pZREZZQ25ycE5zU3l0aXl5OVRRDQpWNUJzQ04yNDNSMVNXcTAwTHlqdzRUNE1peEt6Y2xTTnVrWVhvUkVUU2xVa0QzdEpmVnFYMVUrTE1XY0c2T1dPDQpmZndaMWRHUWRkM2dPL3BLQ3Q2NHlvUkt0eWJHa0U1ZzcrQkRlbk9ENXhwb2hoUXBCUDJ6V3lIWkFvR0FURndqDQpGUHBuUXVoc3Nza1JFQ2U3NnV3bkVPeWdjcW1ZNkkzUC9kM2lDeHhsSFM3Wlh4Zy9oQW41aUdiSFlvVDV0ekh6DQpZYWQ1cmpPWDB5YklGRUpzdkc0RXVTL2xoYVNvdFJnQjdpeFg4aXJlMjZuSDVSd1IzL1dSVG50aWtTb3NYdmh3DQpRYVZqNS9pcWVHVlRVVnlGM3QzMEtZaDFYWVltVHVmbkY5VktzODhDZ1lCTTNVN2QwOU9MemhMZTh3cnp1dEpuDQpGdmRGWlhCRnhXRGwyNXdteElWTFdpM0kvaWg2QXN5YlRNNWMzbFpTTUVvcjJYeXJqNnFUNzZ6amQ2eGE2NlN3DQpXMEVyL2lEY3dWK244MHpuU3lPSW5lRThIVkh1SGtNYVpPeHkvVzdVWDFqL0RmUnJPZG1iS1NWN2NBV2dVTlBrDQpnd1V5RkM2OTRKTR41Vko0WXZEZU13PT0NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0="
+ key_user = "ocid1.user.oc1..aaaaaaaad6n7rniiwgxehy6coo4ax2ti7pr5yr53cbdxdyp6sx6dhrttcz4a"
+ key_tenant = "ocid1.tenancy.oc1..aaaaaaaaft6hqvl367uh4e3pmdxnzmca6cxamwjfaag5lm7bnhuwu6ypajca"
+ key_region = "eu-frankfurt-1"
+}
+
+data "checkpoint_management_oracle_cloud_data_center_server" "data_oracle_cloud_data_center_server" {
+ name = "${checkpoint_management_oracle_cloud_data_center_server.testOracleCloud.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name.
+* `uid` - (Optional) Object unique identifier.
+* `automatic_refresh` - Indicates whether the data center server's content is automatically updated.
+* `data_center_type` - Data center type.
+* `properties` - Data center properties. properties blocks are documented below.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+
+
+`properties` supports the following:
+
+* `name`
+* `value`
+
+
+
+
+
+
diff --git a/website/docs/d/checkpoint_management_radius_group.html.markdown b/website/docs/d/checkpoint_management_radius_group.html.markdown
new file mode 100644
index 00000000..905a4b0b
--- /dev/null
+++ b/website/docs/d/checkpoint_management_radius_group.html.markdown
@@ -0,0 +1,45 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_radius_group"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-radius-group"
+description: |-
+Use this data source to get information on an existing Check Point Radius Group.
+---
+
+# Data Source: checkpoint_management_radius_group
+
+Use this data source to get information on an existing Check Point Radius Group.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_host" "host" {
+ name = "My Host"
+ ipv4_address = "1.2.3.4"
+}
+
+resource "checkpoint_management_radius_server" "radius_server" {
+ name = "New Radius Server"
+ server = "${checkpoint_management_host.host.name}"
+ shared_secret = "123"
+}
+
+resource "checkpoint_management_radius_group" "radius_group" {
+ name = "New Radius Group"
+ members = ["${checkpoint_management_radius_server.radius_server.name}"]
+}
+
+data "checkpoint_management_radius_group" "data_radius_group" {
+ name = "${checkpoint_management_radius_group.radius_group.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `members` - Collection of radius servers identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `tags` - Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
diff --git a/website/docs/d/checkpoint_management_radius_server.html.markdown b/website/docs/d/checkpoint_management_radius_server.html.markdown
new file mode 100644
index 00000000..395b8183
--- /dev/null
+++ b/website/docs/d/checkpoint_management_radius_server.html.markdown
@@ -0,0 +1,53 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_radius_server"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-radius-server"
+description: |-
+Use this data source to get information on an existing Check Point Radius Server.
+---
+
+# Data Source: checkpoint_management_radius_server
+
+Use this data source to get information on an existing Check Point Radius Server.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_host" "host" {
+ name = "My Host"
+ ipv4_address = "1.2.3.4"
+}
+
+resource "checkpoint_management_radius_server" "radius_server" {
+ name = "New Radius Server"
+ server = "${checkpoint_management_host.host.name}"
+ shared_secret = "123"
+}
+
+data "checkpoint_management_radius_server" "data_radius_server" {
+ name = "${checkpoint_management_radius_server.radius_server.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `server` - The UID or Name of the host that is the RADIUS Server.
+* `service` - The UID or Name of the Service to which the RADIUS server listens.
+* `version` - The version can be either RADIUS Version 1.0, which is RFC 2138 compliant, and RADIUS Version 2.0 which is RFC 2865 compliant.
+* `protocol` - The type of authentication protocol that will be used when authenticating the user to the RADIUS server.
+* `priority` - The priority of the RADIUS Server in case it is a member of a RADIUS Group.
+* `accounting` - Accounting settings. accounting blocks are documented below.
+* `tags` - Collection of tag objects identified by the name or UID.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+
+
+`accounting` supports the following:
+
+* `enable_ip_pool_management` - IP pool management, enables Accounting service.
+* `accounting_service` - The UID or Name of the the accounting interface to notify the server when users login and logout which will then lock and release the IP addresses that the server allocated to those users.
diff --git a/website/docs/d/checkpoint_management_simple_cluster.html.markdown b/website/docs/d/checkpoint_management_simple_cluster.html.markdown
index e9203e21..d5b1e196 100644
--- a/website/docs/d/checkpoint_management_simple_cluster.html.markdown
+++ b/website/docs/d/checkpoint_management_simple_cluster.html.markdown
@@ -33,156 +33,625 @@ The following arguments are supported:
* `name` - (Optional) Object name.
* `uid` - (Optional) Object unique identifier.
-* `ipv4_address` - IPv4 address.
-* `ipv6_address` - IPv6 address.
-* `cluster_mode` - Cluster mode.
-* `interfaces` - Cluster interfaces. interfaces blocks are documented below.
-* `members` - Cluster members. members blocks are documented below.
-* `anti_bot` - Anti-Bot blade enabled.
-* `anti_virus` - Anti-Virus blade enabled.
+* `advanced_settings` - N/Aadvanced_settings blocks are documented below.
+* `anti_bot` - Anti-Bot blade enabled.
+* `anti_virus` - Anti-Virus blade enabled.
* `application_control` - Application Control blade enabled.
+* `application_control_and_url_filtering_settings` - Gateway Application Control and URL filtering settings.application_control_and_url_filtering_settings blocks are documented below.
+* `cluster_mode` - Cluster mode.
+* `cluster_settings` - ClusterXL and VRRP Settings.cluster_settings blocks are documented below.
* `content_awareness` - Content Awareness blade enabled.
-* `data_awareness` - Data Awareness blade enabled.
+* `enable_https_inspection` - Enable HTTPS Inspection after defining an outbound inspection certificate.
To define the outbound certificate use outbound inspection certificate API.
+* `fetch_policy` - Security management server(s) to fetch the policy from.fetch_policy blocks are documented below.
+* `firewall` - Firewall blade enabled.
+* `firewall_settings` - N/Afirewall_settings blocks are documented below.
+* `geo_mode` - Cluster High Availability Geo mode.
This setting applies only to a cluster deployed in a cloud. Available when the cluster mode equals "cluster-xl-ha".
+* `hardware` - Cluster platform hardware.
+* `hit_count` - Hit count tracks the number of connections each rule matches.
+* `https_inspection` - HTTPS inspection.https_inspection blocks are documented below.
+* `identity_awareness` - Identity awareness blade enabled.
+* `identity_awareness_settings` - Gateway Identity Awareness settings.identity_awareness_settings blocks are documented below.
+* `interfaces` - Cluster interfaces.interfaces blocks are documented below.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
* `ips` - Intrusion Prevention System blade enabled.
+* `ips_update_policy` - Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.
+* `members` - Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported.members blocks are documented below.
+* `nat_hide_internal_interfaces` - Hide internal networks behind the Gateway's external IP.
+* `nat_settings` - NAT settings.nat_settings blocks are documented below.
+* `os_name` - Cluster platform operating system.
+* `platform_portal_settings` - Platform portal settings.platform_portal_settings blocks are documented below.
+* `proxy_settings` - Proxy Server for Gateway.proxy_settings blocks are documented below.
+* `qos` - QoS.
+* `send_alerts_to_server` - Server(s) to send alerts to.send_alerts_to_server blocks are documented below.
+* `send_logs_to_backup_server` - Backup server(s) to send logs to.send_logs_to_backup_server blocks are documented below.
+* `send_logs_to_server` - Server(s) to send logs to.send_logs_to_server blocks are documented below.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
* `threat_emulation` - Threat Emulation blade enabled.
+* `threat_extraction` - Threat Extraction blade enabled.
+* `threat_prevention_mode` - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed.
* `url_filtering` - URL Filtering blade enabled.
-* `firewall` - Firewall blade enabled.
-* `firewall_settings` - Firewall settings. firewall_settings blocks are documented below.
-* `vpn` - VPN blade enabled.
-* `vpn_settings` - Cluster VPN settings. vpn_settings blocks are documented below.
-* `dynamic_ip` - Dynamic IP address.
+* `usercheck_portal_settings` - UserCheck portal settings.usercheck_portal_settings blocks are documented below.
* `version` - Cluster platform version.
-* `os_name` - Cluster Operating system name.
-* `hardware` - Cluster platform hardware name.
-* `one_time_password` - Secure Internal Communication one time password.
-* `sic_name` - Secure Internal Communication name.
-* `sic_state` - Secure Internal Communication state.
-* `save_logs_locally` - Enable save logs locally.
-* `send_alerts_to_server` - Collection of Server(s) to send alerts to identified by the name.
-* `send_logs_to_backup_server` - Collection of Backup server(s) to send logs to identified by the name.
-* `send_logs_to_server` - Collection of Server(s) to send logs to identified by the name.
-* `logs_settings` - Logs settings. logs_settings blocks are documented below.
-* `color` - Color of the object.
-* `comments` - Comments string.
-* `tags` - Collection of tags identified by name.
+* `vpn` - VPN blade enabled.
+* `vpn_settings` - Gateway VPN settings.vpn_settings blocks are documented below.
+* `zero_phishing` - Zero Phishing blade enabled.
+* `zero_phishing_fqdn` - Zero Phishing gateway FQDN.
+* `show_portals_certificate` - Indicates whether to show the portals certificate value in the reply.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `groups` - Collection of group identifiers.groups blocks are documented below.
+* `ignore_warnings` - Apply changes ignoring warnings.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`advanced_settings` supports the following:
+
+* `connection_persistence` - Handling established connections when installing a new policy.
+* `sam` - SAM.sam blocks are documented below.
+
+
+`application_control_and_url_filtering_settings` supports the following:
+
+* `global_settings_mode` - Whether to override global settings or not.
+* `override_global_settings` - override global settings object.override_global_settings blocks are documented below.
+
+
+`cluster_settings` supports the following:
+
+* `member_recovery_mode` - In a High Availability cluster, each member is given a priority. The member with the highest priority serves as the gateway. If this gateway fails, control is passed to the member with the next highest priority. If that member fails, control is passed to the next, and so on. Upon gateway recovery, it is possible to:
+ Maintain current active Cluster Member (maintain-current-active) or
+ Switch to higher priority Cluster Member (according-to-priority).
+* `state_synchronization` - Cluster State Synchronization settings.state_synchronization blocks are documented below.
+* `track_changes_of_cluster_members` - Track changes in the status of Cluster Members.
+* `use_virtual_mac` - Use Virtual MAC. By enabling Virtual MAC in ClusterXL High Availability New mode, or Load Sharing Unicast mode, all cluster members associate the same Virtual MAC address with All Cluster Virtual Interfaces and the Virtual IP address.
+
+
+`firewall_settings` supports the following:
+
+* `auto_calculate_connections_hash_table_size_and_memory_pool` - N/A
+* `auto_maximum_limit_for_concurrent_connections` - N/A
+* `connections_hash_size` - N/A
+* `maximum_limit_for_concurrent_connections` - N/A
+* `maximum_memory_pool_size` - N/A
+* `memory_pool_size` - N/A
+
+
+`https_inspection` supports the following:
+
+* `bypass_on_failure` - Set to be true in order to bypass all requests (Fail-open) in case of internal system error.bypass_on_failure blocks are documented below.
+* `site_categorization_allow_mode` - Set to 'background' in order to allowed requests until categorization is complete.site_categorization_allow_mode blocks are documented below.
+* `deny_untrusted_server_cert` - Set to be true in order to drop traffic from servers with untrusted server certificate.deny_untrusted_server_cert blocks are documented below.
+* `deny_revoked_server_cert` - Set to be true in order to drop traffic from servers with revoked server certificate (validate CRL).deny_revoked_server_cert blocks are documented below.
+* `deny_expired_server_cert` - Set to be true in order to drop traffic from servers with expired server certificate.deny_expired_server_cert blocks are documented below.
+
+
+`identity_awareness_settings` supports the following:
+
+* `browser_based_authentication` - Enable Browser Based Authentication source.
+* `browser_based_authentication_settings` - Browser Based Authentication settings.browser_based_authentication_settings blocks are documented below.
+* `identity_agent` - Enable Identity Agent source.
+* `identity_agent_settings` - Identity Agent settings.identity_agent_settings blocks are documented below.
+* `identity_collector` - Enable Identity Collector source.
+* `identity_collector_settings` - Identity Collector settings.identity_collector_settings blocks are documented below.
+* `identity_sharing_settings` - Identity sharing settings.identity_sharing_settings blocks are documented below.
+* `proxy_settings` - Identity-Awareness Proxy settings.proxy_settings blocks are documented below.
+* `remote_access` - Enable Remote Access Identity source.
+
`interfaces` supports the following:
-* `name` - Interface name.
-* `interface_type` - Cluster interface type.
-* `ipv4_address` - IPv4 address.
-* `ipv6_address` - IPv6 address.
+
+* `name` - Object name. Must be unique in the domain.
+* `interface_type` - Cluster interface type.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `network_mask` - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
* `ipv4_network_mask` - IPv4 network address.
* `ipv6_network_mask` - IPv6 network address.
* `ipv4_mask_length` - IPv4 network mask length.
* `ipv6_mask_length` - IPv6 network mask length.
-* `anti_spoofing` - Anti spoofing.
-* `anti_spoofing_settings` - Anti spoofing settings. anti_spoofing_settings blocks are documented below.
+* `anti_spoofing` - N/A
+* `anti_spoofing_settings` - N/Aanti_spoofing_settings blocks are documented below.
* `multicast_address` - Multicast IP Address.
* `multicast_address_type` - Multicast Address Type.
-* `security_zone` - Security zone.
-* `security_zone_settings` - Security zone settings. security_zone_settings blocks are documented below.
-* `topology` - Topology.
-* `topology_settings` - Topology settings. topology_settings blocks are documented below.
-* `topology_automatic_calculation` - Shows the automatic topology calculation..
-* `color` - Color of the object. Should be one of existing colors.
-* `comments` - Comments string.
+* `security_zone` - N/A
+* `security_zone_settings` - N/Asecurity_zone_settings blocks are documented below.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
+* `topology` - N/A
+* `topology_settings` - N/Atopology_settings blocks are documented below.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `ignore_warnings` - Apply changes ignoring warnings.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`members` supports the following:
+
+* `name` - Object name.
+* `interfaces` - Cluster Member network interfaces.interfaces blocks are documented below.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `one_time_password` - N/A
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
+* `priority` - In a High Availability New mode cluster each machine is given a priority. The highest priority machine serves as the gateway in normal circumstances. If this machine fails, control is passed to the next highest priority machine. If that machine fails, control is passed to the next machine, and so on.
+ In Load Sharing Unicast mode cluster, the highest priority is the pivot machine.
+ The values must be in a range from 1 to N, where N is number of cluster members.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `ignore_warnings` - Apply changes ignoring warnings.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`nat_settings` supports the following:
+
+* `auto_rule` - Whether to add automatic address translation rules.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `hide_behind` - Hide behind method. This parameter is forbidden in case "method" parameter is "static".
+* `install_on` - Which gateway should apply the NAT translation.
+* `method` - NAT translation method.
+
+
+`platform_portal_settings` supports the following:
+
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `use_custom_proxy` - Use custom proxy settings for this network object.
+* `proxy_server` - N/A
+* `port` - N/A
+
+
+`usercheck_portal_settings` supports the following:
+
+* `enabled` - State of the web portal (enabled or disabled). The supported blades are: {'Application Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`vpn_settings` supports the following:
+
+* `authentication` - Authentication.authentication blocks are documented below.
+* `link_selection` - Link Selection.link_selection blocks are documented below.
+* `maximum_concurrent_ike_negotiations` - N/A
+* `maximum_concurrent_tunnels` - N/A
+* `office_mode` - Office Mode.
+ Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients.office_mode blocks are documented below.
+* `remote_access` - Remote Access.remote_access blocks are documented below.
+* `vpn_domain` - Gateway VPN domain identified by the name or UID.
+* `vpn_domain_exclude_external_ip_addresses` - Exclude the external IP addresses from the VPN domain of this Security Gateway.
+* `vpn_domain_type` - Gateway VPN domain type.
+
+
+`sam` supports the following:
+
+* `forward_to_other_sam_servers` - Forward SAM clients' requests to other SAM servers.
+* `use_early_versions` - Use early versions compatibility mode.use_early_versions blocks are documented below.
+* `purge_sam_file` - Purge SAM File.purge_sam_file blocks are documented below.
+
+
+`override_global_settings` supports the following:
+
+* `fail_mode` - Fail mode - allow or block all requests.
+* `website_categorization` - Website categorization object.website_categorization blocks are documented below.
+
+
+`state_synchronization` supports the following:
+
+* `delayed` - Start synchronizing with delay of seconds, as defined by delayed-seconds, after connection initiation. Disabled when state-synchronization disabled.
+* `delayed_seconds` - Start synchronizing X seconds after connection initiation
+ . The values must be in a range between 2 and 3600.
+* `enabled` - Use State Synchronization.
+
+
+`bypass_on_failure` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`site_categorization_allow_mode` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_untrusted_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_revoked_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_expired_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`browser_based_authentication_settings` supports the following:
+
+* `authentication_settings` - Authentication Settings for Browser Based Authentication.authentication_settings blocks are documented below.
+* `browser_based_authentication_portal_settings` - Browser Based Authentication portal settings.browser_based_authentication_portal_settings blocks are documented below.
+
+
+`identity_agent_settings` supports the following:
+
+* `agents_interval_keepalive` - Agents send keepalive period (minutes).
+* `user_reauthenticate_interval` - Agent reauthenticate time interval (minutes).
+* `authentication_settings` - Authentication Settings for Identity Agent.authentication_settings blocks are documented below.
+* `identity_agent_portal_settings` - Identity Agent accessibility settings.identity_agent_portal_settings blocks are documented below.
+
+
+`identity_collector_settings` supports the following:
+
+* `authorized_clients` - Authorized Clients.authorized_clients blocks are documented below.
+* `authentication_settings` - Authentication Settings for Identity Collector.authentication_settings blocks are documented below.
+* `client_access_permissions` - Identity Collector accessibility settings.client_access_permissions blocks are documented below.
+
+
+`identity_sharing_settings` supports the following:
+
+* `share_with_other_gateways` - Enable identity sharing with other gateways.
+* `receive_from_other_gateways` - Enable receiving identity from other gateways.
+* `receive_from` - Gateway(s) to receive identity from.receive_from blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `detect_using_x_forward_for` - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
+
`anti_spoofing_settings` supports the following:
+
* `action` - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - Don't check packets from excluded network.
+* `excluded_network_name` - Excluded network name.
+* `excluded_network_uid` - Excluded network UID.
+* `spoof_tracking` - Spoof tracking.
+
`security_zone_settings` supports the following:
+
* `auto_calculated` - Security Zone is calculated according to where the interface leads to.
* `specific_zone` - Security Zone specified manually.
+
`topology_settings` supports the following:
+
* `interface_leads_to_dmz` - Whether this interface leads to demilitarized zone (perimeter network).
-* `ip_address_behind_this_interface` - Ip address behind this interface.
* `specific_network` - Network behind this interface.
-`members` supports the following:
-* `name` - Object name. Should be unique in the domain..
-* `ip_address` - IPv4 or IPv6 address.
-* `interfaces` - Cluster Member network interfaces. interfaces blocks are documented below.
-* `one_time_password` - Secure Internal Communication one time password.
-* `sic_name` - Secure Internal Communication name.
-* `sic_message` - Secure Internal Communication state.
`interfaces` supports the following:
-* `name` - Interface name.
-* `ipv4_address` - IPv4 address.
-* `ipv6_address` - IPv6 address.
+
+* `name` - Object name.
+* `anti_spoofing` - N/A
+* `anti_spoofing_settings` - N/Aanti_spoofing_settings blocks are documented below.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `network_mask` - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
* `ipv4_network_mask` - IPv4 network address.
* `ipv6_network_mask` - IPv6 network address.
* `ipv4_mask_length` - IPv4 network mask length.
* `ipv6_mask_length` - IPv6 network mask length.
+* `security_zone` - N/A
+* `security_zone_settings` - N/Asecurity_zone_settings blocks are documented below.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
+* `topology` - N/A
+* `topology_settings` - N/Atopology_settings blocks are documented below.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `ignore_warnings` - Apply changes ignoring warnings.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
-`firewall_settings` supports the following:
-* `auto_calculate_connections_hash_table_size_and_memory_pool` - Auto calculate connections hash table size and memory pool.
-* `auto_maximum_limit_for_concurrent_connections` - Auto maximum limit for concurrent connections.
-* `connections_hash_size` - Connections hash size.
-* `maximum_limit_for_concurrent_connections` - Maximum limit for concurrent connections.
-* `maximum_memory_pool_size` - Maximum memory pool size.
-* `memory_pool_size` - Memory pool size.
-`vpn_settings` supports the following:
-* `authentication` - authentication blocks are documented below.
-* `link_selection` - Link selection blocks are documented below.
-* `maximum_concurrent_ike_negotiations` - Maximum concurrent ike negotiations.
-* `maximum_concurrent_tunnels` - Maximum concurrent tunnels.
-* `office_mode` - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. office_mode blocks are documented below.
-* `remote_access` - remote_access blocks are documented below.
-* `vpn_domain` - Gateway VPN domain identified by the name.
-* `vpn_domain_type` - Gateway VPN domain type.
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`authentication` supports the following:
-* `authentication_clients` - Collection of VPN Authentication clients identified by the name.
+
+* `authentication_clients` - Collection of VPN Authentication clients identified by the name or UID.authentication_clients blocks are documented below.
+
`link_selection` supports the following:
-* `ip_selection` - IP selection.
-* `dns_resolving_hostname` - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
-* `ip_address` - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip".
+
+* `dns_resolving_hostname` - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
+
`office_mode` supports the following:
-* `mode` - Office Mode Permissions. When selected to be "off", all the other definitions are irrelevant.
-* `group` - Group. Identified by name. Must be set when "office-mode-permissions" was selected to be "group".
-* `allocate_ip_address_from` - Allocate IP address Method. Allocate IP address by sequentially trying the given methods until success. allocate_ip_address_from blocks are documented below.
+
+* `mode` - Office Mode Permissions.
+ When selected to be "off", all the other definitions are irrelevant.
+* `group` - Group. Identified by name or UID.
+ Must be set when "office-mode-permissions" was selected to be "group".
+* `allocate_ip_address_from` - Allocate IP address Method.
+ Allocate IP address by sequentially trying the given methods until success.allocate_ip_address_from blocks are documented below.
* `support_multiple_interfaces` - Support connectivity enhancement for gateways with multiple external interfaces.
* `perform_anti_spoofing` - Perform Anti-Spoofing on Office Mode addresses.
-* `anti_spoofing_additional_addresses` - Additional IP Addresses for Anti-Spoofing. Identified by name. Must be set when "perform-anti-spoofings" is true.
+* `anti_spoofing_additional_addresses` - Additional IP Addresses for Anti-Spoofing.
+ Identified by name or UID.
+ Must be set when "perform-anti-spoofings" is true.
+
+
+`remote_access` supports the following:
+
+* `support_l2tp` - Support L2TP (relevant only when office mode is active).
+* `l2tp_auth_method` - L2TP Authentication Method.
+ Must be set when "support-l2tp" is true.
+* `l2tp_certificate` - L2TP Certificate.
+ Must be set when "l2tp-auth-method" was selected to be "certificate".
+ Insert "defaultCert" when you want to use the default certificate.
+* `allow_vpn_clients_to_route_traffic` - Allow VPN clients to route traffic.
+* `support_nat_traversal_mechanism` - Support NAT traversal mechanism (UDP encapsulation).
+* `nat_traversal_service` - Allocated NAT traversal UDP service. Identified by name or UID.
+ Must be set when "support-nat-traversal-mechanism" is true.
+* `support_visitor_mode` - Support Visitor Mode.
+* `visitor_mode_service` - TCP Service for Visitor Mode. Identified by name or UID.
+ Must be set when "support-visitor-mode" is true.
+* `visitor_mode_interface` - Interface for Visitor Mode.
+ Must be set when "support-visitor-mode" is true.
+ Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+
+
+`use_early_versions` supports the following:
+
+* `enabled` - Use early versions compatibility mode.
+* `compatibility_mode` - Early versions compatibility mode.
+
+
+`purge_sam_file` supports the following:
+
+* `enabled` - Purge SAM File.
+* `purge_when_size_reaches_to` - Purge SAM File When it Reaches to.
+
+
+`website_categorization` supports the following:
+
+* `mode` - Website categorization mode.
+* `custom_mode` - Custom mode object.custom_mode blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - Authentication method.
+* `identity_provider` - Identity provider object identified by the name or UID. Must be set when "authentication-method" was selected to be "identity provider".identity_provider blocks are documented below.
+* `radius` - Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`browser_based_authentication_portal_settings` supports the following:
+
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - Authentication method.
+* `radius` - Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`identity_agent_portal_settings` supports the following:
+
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authorized_clients` supports the following:
+
+* `client` - Host / Network Group Name or UID.
+* `client_secret` - Client Secret.
+
+
+`authentication_settings` supports the following:
+
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`client_access_permissions` supports the following:
+
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`anti_spoofing_settings` supports the following:
+
+* `action` - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - Don't check packets from excluded network.
+* `excluded_network_name` - Excluded network name.
+* `excluded_network_uid` - Excluded network UID.
+* `spoof_tracking` - Spoof tracking.
+
+
+`security_zone_settings` supports the following:
+
+* `auto_calculated` - Security Zone is calculated according to where the interface leads to.
+* `specific_zone` - Security Zone specified manually.
+
+
+`topology_settings` supports the following:
+
+* `interface_leads_to_dmz` - Whether this interface leads to demilitarized zone (perimeter network).
+* `specific_network` - Network behind this interface.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
`allocate_ip_address_from` supports the following:
+
* `radius_server` - Radius server used to authenticate the user.
* `use_allocate_method` - Use Allocate Method.
-* `allocate_method` - Using either Manual (IP Pool) or Automatic (DHCP). Must be set when "use-allocate-method" is true.
-* `manual_network` - Manual Network. Identified by name. Must be set when "allocate-method" was selected to be "manual".
-* `dhcp_server` - DHCP Server. Identified by name. Must be set when "allocate-method" was selected to be "automatic".
-* `virtual_ip_address` - Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method" was selected to be "automatic".
-* `dhcp_mac_address` - Calculated MAC address for DHCP allocation. Must be set when "allocate-method" was selected to be "automatic".
-* `optional_parameters` - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. optional_parameters blocks are documented below.
+* `allocate_method` - Using either Manual (IP Pool) or Automatic (DHCP).
+ Must be set when "use-allocate-method" is true.
+* `manual_network` - Manual Network. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "manual".
+* `dhcp_server` - DHCP Server. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `virtual_ip_address` - Virtual IPV4 address for DHCP server replies.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `dhcp_mac_address` - Calculated MAC address for DHCP allocation.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `optional_parameters` - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data.optional_parameters blocks are documented below.
+
+
+`custom_mode` supports the following:
+
+* `social_networking_widgets` - Social networking widgets mode.
+* `url_filtering` - URL filtering mode.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`optional_parameters` supports the following:
+
* `use_primary_dns_server` - Use Primary DNS Server.
-* `primary_dns_server` - Primary DNS Server. Identified by name. Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
+* `primary_dns_server` - Primary DNS Server. Identified by name or UID.
+ Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
* `use_first_backup_dns_server` - Use First Backup DNS Server.
-* `first_backup_dns_server` - First Backup DNS Server. Identified by name. Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
+* `first_backup_dns_server` - First Backup DNS Server. Identified by name or UID.
+ Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
* `use_second_backup_dns_server` - Use Second Backup DNS Server.
-* `second_backup_dns_server` - Second Backup DNS Server. Identified by name. Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
+* `second_backup_dns_server` - Second Backup DNS Server. Identified by name or UID.
+ Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
* `dns_suffixes` - DNS Suffixes.
* `use_primary_wins_server` - Use Primary WINS Server.
-* `primary_wins_server` - Primary WINS Server. Identified by name. Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
+* `primary_wins_server` - Primary WINS Server. Identified by name or UID.
+ Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
* `use_first_backup_wins_server` - Use First Backup WINS Server.
-* `first_backup_wins_server` - First Backup WINS Server. Identified by name. Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
+* `first_backup_wins_server` - First Backup WINS Server. Identified by name or UID.
+ Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
* `use_second_backup_wins_server` - Use Second Backup WINS Server.
-* `second_backup_wins_server` - Second Backup WINS Server. Identified by name. Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-* `ip_lease_duration` - IP Lease Duration in Minutes. The value must be in the range 2-32767.
+* `second_backup_wins_server` - Second Backup WINS Server. Identified by name or UID.
+ Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-`remote_access` supports the following:
-* `support_l2tp` - Support L2TP (relevant only when office mode is active).
-* `l2tp_auth_method` - L2TP Authentication Method. Must be set when "support-l2tp" is true.
-* `l2tp_certificate` - L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be "certificate". Insert "defaultCert" when you want to use the default certificate.
-* `allow_vpn_clients_to_route_traffic` - Allow VPN clients to route traffic.
-* `support_nat_traversal_mechanism` - Support NAT traversal mechanism (UDP encapsulation).
-* `nat_traversal_service` - Allocated NAT traversal UDP service. Identified by name. Must be set when "support-nat-traversal-mechanism" is true.
-* `support_visitor_mode` - Support Visitor Mode.
-* `visitor_mode_service` - TCP Service for Visitor Mode. Identified by name. Must be set when "support-visitor-mode" is true.
-* `visitor_mode_interface` - Interface for Visitor Mode. Must be set when "support-visitor-mode" is true. Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
\ No newline at end of file
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
diff --git a/website/docs/d/checkpoint_management_simple_gateway.html.markdown b/website/docs/d/checkpoint_management_simple_gateway.html.markdown
index 9b38db03..b12c3f27 100644
--- a/website/docs/d/checkpoint_management_simple_gateway.html.markdown
+++ b/website/docs/d/checkpoint_management_simple_gateway.html.markdown
@@ -32,163 +32,575 @@ The following arguments are supported:
* `name` - (Optional) Object name.
* `uid` - (Optional) Object unique identifier.
-* `ipv4_address` - IPv4 address.
-* `ipv6_address` - IPv6 address.
-* `interfaces` - Gateway interfaces. interfaces blocks are documented below.
-* `anti_bot` - Anti-Bot blade enabled.
-* `anti_virus` - Anti-Virus blade enabled.
+* `advanced_settings` - N/Aadvanced_settings blocks are documented below.
+* `anti_bot` - Anti-Bot blade enabled.
+* `anti_virus` - Anti-Virus blade enabled.
* `application_control` - Application Control blade enabled.
+* `application_control_and_url_filtering_settings` - Gateway Application Control and URL filtering settings.application_control_and_url_filtering_settings blocks are documented below.
* `content_awareness` - Content Awareness blade enabled.
+* `enable_https_inspection` - Enable HTTPS Inspection after defining an outbound inspection certificate.
To define the outbound certificate use outbound inspection certificate API.
+* `fetch_policy` - Security management server(s) to fetch the policy from.fetch_policy blocks are documented below.
+* `firewall` - Firewall blade enabled.
+* `firewall_settings` - N/Afirewall_settings blocks are documented below.
+* `hit_count` - Hit count tracks the number of connections each rule matches.
+* `https_inspection` - HTTPS inspection.https_inspection blocks are documented below.
* `icap_server` - ICAP Server enabled.
+* `identity_awareness` - Identity awareness blade enabled.
+* `identity_awareness_settings` - Gateway Identity Awareness settings.identity_awareness_settings blocks are documented below.
+* `interfaces` - Network interfaces.interfaces blocks are documented below.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
* `ips` - Intrusion Prevention System blade enabled.
+* `ips_update_policy` - Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.
+* `nat_hide_internal_interfaces` - Hide internal networks behind the Gateway's external IP.
+* `nat_settings` - NAT settings.nat_settings blocks are documented below.
+* `one_time_password` - N/A
+* `os_name` - Gateway platform operating system.
+* `platform_portal_settings` - Platform portal settings.platform_portal_settings blocks are documented below.
+* `proxy_settings` - Proxy Server for Gateway.proxy_settings blocks are documented below.
+* `qos` - QoS.
+* `save_logs_locally` - Save logs locally on the gateway.
+* `send_alerts_to_server` - Server(s) to send alerts to.send_alerts_to_server blocks are documented below.
+* `send_logs_to_backup_server` - Backup server(s) to send logs to.send_logs_to_backup_server blocks are documented below.
+* `send_logs_to_server` - Server(s) to send logs to.send_logs_to_server blocks are documented below.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
* `threat_emulation` - Threat Emulation blade enabled.
* `threat_extraction` - Threat Extraction blade enabled.
+* `threat_prevention_mode` - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed.
* `url_filtering` - URL Filtering blade enabled.
-* `firewall` - Firewall blade enabled.
-* `firewall_settings` - Firewall settings. firewall_settings blocks are documented below.
-* `vpn` - VPN blade enabled.
-* `vpn_settings` - Gateway VPN settings. vpn_settings blocks are documented below.
-* `dynamic_ip` - Dynamic IP address.
+* `usercheck_portal_settings` - UserCheck portal settings.usercheck_portal_settings blocks are documented below.
* `version` - Gateway platform version.
-* `os_name` - Operating system name.
-* `hardware` - Gateway platform hardware name.
-* `one_time_password` - Secure internal connection one time password.
-* `sic_name` - Secure Internal Communication name.
-* `sic_state` - Secure Internal Communication state.
-* `save_logs_locally` - Enable save logs locally.
-* `send_alerts_to_server` - Collection of Server(s) to send alerts to identified by the name.
-* `send_logs_to_backup_server` - Collection of Backup server(s) to send logs to identified by the name.
-* `send_logs_to_server` - Collection of Server(s) to send logs to identified by the name.
-* `logs_settings` - Logs settings. logs_settings blocks are documented below.
-* `color` - Color of the object.
-* `comments` - Comments string.
-* `tags` - Collection of tags identified by name.
+* `vpn` - VPN blade enabled.
+* `vpn_settings` - Gateway VPN settings.vpn_settings blocks are documented below.
+* `zero_phishing` - Zero Phishing blade enabled.
+* `zero_phishing_fqdn` - Zero Phishing gateway FQDN.
+* `logs_settings` - Logs settings that apply to Quantum Security Gateways that run Gaia OS.logs_settings blocks are documented below.
+* `show_portals_certificate` - Indicates whether to show the portals certificate value in the reply.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `groups` - Collection of group identifiers.groups blocks are documented below.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`advanced_settings` supports the following:
+
+* `connection_persistence` - Handling established connections when installing a new policy.
+* `sam` - SAM.sam blocks are documented below.
+
+
+`application_control_and_url_filtering_settings` supports the following:
+
+* `global_settings_mode` - Whether to override global settings or not.
+* `override_global_settings` - override global settings object.override_global_settings blocks are documented below.
+
+
+`firewall_settings` supports the following:
+
+* `auto_calculate_connections_hash_table_size_and_memory_pool` - N/A
+* `auto_maximum_limit_for_concurrent_connections` - N/A
+* `connections_hash_size` - N/A
+* `maximum_limit_for_concurrent_connections` - N/A
+* `maximum_memory_pool_size` - N/A
+* `memory_pool_size` - N/A
+
+
+`https_inspection` supports the following:
+
+* `bypass_on_failure` - Set to be true in order to bypass all requests (Fail-open) in case of internal system error.bypass_on_failure blocks are documented below.
+* `site_categorization_allow_mode` - Set to 'background' in order to allowed requests until categorization is complete.site_categorization_allow_mode blocks are documented below.
+* `deny_untrusted_server_cert` - Set to be true in order to drop traffic from servers with untrusted server certificate.deny_untrusted_server_cert blocks are documented below.
+* `deny_revoked_server_cert` - Set to be true in order to drop traffic from servers with revoked server certificate (validate CRL).deny_revoked_server_cert blocks are documented below.
+* `deny_expired_server_cert` - Set to be true in order to drop traffic from servers with expired server certificate.deny_expired_server_cert blocks are documented below.
+
+
+`identity_awareness_settings` supports the following:
+
+* `browser_based_authentication` - Enable Browser Based Authentication source.
+* `browser_based_authentication_settings` - Browser Based Authentication settings.browser_based_authentication_settings blocks are documented below.
+* `identity_agent` - Enable Identity Agent source.
+* `identity_agent_settings` - Identity Agent settings.identity_agent_settings blocks are documented below.
+* `identity_collector` - Enable Identity Collector source.
+* `identity_collector_settings` - Identity Collector settings.identity_collector_settings blocks are documented below.
+* `identity_sharing_settings` - Identity sharing settings.identity_sharing_settings blocks are documented below.
+* `proxy_settings` - Identity-Awareness Proxy settings.proxy_settings blocks are documented below.
+* `remote_access` - Enable Remote Access Identity source.
+
`interfaces` supports the following:
-* `name` - Interface name.
-* `ipv4_address` - IPv4 address.
-* `ipv6_address` - IPv6 address.
+
+* `name` - Object name. Must be unique in the domain.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `network_mask` - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
* `ipv4_network_mask` - IPv4 network address.
* `ipv6_network_mask` - IPv6 network address.
* `ipv4_mask_length` - IPv4 network mask length.
* `ipv6_mask_length` - IPv6 network mask length.
-* `anti_spoofing` - Anti spoofing.
-* `anti_spoofing_settings` - Anti spoofing settings. anti_spoofing_settings blocks are documented below.
-* `security_zone` - Security zone.
-* `security_zone_settings` - Security zone settings. security_zone_settings blocks are documented below.
-* `topology` - Topology.
-* `topology_settings` - Topology settings. topology_settings blocks are documented below.
-* `topology_automatic_calculation` - Shows the automatic topology calculation..
-* `color` - Color of the object. Should be one of existing colors.
-* `comments` - Comments string.
+* `anti_spoofing` - N/A
+* `anti_spoofing_settings` - N/Aanti_spoofing_settings blocks are documented below.
+* `security_zone` - N/A
+* `security_zone_settings` - N/Asecurity_zone_settings blocks are documented below.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
+* `topology` - N/A
+* `topology_settings` - N/Atopology_settings blocks are documented below.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
+* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`nat_settings` supports the following:
+
+* `auto_rule` - Whether to add automatic address translation rules.
+* `ipv4_address` - IPv4 address.
+* `ipv6_address` - IPv6 address.
+* `hide_behind` - Hide behind method. This parameter is forbidden in case "method" parameter is "static".
+* `install_on` - Which gateway should apply the NAT translation.
+* `method` - NAT translation method.
+
+
+`platform_portal_settings` supports the following:
+
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `use_custom_proxy` - Use custom proxy settings for this network object.
+* `proxy_server` - N/A
+* `port` - N/A
+
+
+`usercheck_portal_settings` supports the following:
+
+* `enabled` - State of the web portal (enabled or disabled). The supported blades are: {'Application Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`vpn_settings` supports the following:
+
+* `authentication` - Authentication.authentication blocks are documented below.
+* `link_selection` - Link Selection.link_selection blocks are documented below.
+* `maximum_concurrent_ike_negotiations` - N/A
+* `maximum_concurrent_tunnels` - N/A
+* `office_mode` - Office Mode.
+ Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients.office_mode blocks are documented below.
+* `remote_access` - Remote Access.remote_access blocks are documented below.
+* `vpn_domain` - Gateway VPN domain identified by the name or UID.
+* `vpn_domain_exclude_external_ip_addresses` - Exclude the external IP addresses from the VPN domain of this Security Gateway.
+* `vpn_domain_type` - Gateway VPN domain type.
+
+
+`logs_settings` supports the following:
+
+* `alert_when_free_disk_space_below` - Enable alert when free disk space is below threshold.
+* `alert_when_free_disk_space_below_threshold` - Alert when free disk space below threshold.
+* `alert_when_free_disk_space_below_type` - Alert when free disk space below type.
+* `before_delete_keep_logs_from_the_last_days` - Enable before delete keep logs from the last days.
+* `before_delete_keep_logs_from_the_last_days_threshold` - Before delete keep logs from the last days threshold.
+* `before_delete_run_script` - Enable Before delete run script.
+* `before_delete_run_script_command` - Before delete run script command.
+* `delete_index_files_older_than_days` - Enable delete index files older than days.
+* `delete_index_files_older_than_days_threshold` - Delete index files older than days threshold.
+* `delete_index_files_when_index_size_above` - Enable delete index files when index size above.
+* `delete_index_files_when_index_size_above_threshold` - Delete index files when index size above threshold.
+* `delete_when_free_disk_space_below` - Enable delete when free disk space below.
+* `delete_when_free_disk_space_below_threshold` - Delete when free disk space below threshold.
+* `detect_new_citrix_ica_application_names` - Enable detect new Citrix ICA application names.
+* `distribute_logs_between_all_active_servers` - Distribute logs between all active servers.
+* `forward_logs_to_log_server` - Enable forward logs to log server.
+* `forward_logs_to_log_server_name` - Forward logs to log server name.
+* `forward_logs_to_log_server_schedule_name` - Forward logs to log server schedule name.
+* `free_disk_space_metrics` - Free disk space metrics.
+* `perform_log_rotate_before_log_forwarding` - Enable perform log rotate before log forwarding.
+* `reject_connections_when_free_disk_space_below_threshold` - Enable reject connections when free disk space below threshold.
+* `reserve_for_packet_capture_metrics` - Reserve for packet capture metrics.
+* `reserve_for_packet_capture_threshold` - Reserve for packet capture threshold.
+* `rotate_log_by_file_size` - Enable rotate log by file size.
+* `rotate_log_file_size_threshold` - Log file size threshold.
+* `rotate_log_on_schedule` - Enable rotate log on schedule.
+* `rotate_log_schedule_name` - Rotate log schedule name.
+* `stop_logging_when_free_disk_space_below` - Enable stop logging when free disk space below.
+* `stop_logging_when_free_disk_space_below_threshold` - Stop logging when free disk space below threshold.
+* `turn_on_qos_logging` - Enable turn on QoS Logging.
+* `update_account_log_every` - Update account log in every amount of seconds.
+
+
+`sam` supports the following:
+
+* `forward_to_other_sam_servers` - Forward SAM clients' requests to other SAM servers.
+* `use_early_versions` - Use early versions compatibility mode.use_early_versions blocks are documented below.
+* `purge_sam_file` - Purge SAM File.purge_sam_file blocks are documented below.
+
+
+`override_global_settings` supports the following:
+
+* `fail_mode` - Fail mode - allow or block all requests.
+* `website_categorization` - Website categorization object.website_categorization blocks are documented below.
+
+
+`bypass_on_failure` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`site_categorization_allow_mode` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_untrusted_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_revoked_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`deny_expired_server_cert` supports the following:
+
+* `override_profile` - Override profile of global configuration.
+* `value` - Override value.
Required only for 'override-profile' is True.
+
+
+`browser_based_authentication_settings` supports the following:
+
+* `authentication_settings` - Authentication Settings for Browser Based Authentication.authentication_settings blocks are documented below.
+* `browser_based_authentication_portal_settings` - Browser Based Authentication portal settings.browser_based_authentication_portal_settings blocks are documented below.
+
+
+`identity_agent_settings` supports the following:
+
+* `agents_interval_keepalive` - Agents send keepalive period (minutes).
+* `user_reauthenticate_interval` - Agent reauthenticate time interval (minutes).
+* `authentication_settings` - Authentication Settings for Identity Agent.authentication_settings blocks are documented below.
+* `identity_agent_portal_settings` - Identity Agent accessibility settings.identity_agent_portal_settings blocks are documented below.
+
+
+`identity_collector_settings` supports the following:
+
+* `authorized_clients` - Authorized Clients.authorized_clients blocks are documented below.
+* `authentication_settings` - Authentication Settings for Identity Collector.authentication_settings blocks are documented below.
+* `client_access_permissions` - Identity Collector accessibility settings.client_access_permissions blocks are documented below.
+
+
+`identity_sharing_settings` supports the following:
+
+* `share_with_other_gateways` - Enable identity sharing with other gateways.
+* `receive_from_other_gateways` - Enable receiving identity from other gateways.
+* `receive_from` - Gateway(s) to receive identity from.receive_from blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `detect_using_x_forward_for` - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
+
`anti_spoofing_settings` supports the following:
+
* `action` - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - Don't check packets from excluded network.
+* `excluded_network_name` - Excluded network name.
+* `excluded_network_uid` - Excluded network UID.
+* `spoof_tracking` - Spoof tracking.
+
`security_zone_settings` supports the following:
+
* `auto_calculated` - Security Zone is calculated according to where the interface leads to.
* `specific_zone` - Security Zone specified manually.
+
`topology_settings` supports the following:
+
* `interface_leads_to_dmz` - Whether this interface leads to demilitarized zone (perimeter network).
-* `ip_address_behind_this_interface` - Ip address behind this interface.
* `specific_network` - Network behind this interface.
-`firewall_settings` supports the following:
-* `auto_calculate_connections_hash_table_size_and_memory_pool` - Auto calculate connections hash table size and memory pool.
-* `auto_maximum_limit_for_concurrent_connections` - Auto maximum limit for concurrent connections.
-* `connections_hash_size` - Connections hash size.
-* `maximum_limit_for_concurrent_connections` - Maximum limit for concurrent connections.
-* `maximum_memory_pool_size` - Maximum memory pool size.
-* `memory_pool_size` - Memory pool size.
-`vpn_settings` supports the following:
-* `authentication` - authentication blocks are documented below.
-* `link_selection` - Link selection blocks are documented below.
-* `maximum_concurrent_ike_negotiations` - Maximum concurrent ike negotiations.
-* `maximum_concurrent_tunnels` - Maximum concurrent tunnels.
-* `office_mode` - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. office_mode blocks are documented below.
-* `remote_access` - remote_access blocks are documented below.
-* `vpn_domain` - Gateway VPN domain identified by the name.
-* `vpn_domain_type` - Gateway VPN domain type.
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`authentication` supports the following:
-* `authentication_clients` - Collection of VPN Authentication clients identified by the name.
+
+* `authentication_clients` - Collection of VPN Authentication clients identified by the name or UID.authentication_clients blocks are documented below.
+
`link_selection` supports the following:
-* `ip_selection` - IP selection.
-* `dns_resolving_hostname` - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
-* `ip_address` - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip".
+
+* `dns_resolving_hostname` - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
+
`office_mode` supports the following:
-* `mode` - Office Mode Permissions. When selected to be "off", all the other definitions are irrelevant.
-* `group` - Group. Identified by name. Must be set when "office-mode-permissions" was selected to be "group".
-* `allocate_ip_address_from` - Allocate IP address Method. Allocate IP address by sequentially trying the given methods until success. allocate_ip_address_from blocks are documented below.
+
+* `mode` - Office Mode Permissions.
+ When selected to be "off", all the other definitions are irrelevant.
+* `group` - Group. Identified by name or UID.
+ Must be set when "office-mode-permissions" was selected to be "group".
+* `allocate_ip_address_from` - Allocate IP address Method.
+ Allocate IP address by sequentially trying the given methods until success.allocate_ip_address_from blocks are documented below.
* `support_multiple_interfaces` - Support connectivity enhancement for gateways with multiple external interfaces.
* `perform_anti_spoofing` - Perform Anti-Spoofing on Office Mode addresses.
-* `anti_spoofing_additional_addresses` - Additional IP Addresses for Anti-Spoofing. Identified by name. Must be set when "perform-anti-spoofings" is true.
+* `anti_spoofing_additional_addresses` - Additional IP Addresses for Anti-Spoofing.
+ Identified by name or UID.
+ Must be set when "perform-anti-spoofings" is true.
+
+
+`remote_access` supports the following:
+
+* `support_l2tp` - Support L2TP (relevant only when office mode is active).
+* `l2tp_auth_method` - L2TP Authentication Method.
+ Must be set when "support-l2tp" is true.
+* `l2tp_certificate` - L2TP Certificate.
+ Must be set when "l2tp-auth-method" was selected to be "certificate".
+ Insert "defaultCert" when you want to use the default certificate.
+* `allow_vpn_clients_to_route_traffic` - Allow VPN clients to route traffic.
+* `support_nat_traversal_mechanism` - Support NAT traversal mechanism (UDP encapsulation).
+* `nat_traversal_service` - Allocated NAT traversal UDP service. Identified by name or UID.
+ Must be set when "support-nat-traversal-mechanism" is true.
+* `support_visitor_mode` - Support Visitor Mode.
+* `visitor_mode_service` - TCP Service for Visitor Mode. Identified by name or UID.
+ Must be set when "support-visitor-mode" is true.
+* `visitor_mode_interface` - Interface for Visitor Mode.
+ Must be set when "support-visitor-mode" is true.
+ Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+
+
+`use_early_versions` supports the following:
+
+* `enabled` - Use early versions compatibility mode.
+* `compatibility_mode` - Early versions compatibility mode.
+
+
+`purge_sam_file` supports the following:
+
+* `enabled` - Purge SAM File.
+* `purge_when_size_reaches_to` - Purge SAM File When it Reaches to.
+
+
+`website_categorization` supports the following:
+
+* `mode` - Website categorization mode.
+* `custom_mode` - Custom mode object.custom_mode blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - Authentication method.
+* `identity_provider` - Identity provider object identified by the name or UID. Must be set when "authentication-method" was selected to be "identity provider".identity_provider blocks are documented below.
+* `radius` - Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`browser_based_authentication_portal_settings` supports the following:
+
+* `portal_web_settings` - Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - Authentication method.
+* `radius` - Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`identity_agent_portal_settings` supports the following:
+
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authorized_clients` supports the following:
+
+* `client` - Host / Network Group Name or UID.
+* `client_secret` - Client Secret.
+
+
+`authentication_settings` supports the following:
+
+* `users_directories` - Users directories.users_directories blocks are documented below.
+
+
+`client_access_permissions` supports the following:
+
+* `accessibility` - Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
`allocate_ip_address_from` supports the following:
+
* `radius_server` - Radius server used to authenticate the user.
* `use_allocate_method` - Use Allocate Method.
-* `allocate_method` - Using either Manual (IP Pool) or Automatic (DHCP). Must be set when "use-allocate-method" is true.
-* `manual_network` - Manual Network. Identified by name. Must be set when "allocate-method" was selected to be "manual".
-* `dhcp_server` - DHCP Server. Identified by name. Must be set when "allocate-method" was selected to be "automatic".
-* `virtual_ip_address` - Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method" was selected to be "automatic".
-* `dhcp_mac_address` - Calculated MAC address for DHCP allocation. Must be set when "allocate-method" was selected to be "automatic".
-* `optional_parameters` - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. optional_parameters blocks are documented below.
+* `allocate_method` - Using either Manual (IP Pool) or Automatic (DHCP).
+ Must be set when "use-allocate-method" is true.
+* `manual_network` - Manual Network. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "manual".
+* `dhcp_server` - DHCP Server. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `virtual_ip_address` - Virtual IPV4 address for DHCP server replies.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `dhcp_mac_address` - Calculated MAC address for DHCP allocation.
+ Must be set when "allocate-method" was selected to be "automatic".
+* `optional_parameters` - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data.optional_parameters blocks are documented below.
+
+
+`custom_mode` supports the following:
+
+* `social_networking_widgets` - Social networking widgets mode.
+* `url_filtering` - URL filtering mode.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - The certificate file encoded in Base64 with padding.
+ This file must be in the *.p12 format.
+* `base64_password` - Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - External user profile.
+* `internal_users` - Internal users.
+* `users_from_external_directories` - Users from external directories.
+* `specific` - LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`optional_parameters` supports the following:
+
* `use_primary_dns_server` - Use Primary DNS Server.
-* `primary_dns_server` - Primary DNS Server. Identified by name. Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
+* `primary_dns_server` - Primary DNS Server. Identified by name or UID.
+ Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
* `use_first_backup_dns_server` - Use First Backup DNS Server.
-* `first_backup_dns_server` - First Backup DNS Server. Identified by name. Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
+* `first_backup_dns_server` - First Backup DNS Server. Identified by name or UID.
+ Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
* `use_second_backup_dns_server` - Use Second Backup DNS Server.
-* `second_backup_dns_server` - Second Backup DNS Server. Identified by name. Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
+* `second_backup_dns_server` - Second Backup DNS Server. Identified by name or UID.
+ Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
* `dns_suffixes` - DNS Suffixes.
* `use_primary_wins_server` - Use Primary WINS Server.
-* `primary_wins_server` - Primary WINS Server. Identified by name. Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
+* `primary_wins_server` - Primary WINS Server. Identified by name or UID.
+ Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
* `use_first_backup_wins_server` - Use First Backup WINS Server.
-* `first_backup_wins_server` - First Backup WINS Server. Identified by name. Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
+* `first_backup_wins_server` - First Backup WINS Server. Identified by name or UID.
+ Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
* `use_second_backup_wins_server` - Use Second Backup WINS Server.
-* `second_backup_wins_server` - Second Backup WINS Server. Identified by name. Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-* `ip_lease_duration` - IP Lease Duration in Minutes. The value must be in the range 2-32767.
+* `second_backup_wins_server` - Second Backup WINS Server. Identified by name or UID.
+ Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-`remote_access` supports the following:
-* `support_l2tp` - Support L2TP (relevant only when office mode is active).
-* `l2tp_auth_method` - L2TP Authentication Method. Must be set when "support-l2tp" is true.
-* `l2tp_certificate` - L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be "certificate". Insert "defaultCert" when you want to use the default certificate.
-* `allow_vpn_clients_to_route_traffic` - Allow VPN clients to route traffic.
-* `support_nat_traversal_mechanism` - Support NAT traversal mechanism (UDP encapsulation).
-* `nat_traversal_service` - Allocated NAT traversal UDP service. Identified by name. Must be set when "support-nat-traversal-mechanism" is true.
-* `support_visitor_mode` - Support Visitor Mode.
-* `visitor_mode_service` - TCP Service for Visitor Mode. Identified by name. Must be set when "support-visitor-mode" is true.
-* `visitor_mode_interface` - Interface for Visitor Mode. Must be set when "support-visitor-mode" is true. Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
-`logs_settings` supports the following:
-* `free_disk_space_metrics` - Free disk space metrics.
-* `accept_syslog_messages` - Enable accept syslog messages.
-* `alert_when_free_disk_space_below` - Enable alert when free disk space is below threshold.
-* `alert_when_free_disk_space_below_threshold` - Alert when free disk space below threshold.
-* `alert_when_free_disk_space_below_type` - Alert when free disk space below type.
-* `before_delete_keep_logs_from_the_last_days` - Enable before delete keep logs from the last days.
-* `before_delete_keep_logs_from_the_last_days_threshold` - Before delete keep logs from the last days threshold.
-* `before_delete_run_script` - Enable Before delete run script.
-* `before_delete_run_script_command` - Before delete run script command.
-* `delete_index_files_older_than_days` - Enable delete index files older than days.
-* `delete_index_files_older_than_days_threshold` - Delete index files older than days threshold.
-* `delete_when_free_disk_space_below` - Enable delete when free disk space below.
-* `delete_when_free_disk_space_below_threshold` - Delete when free disk space below threshold.
-* `detect_new_citrix_ica_application_names` - Enable detect new citrix ica application names.
-* `enable_log_indexing` - Enable log indexing.
-* `forward_logs_to_log_server` - Enable forward logs to log server.
-* `forward_logs_to_log_server_name` - Forward logs to log server name.
-* `forward_logs_to_log_server_schedule_name` - Forward logs to log server schedule name.
-* `rotate_log_by_file_size` - Enable rotate log by file size.
-* `rotate_log_file_size_threshold` - Log file size threshold.
-* `rotate_log_on_schedule` - Enable rotate log on schedule.
-* `rotate_log_schedule_name` - Rotate log schedule name.
-* `stop_logging_when_free_disk_space_below` - Enable stop logging when free disk space below.
-* `stop_logging_when_free_disk_space_below_threshold` - Stop logging when free disk space below threshold.
-* `turn_on_qos_logging` - Enable turn on qos logging.
-* `update_account_log_every` - Update account log in every amount of seconds.
\ No newline at end of file
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
diff --git a/website/docs/d/checkpoint_management_tacacs_server.html.markdown b/website/docs/d/checkpoint_management_tacacs_server.html.markdown
new file mode 100644
index 00000000..d8819d6b
--- /dev/null
+++ b/website/docs/d/checkpoint_management_tacacs_server.html.markdown
@@ -0,0 +1,71 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_tacacs_server"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-tacacs-server"
+description: |-
+Use this data source to get information on an existing Check Point Tacacs Server.
+---
+
+# Data Source: checkpoint_management_tacacs_server
+
+Use this data source to get information on an existing Check Point Tacacs Server.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_host" "host" {
+ name = "My Host"
+ ipv4_address = "1.2.3.4"
+}
+
+resource "checkpoint_management_tacacs_server" "tacacs_server" {
+ name = "My Tacacs Server"
+ server = "1.2.3.4"
+}
+
+data "checkpoint_management_tacacs_server" "data_tacacs_server" {
+ name = "${checkpoint_management_tacacs_server.tacacs_server.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `encryption` - Is there a secret key defined on the server. Must be set true when "server-type" was selected to be "TACACS+".
+* `groups` - Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `priority` - The priority of the TACACS Server in case it is a member of a TACACS Group.
+* `server` - The UID or Name of the host that is the TACACS Server. server blocks are documented below.
+* `server_type` - Server type, TACACS or TACACS+.
+* `service` - Server service, only relevant when "server-type" is TACACS. service blocks are documented below.
+
+`server` supports the following:
+
+* `name` - Object name. Must be unique in the domain.
+* `uid` - Object unique identifier.
+
+
+`service` supports the following:
+
+* `name` - Object name. Must be unique in the domain.
+* `uid` - Object unique identifier.
+* `aggressive_aging` - Sets short (aggressive) timeouts for idle connections. aggressive_aging blocks are documented below.
+* `groups` - Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
+* `keep_connections_open_after_policy_installation` - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+* `match_for_any` - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port and protocol.
+* `port` - The number of the port used to provide this service.
+* `session_timeout` - Time (in seconds) before the session times out.
+* `source_port` - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet inspection. Otherwise, the source port is not inspected.
+* `sync_connections_on_cluster` - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
+* `use_default_session_timeout` - Use default virtual session timeout.
+
+
+`aggressive_aging` supports the following:
+
+* `default_timeout` - Default aggressive aging timeout in seconds.
+* `enabled`
+* `timeout` - Aggressive aging timeout in seconds.
+* `use_default_timeout`
\ No newline at end of file
diff --git a/website/docs/d/checkpoint_management_threat_layer.html.markdown b/website/docs/d/checkpoint_management_threat_layer.html.markdown
new file mode 100644
index 00000000..eddf9beb
--- /dev/null
+++ b/website/docs/d/checkpoint_management_threat_layer.html.markdown
@@ -0,0 +1,34 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_threat_layer"
+sidebar_current: "docs-checkpoint-data-source-checkpoint-management-threat-layer"
+description: |-
+Use this data source to get information on an existing Check Point Threat Layer.
+---
+
+# Data Source: checkpoint_management_threat_layer
+
+Use this data source to get information on an existing Check Point Threat Layer.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_threat_layer" "example" {
+ name = "New Layer 1"
+}
+
+data "checkpoint_management_threat_layer" "data_threat_layer" {
+ name = "${checkpoint_management_threat_layer.example.name}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) Object name. Should be unique in the domain.
+* `uid` - (Optional) Object unique identifier.
+* `tags` - Collection of tag identifiers.tags blocks are documented below.
+* `color` - Color of the object. Should be one of existing colors.
+* `comments` - Comments string.
\ No newline at end of file
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
index c344fdb5..1a88afe9 100644
--- a/website/docs/index.html.markdown
+++ b/website/docs/index.html.markdown
@@ -100,6 +100,7 @@ The following arguments are supported:
the `CHECKPOINT_SESSION_NAME` environment variable.
* `cloud_mgmt_id` - (Optional) Smart-1 Cloud management UID. this can also be defined via
the `CHECKPOINT_CLOUD_MGMT_ID` environment variable.
+* `session_description` - (Optional) A description of the session's purpose. this can also be defined via the `CHECKPOINT_SESSION_DESCRIPTION` environment variable.
## Authentication
@@ -172,6 +173,7 @@ $ export CHECKPOINT_SESSION_FILE_NAME="sid.json"
$ export CHECKPOINT_PROXY_HOST="1.2.3.4"
$ export CHECKPOINT_PROXY_PORT="123"
$ export CHECKPOINT_CLOUD_MGMT_ID="de9a9b08-c7c7-436e-a64a-a54136301701"
+$ export CHECKPOINT_SESSION_DESCRIPTION="session description"
```
Usage with api key:
@@ -188,6 +190,7 @@ $ export CHECKPOINT_SESSION_FILE_NAME="sid.json"
$ export CHECKPOINT_PROXY_HOST="1.2.3.4"
$ export CHECKPOINT_PROXY_PORT="123"
$ export CHECKPOINT_CLOUD_MGMT_ID="de9a9b08-c7c7-436e-a64a-a54136301701"
+$ export CHECKPOINT_SESSION_DESCRIPTION="session description"
```
Then configure the Check Point Provider as following:
@@ -259,7 +262,7 @@ $ terraform apply && publish && logout_from_session
### Discard
-Please use the following for Discard:
+Please use the following for discard:
```bash
$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint/commands/discard
@@ -268,9 +271,9 @@ $ mv discard $GOPATH/src/github.com/terraform-providers/terraform-provider-check
$ discard
```
-### approve_session
+### Approve session
-Please use the following for approve_session:
+Please use the following for approve session:
```bash
$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint/commands/approve_session
@@ -279,9 +282,9 @@ $ mv approve_session $GOPATH/src/github.com/terraform-providers/terraform-provid
$ approve_session "SESSION_UID"
```
-### reject_session
+### Reject session
-Please use the following for reject_session:
+Please use the following for reject session:
```bash
$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint/commands/reject_session
@@ -290,9 +293,9 @@ $ mv reject_session $GOPATH/src/github.com/terraform-providers/terraform-provide
$ reject_session "SESSION_UID" "REJECT_REASON"
```
-### submit_session
+### Submit session
-Please use the following for submit_session:
+Please use the following for submit session:
```bash
$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-checkpoint/commands/submit_session
diff --git a/website/docs/r/checkpoint_management_administrator.html.markdown b/website/docs/r/checkpoint_management_administrator.html.markdown
new file mode 100644
index 00000000..0e5f71f2
--- /dev/null
+++ b/website/docs/r/checkpoint_management_administrator.html.markdown
@@ -0,0 +1,67 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_administrator"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-administrator"
+description: |-
+This resource allows you to add/update/delete Check Point Administrator.
+---
+
+# Resource: checkpoint_management_host
+
+This resource allows you to add/update/delete Check Point Administrator.
+
+## Example Usage: MDS
+
+
+```hcl
+resource "checkpoint_management_administrator" "admin" {
+ name = "example"
+ permissions_profile {
+ domain = "domain1"
+ profile = "Read Only All"
+ }
+
+ multi_domain_profile = "domain level only"
+ password = "1233"
+
+}
+
+```
+
+## Example Usage: SMC
+
+
+```hcl
+resource "checkpoint_management_administrator" "admin" {
+ name = "example"
+ permissions_profile {
+ domain = "SMC User"
+ profile = "Read Only All"
+ }
+ password = "1233"
+
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name. Should be unique in the domain.
+* `password` - (Required) Administrator password.
+* `authentication_method` - (Required) Authentication method.
+* `permission_profile` - (Required) Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or "Domain Super User". In SMC, permissions_profile with single object, domain must be "SMC User".
+* `email` - (Optional) Administrator email.
+* `expiration_date` - (Optional) Format: YYYY-MM-DD, YYYY-mm-ddThh:mm:ss.
+* `multi_domain_profile` - (Optional) Administrator multi-domain profile. Only in MDS.
+* `must_change_password` - (Optional) True if administrator must change password on the next login.
+* `password_hash` (Optional) Administrator password hash.
+* `phone_number` - (Optional) Administrator phone number.
+* `radius_server` - (Optional) RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS".
+* `tacacs_server` - (Optional) TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS".
+* `tags` - (Optional) Collection of tag identifiers.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `sic_name` - Name of the Secure Internal Connection Trust.
\ No newline at end of file
diff --git a/website/docs/r/checkpoint_management_azure_ad.html.markdown b/website/docs/r/checkpoint_management_azure_ad.html.markdown
new file mode 100644
index 00000000..cbc0443f
--- /dev/null
+++ b/website/docs/r/checkpoint_management_azure_ad.html.markdown
@@ -0,0 +1,49 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_azure_ad"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-azure-ad"
+description: |-
+This resource allows you to execute Check Point Azure Ad.
+---
+
+# Resource: checkpoint_management_azure_ad
+
+This resource allows you to execute Check Point Azure Ad.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_azure_ad" "example" {
+ name = "example"
+ password = "123"
+ user_authentication = "user-authentication"
+ username = "example"
+ application_id = "a8662b33-306f-42ba-9ffb-a0ac27c8903f"
+ application_key = "EjdJ2JcNGpw3[GV8:PMN_s2KH]JhtlpO"
+ directory_id = "19c063a8-3bee-4ea5-b984-e344asds37f7"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name.
+* `authentication_method` - (Required) user-authentication
Uses the Azure AD User to authenticate.
service-principal-authentication
Uses the Service Principal to authenticate.
+* `password` - (Required) Password of the Azure account.
Required for authentication-method:
user-authentication.
+* `username` - (Required) An Azure Active Directory user Format
<username>@<domain>.
Required for authentication-method:
user-authentication.
+* `application_id` - (Required) The Application ID of the Service Principal, in UUID format.
Required for authentication-method:
service-principal-authentication.
+* `application_key` - (Required) The key created for the Service Principal.
Required for authentication-method:
service-principal-authentication.
+* `directory_id` - (Required) The Directory ID of the Azure AD, in UUID format.
Required for authentication-method:
service-principal-authentication.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `properties` - Azure AD connection properties. properties blocks are documented below.
+
+`properties` supports the following:
+
+* `name`
+* `value`
\ No newline at end of file
diff --git a/website/docs/r/checkpoint_management_lsv_profile.html.markdown b/website/docs/r/checkpoint_management_lsv_profile.html.markdown
new file mode 100644
index 00000000..84669a8d
--- /dev/null
+++ b/website/docs/r/checkpoint_management_lsv_profile.html.markdown
@@ -0,0 +1,42 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_lsv_profile"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-lsv-profile"
+description: |-
+This resource allows you to add/update/delete Check Point Lsv Profile.
+---
+
+# Resource: checkpoint_management_lsv_profile
+
+This resource allows you to add/update/delete Check Point Lsv Profile.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_lsv_profile" "example" {
+ name = "Lsv profile"
+ certificate_authority = "internal_ca"
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name. Should be unique in the domain.
+* `certificate_authority` - (Required) Trusted Certificate authority for establishing trust between VPN peers, identified by name or UID.
+* `allowed_ip_addresses` - (Optional) Collection of network objects identified by name or UID that represent IP addresses allowed in profile's VPN domain.
+* `restrict_allowed_addresses` - (Optional) Indicate whether the IP addresses allowed in the VPN Domain will be restricted or not, according to allowed-ip-addresses field.
+* `tags` - (Optional) Collection of tag identifiers.
+* `vpn_domain` - (Optional) peers' VPN Domain properties. vpn_domain blocks are documented below.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+`vpn_domain` supports the following:
+
+* `limit_peer_domain_size` - (Optional) Use this parameter to limit the number of IP addresses in the VPN Domain of each peer according to the value in the max-allowed-addresses field.
+* `max_allowed_addresses` - (Optional) Maximum number of IP addresses in the VPN Domain of each peer. This value will be enforced only when limit-peer-domain-size field is set to true. Select a value between 1 and 256. Default value is 256.
diff --git a/website/docs/r/checkpoint_management_nutanix_data_center_server.html.markdown b/website/docs/r/checkpoint_management_nutanix_data_center_server.html.markdown
new file mode 100644
index 00000000..efdf3412
--- /dev/null
+++ b/website/docs/r/checkpoint_management_nutanix_data_center_server.html.markdown
@@ -0,0 +1,46 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_nutanix_data_center_server"
+sidebar_current: "docs-checkpoint-Resource-checkpoint-management-nutanix-data-center-server"
+description: |- This resource allows you to execute Check Point nutanix data center server.
+---
+
+# Resource: checkpoint_management_nutanix_data_center_server
+
+This resource allows you to execute Check Point Nutanix Data Center Server.
+
+## Example Usage
+
+```hcl
+resource "checkpoint_management_nutanix_data_center_server" "testNutanix" {
+ name = "MY-NUTANIX"
+ hostname = "127.0.0.1"
+ username = "admin"
+ password = "admin"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name.
+* `hostname` - (Required) IP Address or hostname of the Nutanix Prism server.
+* `username` - (Required) Username of the Nutanix Prism server.
+* `password` - (Required) Password of the Nutanix Prism server.
+* `certificate_fingerprint` - (Optional) Specify the SHA-1 or SHA-256 fingerprint of the Data Center Server's certificate.
+* `unsafe_auto_accept` - (Optional) When set to false, the current Data Center Server's certificate should be trusted, either by providing the certificate-fingerprint argument or by relying on a previously trusted certificate of this hostname. When set to true, trust the current Data Center Server's certificate as-is.
+* `tags` - (Optional) Collection of tag identifiers.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `data_center_type` - Data center type.
+* `automatic_refresh` - Indicates whether the data center server's content is automatically updated.
+* `properties` - Data center properties. properties blocks are documented beloe.
+
+
+`properties` supports the following:
+
+* `name`
+* `value`
\ No newline at end of file
diff --git a/website/docs/r/checkpoint_management_oracle_cloud_data_center_server.html.markdown b/website/docs/r/checkpoint_management_oracle_cloud_data_center_server.html.markdown
new file mode 100644
index 00000000..b9f35f9c
--- /dev/null
+++ b/website/docs/r/checkpoint_management_oracle_cloud_data_center_server.html.markdown
@@ -0,0 +1,48 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_oracle_cloud_data_center_server"
+sidebar_current: "docs-checkpoint-Resource-checkpoint-management-oracle-cloud-data-center-server"
+description: |- This resource allows you to execute Check Point oracle cloud data center server.
+---
+
+# Resource: checkpoint_management_oracle_cloud_data_center_server
+
+This resource allows you to execute Check Point Oracle Cloud Data Center Server.
+
+## Example Usage
+
+```hcl
+resource "checkpoint_management_oracle_cloud_data_center_server" "testOracleCloud" {
+ name = "MY-ORACLE-CLOUD"
+ authentication_method = "key-authentication"
+ private_key = "0SLtLS1CRUdJTiBQUklWQVRFIEtS0FWtLS0tDQpNSUlFdkFJQkFEQU5CZ2txaGtpRzl3AAAAUUVGQUFTQ0JLWXdnZ1NpQWdFQUFvSUJBUURUdmVrK1laMmNSekVmDQp1QkNoMkFxS2hzUFcrQUhUajY4dE5VbVl4OUFTRXBsREhnMkF0bCtMRWRRWUFRSUtLMUZ5L1JHRitkK3RkWjUrDQpabmprN0hESTQ5V3Rib0xodWN3YjBpNU4xbEVKWHVhOHhEN0FROTJXQy9PdzhzVktPRlJGNVJhMmxSa0svRS8xDQpxeDhKYnRoMGdXdHg0NHBQaWJwU3crMTB0QUhHR2FTLzVwN3hNUXhzajZTOThwL1hnalg5NzN4VStZZ2dLNUx3DQp6WlkzSDQ3UVREcmpyZzhOVmpDSFU3b3IrcEpCbjdldGF0V3psK3BQcVd4ODZub2tjdG5abUQxcHNnWnkwTEdDDQpRYys5ejdURGhEOFhuVERwckxiRGZXRnZqOTVKSmc3Q1krd29zN05vSENEOG5RWjFZZURVQkJjUkVlZXJVRlhBDQpaZ1I3UGNCN0FnTUJBQUVDZ2dFQUdkUWxCZVFER3ROMXJaTXNERGRUU2RudDU3b2NWdXlac2grNW1PRVVMakF3DQptOXhTOUt3ZnlYeTZRaXlxb3JKQ3REa2trR2c0OHhWOFBrVDN1RTBUTzU0aDF1UmxJMjNMbjcvVmFzOUZnVlFmDQpQS1dLVmdwYjdFMWhtT2gwVFNmRDRwRnpETlh4SzhMaXYycWVxdTJTTlRGWVR1M2RBRWpNL3EyWERmdXJQN2tiDQprZ3FKRFBwd2g4RWRXMVg1VVAyVE9CVWxwQllDTndxUkFJQ1E3eWlzbW5xeFlZS3RKc21MK21IQ3JYM3hNRHVTDQp4NHJCVDUvcXVrdVc4MmwrbGZmU3ZTNGpsb0VhajJ2QmozSk1udy9lYlNucFplU3FENTFjOUZlOCtocU4rU3NoDQozTnc0QXVybE1RRG5vZy9STUF3QUR3KzBRUlIwNVdaWDhMVXllVTBVVVFLQmdRRHd6R2I0b25BWHlNeUNkbHB3DQpRRnFCR0pwQnlsWEJjSkZnMGpCd1JMV2tQL3VjWnNoZlFlbkFWbkRZZS9yQ0FnWWxSdFFOVFRvb3BFSjlGcGgyDQp6TkVzd1EwcnV4WjFrVm41U1hwS2dF4668KalUxT3dGa3R1WFlJcEtBNGk5dFoxT04zb1lqdVRtMUlzb2xWZXVTDQpqK3Mwd1o3ZDAyYTNXcDN1UXJ3TFUwVjdpUUtCZ1FEaEcrc2xsNDYveGxONldWWEs3RVpkOGFEcTlTNEU0aEQvDQpvTmUwS0dVcHhZYngyTnFWN1VLSEwzOE41eG5qNGllWGt2U1BnL0twVUpqUmtLN0xJMnZsNmlndUJkdW01VUR1DQp5dW4rL1dNcVdnb2p4anZBbmxsS2lIa0JRMTJ2UFRqcE9HSGIrY0RqVWxROGVnOThFOEJ0ZktUQjFkRlcxUnBlDQorMXY0aXR3RzR3S0JnQzJLeXpMZExnd2hpeVJsbEFkRTlKa1QrU0RXVHMvT0pZREZZQ25ycE5zU3l0aXl5OVRRDQpWNUJzQ04yNDNSMVNXcTAwTHlqdzRUNE1peEt6Y2xTTnVrWVhvUkVUU2xVa0QzdEpmVnFYMVUrTE1XY0c2T1dPDQpmZndaMWRHUWRkM2dPL3BLQ3Q2NHlvUkt0eWJHa0U1ZzcrQkRlbk9ENXhwb2hoUXBCUDJ6V3lIWkFvR0FURndqDQpGUHBuUXVoc3Nza1JFQ2U3NnV3bkVPeWdjcW1ZNkkzUC9kM2lDeHhsSFM3Wlh4Zy9oQW41aUdiSFlvVDV0ekh6DQpZYWQ1cmpPWDB5YklGRUpzdkc0RXVTL2xoYVNvdFJnQjdpeFg4aXJlMjZuSDVSd1IzL1dSVG50aWtTb3NYdmh3DQpRYVZqNS9pcWVHVlRVVnlGM3QzMEtZaDFYWVltVHVmbkY5VktzODhDZ1lCTTNVN2QwOU9MemhMZTh3cnp1dEpuDQpGdmRGWlhCRnhXRGwyNXdteElWTFdpM0kvaWg2QXN5YlRNNWMzbFpTTUVvcjJYeXJqNnFUNzZ6amQ2eGE2NlN3DQpXMEVyL2lEY3dWK244MHpuU3lPSW5lRThIVkh1SGtNYVpPeHkvVzdVWDFqL0RmUnJPZG1iS1NWN2NBV2dVTlBrDQpnd1V5RkM2OTRKTR41Vko0WXZEZU13PT0NCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0="
+ key_user = "ocid1.user.oc1..aaaaaaaad6n7rniiwgxehy6coo4ax2ti7pr5yr53cbdxdyp6sx6dhrttcz4a"
+ key_tenant = "ocid1.tenancy.oc1..aaaaaaaaft6hqvl367uh4e3pmdxnzmca6cxamwjfaag5lm7bnhuwu6ypajca"
+ key_region = "eu-frankfurt-1"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name. Must be unique in the domain.
+* `authentication_method` - (Required) key-authentication uses the Service Account private key file to authenticate. vm-instance-authentication uses VM Instance to authenticate. This option requires the Security Management Server deployed in Oracle Cloud, and running in a dynamic group with the required permissions.
+* `private_key` - (Required) An Oracle Cloud API key PEM file, encoded in base64. Required for authentication-method: key-authentication.
+* `key_user` - (Required) An Oracle Cloud user id associated with key. Required for authentication-method: key-authentication.
+* `key_tenant` - (Required) An Oracle Cloud tenancy id where the key was created. Required for authentication-method: key-authentication.
+* `key_region` - (Required) An Oracle Cloud region for where to create scanner. Required for authentication-method: key-authentication.
+* `tags` - (Optional) Collection of tag identifiers.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `automatic_refresh` - Indicates whether the data center server's content is automatically updated.
+* `data_center_type` - Data center type.
+* `properties` - Data center properties. properties blocks are documented below.
+
+
+`properties` supports the following:
+
+* `name`
+* `value`
\ No newline at end of file
diff --git a/website/docs/r/checkpoint_management_radius_group.html.markdown b/website/docs/r/checkpoint_management_radius_group.html.markdown
new file mode 100644
index 00000000..0432a8d3
--- /dev/null
+++ b/website/docs/r/checkpoint_management_radius_group.html.markdown
@@ -0,0 +1,45 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_radius_group"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-radius-group"
+description: |-
+This resource allows you to add/update/delete Check Point Radius Group.
+---
+
+# Resource: checkpoint_management_radius_group
+
+This resource allows you to add/update/delete Check Point Radius Group.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_host" "host" {
+ name = "My Host"
+ ipv4_address = "1.2.3.4"
+}
+
+resource "checkpoint_management_radius_server" "radius_server" {
+ name = "New Radius Server"
+ server = "${checkpoint_management_host.host.name}"
+ shared_secret = "123"
+}
+
+resource "checkpoint_management_radius_group" "radius_group" {
+ name = "New Radius Group"
+ members = ["${checkpoint_management_radius_server.radius_server.name}"]
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name. Must be unique in the domain.
+* `members` - (Optional) Collection of radius servers identified by the name or UID.
+* `tags` - (Optional) Collection of tag identifiers.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
diff --git a/website/docs/r/checkpoint_management_radius_server.html.markdown b/website/docs/r/checkpoint_management_radius_server.html.markdown
new file mode 100644
index 00000000..1594768c
--- /dev/null
+++ b/website/docs/r/checkpoint_management_radius_server.html.markdown
@@ -0,0 +1,52 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_radius_server"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-radius-server"
+description: |-
+This resource allows you to add/update/delete Check Point Radius Server.
+---
+
+# Resource: checkpoint_management_radius_server
+
+This resource allows you to add/update/delete Check Point Radius Server.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_host" "host" {
+ name = "My Host"
+ ipv4_address = "1.2.3.4"
+}
+
+resource "checkpoint_management_radius_server" "example" {
+ name = "New Radius Server"
+ server = "${checkpoint_management_host.host.name}"
+ shared_secret = "123"
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name. Should be unique in the domain.
+* `server` - (Required) The UID or Name of the host that is the RADIUS Server.
+* `shared_secret` - (Required) The secret between the RADIUS server and the Security Gateway.
+* `service` - (Optional) The UID or Name of the Service to which the RADIUS server listens.
+* `version` - (Optional) The version can be either RADIUS Version 1.0, which is RFC 2138 compliant, and RADIUS Version 2.0 which is RFC 2865 compliant.
+* `protocol` - (Optional) The type of authentication protocol that will be used when authenticating the user to the RADIUS server.
+* `priority` - (Optional) The priority of the RADIUS Server in case it is a member of a RADIUS Group.
+* `accounting` - (Optional) Accounting settings. accounting blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`accounting` supports the following:
+
+* `enable_ip_pool_management` - (Optional) IP pool management, enables Accounting service.
+* `accounting_service` - (Optional) The UID or Name of the the accounting interface to notify the server when users login and logout which will then lock and release the IP addresses that the server allocated to those users.
diff --git a/website/docs/r/checkpoint_management_simple_cluster.html.markdown b/website/docs/r/checkpoint_management_simple_cluster.html.markdown
index c3034318..c61495e9 100644
--- a/website/docs/r/checkpoint_management_simple_cluster.html.markdown
+++ b/website/docs/r/checkpoint_management_simple_cluster.html.markdown
@@ -6,7 +6,7 @@ description: |-
This resource allows you to execute Check Point Simple Cluster.
---
-# Resource: checkpoint_management_simple_cluster
+# checkpoint_management_simple_cluster
This resource allows you to execute Check Point Simple Cluster.
@@ -14,12 +14,14 @@ This resource allows you to execute Check Point Simple Cluster.
```hcl
-resource "checkpoint_management_simple_cluster" "cluster" {
- name = "mycluster"
- ipv4_address = "1.2.3.4"
- version = "R81"
- hardware = "Open server"
- send_logs_to_server = ["logserver"]
+resource "checkpoint_management_simple_cluster" "example" {
+ name = "cluster1"
+ color = "yellow"
+ version = "R80.30"
+ os_name = "Gaia"
+ cluster_mode = "cluster-xl-ha"
+ firewall = true
+ ipv4_address = "17.23.5.1"
}
```
@@ -28,159 +30,625 @@ resource "checkpoint_management_simple_cluster" "cluster" {
The following arguments are supported:
* `name` - (Required) Object name.
-* `ipv4_address` - (Optional) IPv4 address.
-* `ipv6_address` - (Optional) IPv6 address.
-* `cluster_mode` - (Optional) Cluster mode.
-* `interfaces` - (Optional) Cluster interfaces. interfaces blocks are documented below.
-* `members` - (Optional) Cluster members. members blocks are documented below.
+* `advanced_settings` - (Optional) N/Aadvanced_settings blocks are documented below.
* `anti_bot` - (Optional) Anti-Bot blade enabled.
* `anti_virus` - (Optional) Anti-Virus blade enabled.
-* `application_control` - (Optional) Application Control blade enabled.
-* `content_awareness` - (Optional) Content Awareness blade enabled.
-* `data_awareness` - (Optional) Data Awareness blade enabled.
-* `ips` - (Optional) Intrusion Prevention System blade enabled.
-* `threat_emulation` - (Optional) Threat Emulation blade enabled.
-* `url_filtering` - (Optional) URL Filtering blade enabled.
-* `firewall` - (Optional) Firewall blade enabled.
-* `firewall_settings` - (Optional) Firewall settings. firewall_settings blocks are documented below.
-* `vpn` - (Optional) VPN blade enabled.
-* `vpn_settings` - (Optional) Cluster VPN settings. vpn_settings blocks are documented below.
-* `dynamic_ip` - (Computed) Dynamic IP address.
-* `version` - (Optional) Cluster platform version.
-* `os_name` - (Optional) Cluster Operating system name.
-* `hardware` - (Optional) Cluster platform hardware name.
-* `one_time_password` - (Optional) Secure Internal Communication one time password.
-* `sic_name` - (Computed) Secure Internal Communication name.
-* `sic_state` - (Computed) Secure Internal Communication state.
-* `save_logs_locally` - (Optional) Enable save logs locally.
-* `send_alerts_to_server` - (Optional) Collection of Server(s) to send alerts to identified by the name.
-* `send_logs_to_backup_server` - (Optional) Collection of Backup server(s) to send logs to identified by the name.
-* `send_logs_to_server` - (Optional) Collection of Server(s) to send logs to identified by the name.
-* `logs_settings` - (Optional) Logs settings. logs_settings blocks are documented below.
-* `color` - (Optional) Color of the object.
+* `application_control` - (Optional) Application Control blade enabled.
+* `application_control_and_url_filtering_settings` - (Optional) Gateway Application Control and URL filtering settings.application_control_and_url_filtering_settings blocks are documented below.
+* `cluster_mode` - (Optional) Cluster mode.
+* `cluster_settings` - (Optional) ClusterXL and VRRP Settings.cluster_settings blocks are documented below.
+* `content_awareness` - (Optional) Content Awareness blade enabled.
+* `enable_https_inspection` - (Optional) Enable HTTPS Inspection after defining an outbound inspection certificate.
To define the outbound certificate use outbound inspection certificate API.
+* `fetch_policy` - (Optional) Security management server(s) to fetch the policy from.fetch_policy blocks are documented below.
+* `firewall` - (Optional) Firewall blade enabled.
+* `firewall_settings` - (Optional) N/Afirewall_settings blocks are documented below.
+* `geo_mode` - (Optional) Cluster High Availability Geo mode.
This setting applies only to a cluster deployed in a cloud. Available when the cluster mode equals "cluster-xl-ha".
+* `hardware` - (Optional) Cluster platform hardware.
+* `hit_count` - (Optional) Hit count tracks the number of connections each rule matches.
+* `https_inspection` - (Optional) HTTPS inspection.https_inspection blocks are documented below.
+* `identity_awareness` - (Optional) Identity awareness blade enabled.
+* `identity_awareness_settings` - (Optional) Gateway Identity Awareness settings.identity_awareness_settings blocks are documented below.
+* `interfaces` - (Optional) Cluster interfaces.interfaces blocks are documented below.
+* `ipv4_address` - (Optional) IPv4 address.
+* `ipv6_address` - (Optional) IPv6 address.
+* `ips` - (Optional) Intrusion Prevention System blade enabled.
+* `ips_update_policy` - (Optional) Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.
+* `members` - (Optional) Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported.members blocks are documented below.
+* `nat_hide_internal_interfaces` - (Optional) Hide internal networks behind the Gateway's external IP.
+* `nat_settings` - (Optional) NAT settings.nat_settings blocks are documented below.
+* `os_name` - (Optional) Cluster platform operating system.
+* `platform_portal_settings` - (Optional) Platform portal settings.platform_portal_settings blocks are documented below.
+* `proxy_settings` - (Optional) Proxy Server for Gateway.proxy_settings blocks are documented below.
+* `qos` - (Optional) QoS.
+* `send_alerts_to_server` - (Optional) Server(s) to send alerts to.send_alerts_to_server blocks are documented below.
+* `send_logs_to_backup_server` - (Optional) Backup server(s) to send logs to.send_logs_to_backup_server blocks are documented below.
+* `send_logs_to_server` - (Optional) Server(s) to send logs to.send_logs_to_server blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `threat_emulation` - (Optional) Threat Emulation blade enabled.
+* `threat_extraction` - (Optional) Threat Extraction blade enabled.
+* `threat_prevention_mode` - (Optional) The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed.
+* `url_filtering` - (Optional) URL Filtering blade enabled.
+* `usercheck_portal_settings` - (Optional) UserCheck portal settings.usercheck_portal_settings blocks are documented below.
+* `version` - (Optional) Cluster platform version.
+* `vpn` - (Optional) VPN blade enabled.
+* `vpn_settings` - (Optional) Gateway VPN settings.vpn_settings blocks are documented below.
+* `zero_phishing` - (Optional) Zero Phishing blade enabled.
+* `zero_phishing_fqdn` - (Optional) Zero Phishing gateway FQDN.
+* `show_portals_certificate` - (Optional) Indicates whether to show the portals certificate value in the reply.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
* `comments` - (Optional) Comments string.
-* `tags` - (Optional) Collection of tags identified by name.
+* `groups` - (Optional) Collection of group identifiers.groups blocks are documented below.
* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
-* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`advanced_settings` supports the following:
+
+* `connection_persistence` - (Optional) Handling established connections when installing a new policy.
+* `sam` - (Optional) SAM.sam blocks are documented below.
+
+
+`application_control_and_url_filtering_settings` supports the following:
+
+* `global_settings_mode` - (Optional) Whether to override global settings or not.
+* `override_global_settings` - (Optional) override global settings object.override_global_settings blocks are documented below.
+
+
+`cluster_settings` supports the following:
+
+* `member_recovery_mode` - (Optional) In a High Availability cluster, each member is given a priority. The member with the highest priority serves as the gateway. If this gateway fails, control is passed to the member with the next highest priority. If that member fails, control is passed to the next, and so on. Upon gateway recovery, it is possible to:
+Maintain current active Cluster Member (maintain-current-active) or
+Switch to higher priority Cluster Member (according-to-priority).
+* `state_synchronization` - (Optional) Cluster State Synchronization settings.state_synchronization blocks are documented below.
+* `track_changes_of_cluster_members` - (Optional) Track changes in the status of Cluster Members.
+* `use_virtual_mac` - (Optional) Use Virtual MAC. By enabling Virtual MAC in ClusterXL High Availability New mode, or Load Sharing Unicast mode, all cluster members associate the same Virtual MAC address with All Cluster Virtual Interfaces and the Virtual IP address.
+
+
+`firewall_settings` supports the following:
+
+* `auto_calculate_connections_hash_table_size_and_memory_pool` - (Optional) N/A
+* `auto_maximum_limit_for_concurrent_connections` - (Optional) N/A
+* `connections_hash_size` - (Optional) N/A
+* `maximum_limit_for_concurrent_connections` - (Optional) N/A
+* `maximum_memory_pool_size` - (Optional) N/A
+* `memory_pool_size` - (Optional) N/A
+
+
+`https_inspection` supports the following:
+
+* `bypass_on_failure` - (Optional) Set to be true in order to bypass all requests (Fail-open) in case of internal system error.bypass_on_failure blocks are documented below.
+* `site_categorization_allow_mode` - (Optional) Set to 'background' in order to allowed requests until categorization is complete.site_categorization_allow_mode blocks are documented below.
+* `deny_untrusted_server_cert` - (Optional) Set to be true in order to drop traffic from servers with untrusted server certificate.deny_untrusted_server_cert blocks are documented below.
+* `deny_revoked_server_cert` - (Optional) Set to be true in order to drop traffic from servers with revoked server certificate (validate CRL).deny_revoked_server_cert blocks are documented below.
+* `deny_expired_server_cert` - (Optional) Set to be true in order to drop traffic from servers with expired server certificate.deny_expired_server_cert blocks are documented below.
+
+
+`identity_awareness_settings` supports the following:
+
+* `browser_based_authentication` - (Optional) Enable Browser Based Authentication source.
+* `browser_based_authentication_settings` - (Optional) Browser Based Authentication settings.browser_based_authentication_settings blocks are documented below.
+* `identity_agent` - (Optional) Enable Identity Agent source.
+* `identity_agent_settings` - (Optional) Identity Agent settings.identity_agent_settings blocks are documented below.
+* `identity_collector` - (Optional) Enable Identity Collector source.
+* `identity_collector_settings` - (Optional) Identity Collector settings.identity_collector_settings blocks are documented below.
+* `identity_sharing_settings` - (Optional) Identity sharing settings.identity_sharing_settings blocks are documented below.
+* `proxy_settings` - (Optional) Identity-Awareness Proxy settings.proxy_settings blocks are documented below.
+* `remote_access` - (Optional) Enable Remote Access Identity source.
+
`interfaces` supports the following:
-* `name` - (Optional) Interface name.
+
+* `name` - (Optional) Object name. Must be unique in the domain.
* `interface_type` - (Optional) Cluster interface type.
* `ipv4_address` - (Optional) IPv4 address.
* `ipv6_address` - (Optional) IPv6 address.
-* `ipv4_network_mask` - (Optional) IPv4 network address.
-* `ipv6_network_mask` - (Optional) IPv6 network address.
-* `ipv4_mask_length` - (Optional) IPv4 network mask length.
-* `ipv6_mask_length` - (Optional) IPv4 network mask length.
-* `anti_spoofing` - (Optional) Anti spoofing.
-* `anti_spoofing_settings` - (Optional) Anti spoofing settings. anti_spoofing_settings blocks are documented below.
-* `multicast_address` - (Optional) Multicast IP Address.
-* `multicast_address_type` - (Optional) Multicast Address Type.
-* `security_zone` - (Optional) Security zone.
-* `security_zone_settings` - (Optional) Security zone settings. security_zone_settings blocks are documented below.
-* `topology` - (Optional) Topology.
-* `topology_settings` - (Optional) Topology settings. topology_settings blocks are documented below.
-* `topology_automatic_calculation` - (Computed) Shows the automatic topology calculation..
-* `topology` - (Optional) Topology.
+* `network_mask` - (Optional) IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
+* `ipv4_network_mask` - (Optional) IPv4 network address.
+* `ipv6_network_mask` - (Optional) IPv6 network address.
+* `ipv4_mask_length` - (Optional) IPv4 network mask length.
+* `ipv6_mask_length` - (Optional) IPv6 network mask length.
+* `anti_spoofing` - (Optional) N/A
+* `anti_spoofing_settings` - (Optional) N/Aanti_spoofing_settings blocks are documented below.
+* `multicast_address` - (Optional) Multicast IP Address.
+* `multicast_address_type` - (Optional) Multicast Address Type.
+* `security_zone` - (Optional) N/A
+* `security_zone_settings` - (Optional) N/Asecurity_zone_settings blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `topology` - (Optional) N/A
+* `topology_settings` - (Optional) N/Atopology_settings blocks are documented below.
* `color` - (Optional) Color of the object. Should be one of existing colors.
* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`members` supports the following:
+
+* `name` - (Optional) Object name.
+* `interfaces` - (Optional) Cluster Member network interfaces.interfaces blocks are documented below.
+* `ipv4_address` - (Optional) IPv4 address.
+* `ipv6_address` - (Optional) IPv6 address.
+* `one_time_password` - (Optional) N/A
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `priority` - (Optional) In a High Availability New mode cluster each machine is given a priority. The highest priority machine serves as the gateway in normal circumstances. If this machine fails, control is passed to the next highest priority machine. If that machine fails, control is passed to the next machine, and so on.
+In Load Sharing Unicast mode cluster, the highest priority is the pivot machine.
+The values must be in a range from 1 to N, where N is number of cluster members.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`nat_settings` supports the following:
+
+* `auto_rule` - (Optional) Whether to add automatic address translation rules.
+* `ipv4_address` - (Optional) IPv4 address.
+* `ipv6_address` - (Optional) IPv6 address.
+* `hide_behind` - (Optional) Hide behind method. This parameter is forbidden in case "method" parameter is "static".
+* `install_on` - (Optional) Which gateway should apply the NAT translation.
+* `method` - (Optional) NAT translation method.
+
+
+`platform_portal_settings` supports the following:
+
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `use_custom_proxy` - (Optional) Use custom proxy settings for this network object.
+* `proxy_server` - (Optional) N/A
+* `port` - (Optional) N/A
+
+
+`usercheck_portal_settings` supports the following:
+
+* `enabled` - (Optional) State of the web portal (enabled or disabled). The supported blades are: {'Application Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`vpn_settings` supports the following:
+
+* `authentication` - (Optional) Authentication.authentication blocks are documented below.
+* `link_selection` - (Optional) Link Selection.link_selection blocks are documented below.
+* `maximum_concurrent_ike_negotiations` - (Optional) N/A
+* `maximum_concurrent_tunnels` - (Optional) N/A
+* `office_mode` - (Optional) Office Mode.
+Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients.office_mode blocks are documented below.
+* `remote_access` - (Optional) Remote Access.remote_access blocks are documented below.
+* `vpn_domain` - (Optional) Gateway VPN domain identified by the name or UID.
+* `vpn_domain_exclude_external_ip_addresses` - (Optional) Exclude the external IP addresses from the VPN domain of this Security Gateway.
+* `vpn_domain_type` - (Optional) Gateway VPN domain type.
+
+
+`sam` supports the following:
+
+* `forward_to_other_sam_servers` - (Optional) Forward SAM clients' requests to other SAM servers.
+* `use_early_versions` - (Optional) Use early versions compatibility mode.use_early_versions blocks are documented below.
+* `purge_sam_file` - (Optional) Purge SAM File.purge_sam_file blocks are documented below.
+
+
+`override_global_settings` supports the following:
+
+* `fail_mode` - (Optional) Fail mode - allow or block all requests.
+* `website_categorization` - (Optional) Website categorization object.website_categorization blocks are documented below.
+
+
+`state_synchronization` supports the following:
+
+* `delayed` - (Optional) Start synchronizing with delay of seconds, as defined by delayed-seconds, after connection initiation. Disabled when state-synchronization disabled.
+* `delayed_seconds` - (Optional) Start synchronizing X seconds after connection initiation
+. The values must be in a range between 2 and 3600.
+* `enabled` - (Optional) Use State Synchronization.
+
+
+`bypass_on_failure` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`site_categorization_allow_mode` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_untrusted_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_revoked_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_expired_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`browser_based_authentication_settings` supports the following:
+
+* `authentication_settings` - (Optional) Authentication Settings for Browser Based Authentication.authentication_settings blocks are documented below.
+* `browser_based_authentication_portal_settings` - (Optional) Browser Based Authentication portal settings.browser_based_authentication_portal_settings blocks are documented below.
+
+
+`identity_agent_settings` supports the following:
+
+* `agents_interval_keepalive` - (Optional) Agents send keepalive period (minutes).
+* `user_reauthenticate_interval` - (Optional) Agent reauthenticate time interval (minutes).
+* `authentication_settings` - (Optional) Authentication Settings for Identity Agent.authentication_settings blocks are documented below.
+* `identity_agent_portal_settings` - (Optional) Identity Agent accessibility settings.identity_agent_portal_settings blocks are documented below.
+
+
+`identity_collector_settings` supports the following:
+
+* `authorized_clients` - (Optional) Authorized Clients.authorized_clients blocks are documented below.
+* `authentication_settings` - (Optional) Authentication Settings for Identity Collector.authentication_settings blocks are documented below.
+* `client_access_permissions` - (Optional) Identity Collector accessibility settings.client_access_permissions blocks are documented below.
+
+
+`identity_sharing_settings` supports the following:
+
+* `share_with_other_gateways` - (Optional) Enable identity sharing with other gateways.
+* `receive_from_other_gateways` - (Optional) Enable receiving identity from other gateways.
+* `receive_from` - (Optional) Gateway(s) to receive identity from.receive_from blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `detect_using_x_forward_for` - (Optional) Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
+
`anti_spoofing_settings` supports the following:
-* `action` - (Optional) If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+
+* `action` - (Optional) If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - (Optional) Don't check packets from excluded network.
+* `excluded_network_name` - (Optional) Excluded network name.
+* `excluded_network_uid` - (Optional) Excluded network UID.
+* `spoof_tracking` - (Optional) Spoof tracking.
+
`security_zone_settings` supports the following:
-* `auto_calculated` - (Optional) Security Zone is calculated according to where the interface leads to.
-* `specific_zone` - (Optional) Security Zone specified manually.
+
+* `auto_calculated` - (Optional) Security Zone is calculated according to where the interface leads to.
+* `specific_zone` - (Optional) Security Zone specified manually.
+
`topology_settings` supports the following:
-* `interface_leads_to_dmz` - (Optional) Whether this interface leads to demilitarized zone (perimeter network).
-* `ip_address_behind_this_interface` - (Optional) Ip address behind this interface.
-* `specific_network` - (Optional) Network behind this interface.
-`members` supports the following:
-* `name` - (Optional) Object name. Should be unique in the domain..
-* `ip_address` - (Optional) IPv4 or IPv6 address.
-* `interfaces` - (Optional) Cluster Member network interfaces. interfaces blocks are documented below.
-* `one_time_password` - (Optional) Secure Internal Communication one time password.
-* `sic_name` - (Computed) Secure Internal Communication name.
-* `sic_message` - (Computed) Secure Internal Communication state.
+* `interface_leads_to_dmz` - (Optional) Whether this interface leads to demilitarized zone (perimeter network).
+* `specific_network` - (Optional) Network behind this interface.
+
`interfaces` supports the following:
-* `name` - (Optional) Interface name.
+
+* `name` - (Optional) Object name.
+* `anti_spoofing` - (Optional) N/A
+* `anti_spoofing_settings` - (Optional) N/Aanti_spoofing_settings blocks are documented below.
* `ipv4_address` - (Optional) IPv4 address.
* `ipv6_address` - (Optional) IPv6 address.
-* `ipv4_network_mask` - (Optional) IPv4 network address.
-* `ipv6_network_mask` - (Optional) IPv6 network address.
-* `ipv4_mask_length` - (Optional) IPv4 network mask length.
-* `ipv6_mask_length` - (Optional) IPv6 network mask length.
+* `network_mask` - (Optional) IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
+* `ipv4_network_mask` - (Optional) IPv4 network address.
+* `ipv6_network_mask` - (Optional) IPv6 network address.
+* `ipv4_mask_length` - (Optional) IPv4 network mask length.
+* `ipv6_mask_length` - (Optional) IPv6 network mask length.
+* `security_zone` - (Optional) N/A
+* `security_zone_settings` - (Optional) N/Asecurity_zone_settings blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `topology` - (Optional) N/A
+* `topology_settings` - (Optional) N/Atopology_settings blocks are documented below.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
-`firewall_settings` supports the following:
-* `auto_calculate_connections_hash_table_size_and_memory_pool` - (Optional) Auto calculate connections hash table size and memory pool.
-* `auto_maximum_limit_for_concurrent_connections` - (Optional) Auto maximum limit for concurrent connections.
-* `connections_hash_size` - (Optional) Connections hash size.
-* `maximum_limit_for_concurrent_connections` - (Optional) Maximum limit for concurrent connections.
-* `maximum_memory_pool_size` - (Optional) Maximum memory pool size.
-* `memory_pool_size` - (Optional) Memory pool size.
-`vpn_settings` supports the following:
-* `authentication` - (Optional) authentication blocks are documented below.
-* `link_selection` - (Optional) Link selection blocks are documented below.
-* `maximum_concurrent_ike_negotiations` - (Optional) Maximum concurrent ike negotiations.
-* `maximum_concurrent_tunnels` - (Optional) Maximum concurrent tunnels.
-* `office_mode` - (Optional) Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. office_mode blocks are documented below.
-* `remote_access` - (Optional) remote_access blocks are documented below.
-* `vpn_domain` - (Optional) Gateway VPN domain identified by the name.
-* `vpn_domain_type` - (Optional) Gateway VPN domain type.
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`authentication` supports the following:
-* `authentication_clients` - (Optional) Collection of VPN Authentication clients identified by the name.
+
+* `authentication_clients` - (Optional) Collection of VPN Authentication clients identified by the name or UID.authentication_clients blocks are documented below.
+
`link_selection` supports the following:
-* `ip_selection` - (Optional) IP selection.
+
* `dns_resolving_hostname` - (Optional) DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
-* `ip_address` - (Optional) IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip".
+
`office_mode` supports the following:
-* `mode` - (Optional) Office Mode Permissions. When selected to be "off", all the other definitions are irrelevant.
-* `group` - (Optional) Group. Identified by name. Must be set when "office-mode-permissions" was selected to be "group".
-* `allocate_ip_address_from` - (Optional) Allocate IP address Method. Allocate IP address by sequentially trying the given methods until success. allocate_ip_address_from blocks are documented below.
-* `support_multiple_interfaces` - (Optional) Support connectivity enhancement for gateways with multiple external interfaces.
-* `perform_anti_spoofing` - (Optional) Perform Anti-Spoofing on Office Mode addresses.
-* `anti_spoofing_additional_addresses` - (Optional) Additional IP Addresses for Anti-Spoofing. Identified by name. Must be set when "perform-anti-spoofings" is true.
+
+* `mode` - (Optional) Office Mode Permissions.
+When selected to be "off", all the other definitions are irrelevant.
+* `group` - (Optional) Group. Identified by name or UID.
+Must be set when "office-mode-permissions" was selected to be "group".
+* `allocate_ip_address_from` - (Optional) Allocate IP address Method.
+Allocate IP address by sequentially trying the given methods until success.allocate_ip_address_from blocks are documented below.
+* `support_multiple_interfaces` - (Optional) Support connectivity enhancement for gateways with multiple external interfaces.
+* `perform_anti_spoofing` - (Optional) Perform Anti-Spoofing on Office Mode addresses.
+* `anti_spoofing_additional_addresses` - (Optional) Additional IP Addresses for Anti-Spoofing.
+Identified by name or UID.
+Must be set when "perform-anti-spoofings" is true.
+
+
+`remote_access` supports the following:
+
+* `support_l2tp` - (Optional) Support L2TP (relevant only when office mode is active).
+* `l2tp_auth_method` - (Optional) L2TP Authentication Method.
+Must be set when "support-l2tp" is true.
+* `l2tp_certificate` - (Optional) L2TP Certificate.
+Must be set when "l2tp-auth-method" was selected to be "certificate".
+Insert "defaultCert" when you want to use the default certificate.
+* `allow_vpn_clients_to_route_traffic` - (Optional) Allow VPN clients to route traffic.
+* `support_nat_traversal_mechanism` - (Optional) Support NAT traversal mechanism (UDP encapsulation).
+* `nat_traversal_service` - (Optional) Allocated NAT traversal UDP service. Identified by name or UID.
+Must be set when "support-nat-traversal-mechanism" is true.
+* `support_visitor_mode` - (Optional) Support Visitor Mode.
+* `visitor_mode_service` - (Optional) TCP Service for Visitor Mode. Identified by name or UID.
+Must be set when "support-visitor-mode" is true.
+* `visitor_mode_interface` - (Optional) Interface for Visitor Mode.
+Must be set when "support-visitor-mode" is true.
+Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+
+
+`use_early_versions` supports the following:
+
+* `enabled` - (Optional) Use early versions compatibility mode.
+* `compatibility_mode` - (Optional) Early versions compatibility mode.
+
+
+`purge_sam_file` supports the following:
+
+* `enabled` - (Optional) Purge SAM File.
+* `purge_when_size_reaches_to` - (Optional) Purge SAM File When it Reaches to.
+
+
+`website_categorization` supports the following:
+
+* `mode` - (Optional) Website categorization mode.
+* `custom_mode` - (Optional) Custom mode object.custom_mode blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - (Optional) Authentication method.
+* `identity_provider` - (Optional) Identity provider object identified by the name or UID. Must be set when "authentication-method" was selected to be "identity provider".identity_provider blocks are documented below.
+* `radius` - (Optional) Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`browser_based_authentication_portal_settings` supports the following:
+
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - (Optional) Authentication method.
+* `radius` - (Optional) Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`identity_agent_portal_settings` supports the following:
+
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authorized_clients` supports the following:
+
+* `client` - (Optional) Host / Network Group Name or UID.
+* `client_secret` - (Optional) Client Secret.
+
+
+`authentication_settings` supports the following:
+
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`client_access_permissions` supports the following:
+
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`anti_spoofing_settings` supports the following:
+
+* `action` - (Optional) If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - (Optional) Don't check packets from excluded network.
+* `excluded_network_name` - (Optional) Excluded network name.
+* `excluded_network_uid` - (Optional) Excluded network UID.
+* `spoof_tracking` - (Optional) Spoof tracking.
+
+
+`security_zone_settings` supports the following:
+
+* `auto_calculated` - (Optional) Security Zone is calculated according to where the interface leads to.
+* `specific_zone` - (Optional) Security Zone specified manually.
+
+
+`topology_settings` supports the following:
+
+* `interface_leads_to_dmz` - (Optional) Whether this interface leads to demilitarized zone (perimeter network).
+* `specific_network` - (Optional) Network behind this interface.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
`allocate_ip_address_from` supports the following:
-* `radius_server` - (Optional) Radius server used to authenticate the user.
-* `use_allocate_method` - (Optional) Use Allocate Method.
-* `allocate_method` - (Optional) Using either Manual (IP Pool) or Automatic (DHCP). Must be set when "use-allocate-method" is true.
-* `manual_network` - (Optional) Manual Network. Identified by name. Must be set when "allocate-method" was selected to be "manual".
-* `dhcp_server` - (Optional) DHCP Server. Identified by name. Must be set when "allocate-method" was selected to be "automatic".
-* `virtual_ip_address` - (Optional) Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method" was selected to be "automatic".
-* `dhcp_mac_address` - (Optional) Calculated MAC address for DHCP allocation. Must be set when "allocate-method" was selected to be "automatic".
-* `optional_parameters` - (Optional) This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. optional_parameters blocks are documented below.
+
+* `radius_server` - (Optional) Radius server used to authenticate the user.
+* `use_allocate_method` - (Optional) Use Allocate Method.
+* `allocate_method` - (Optional) Using either Manual (IP Pool) or Automatic (DHCP).
+Must be set when "use-allocate-method" is true.
+* `manual_network` - (Optional) Manual Network. Identified by name or UID.
+Must be set when "allocate-method" was selected to be "manual".
+* `dhcp_server` - (Optional) DHCP Server. Identified by name or UID.
+Must be set when "allocate-method" was selected to be "automatic".
+* `virtual_ip_address` - (Optional) Virtual IPV4 address for DHCP server replies.
+Must be set when "allocate-method" was selected to be "automatic".
+* `dhcp_mac_address` - (Optional) Calculated MAC address for DHCP allocation.
+Must be set when "allocate-method" was selected to be "automatic".
+* `optional_parameters` - (Optional) This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data.optional_parameters blocks are documented below.
+
+
+`custom_mode` supports the following:
+
+* `social_networking_widgets` - (Optional) Social networking widgets mode.
+* `url_filtering` - (Optional) URL filtering mode.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
`optional_parameters` supports the following:
-* `use_primary_dns_server` - (Optional) Use Primary DNS Server.
-* `primary_dns_server` - (Optional) Primary DNS Server. Identified by name. Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
-* `use_first_backup_dns_server` - (Optional) Use First Backup DNS Server.
-* `first_backup_dns_server` - (Optional) First Backup DNS Server. Identified by name. Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
-* `use_second_backup_dns_server` - (Optional) Use Second Backup DNS Server.
-* `second_backup_dns_server` - (Optional) Second Backup DNS Server. Identified by name. Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
-* `dns_suffixes` - (Optional) DNS Suffixes.
-* `use_primary_wins_server` - (Optional) Use Primary WINS Server.
-* `primary_wins_server` - (Optional) Primary WINS Server. Identified by name. Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
-* `use_first_backup_wins_server` - (Optional) Use First Backup WINS Server.
-* `first_backup_wins_server` - (Optional) First Backup WINS Server. Identified by name. Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
-* `use_second_backup_wins_server` - (Optional) Use Second Backup WINS Server.
-* `second_backup_wins_server` - (Optional) Second Backup WINS Server. Identified by name. Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-* `ip_lease_duration` - (Optional) IP Lease Duration in Minutes. The value must be in the range 2-32767.
-`remote_access` supports the following:
-* `support_l2tp` - (Optional) Support L2TP (relevant only when office mode is active).
-* `l2tp_auth_method` - (Optional) L2TP Authentication Method. Must be set when "support-l2tp" is true.
-* `l2tp_certificate` - (Optional) L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be "certificate". Insert "defaultCert" when you want to use the default certificate.
-* `allow_vpn_clients_to_route_traffic` - (Optional) Allow VPN clients to route traffic.
-* `support_nat_traversal_mechanism` - (Optional) Support NAT traversal mechanism (UDP encapsulation).
-* `nat_traversal_service` - (Optional) Allocated NAT traversal UDP service. Identified by name. Must be set when "support-nat-traversal-mechanism" is true.
-* `support_visitor_mode` - (Optional) Support Visitor Mode.
-* `visitor_mode_service` - (Optional) TCP Service for Visitor Mode. Identified by name. Must be set when "support-visitor-mode" is true.
-* `visitor_mode_interface` - (Optional) Interface for Visitor Mode. Must be set when "support-visitor-mode" is true. Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
\ No newline at end of file
+* `use_primary_dns_server` - (Optional) Use Primary DNS Server.
+* `primary_dns_server` - (Optional) Primary DNS Server. Identified by name or UID.
+Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
+* `use_first_backup_dns_server` - (Optional) Use First Backup DNS Server.
+* `first_backup_dns_server` - (Optional) First Backup DNS Server. Identified by name or UID.
+Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
+* `use_second_backup_dns_server` - (Optional) Use Second Backup DNS Server.
+* `second_backup_dns_server` - (Optional) Second Backup DNS Server. Identified by name or UID.
+Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
+* `dns_suffixes` - (Optional) DNS Suffixes.
+* `use_primary_wins_server` - (Optional) Use Primary WINS Server.
+* `primary_wins_server` - (Optional) Primary WINS Server. Identified by name or UID.
+Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
+* `use_first_backup_wins_server` - (Optional) Use First Backup WINS Server.
+* `first_backup_wins_server` - (Optional) First Backup WINS Server. Identified by name or UID.
+Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
+* `use_second_backup_wins_server` - (Optional) Use Second Backup WINS Server.
+* `second_backup_wins_server` - (Optional) Second Backup WINS Server. Identified by name or UID.
+Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
diff --git a/website/docs/r/checkpoint_management_simple_gateway.html.markdown b/website/docs/r/checkpoint_management_simple_gateway.html.markdown
index 276e5d27..34a3be14 100644
--- a/website/docs/r/checkpoint_management_simple_gateway.html.markdown
+++ b/website/docs/r/checkpoint_management_simple_gateway.html.markdown
@@ -6,7 +6,7 @@ description: |-
This resource allows you to execute Check Point Simple Gateway.
---
-# Resource: checkpoint_management_simple_gateway
+# checkpoint_management_simple_gateway
This resource allows you to execute Check Point Simple Gateway.
@@ -14,11 +14,9 @@ This resource allows you to execute Check Point Simple Gateway.
```hcl
-resource "checkpoint_management_simple_gateway" "gateway" {
- name = "mygateway"
- ipv4_address = "1.2.3.4"
- version = "R81"
- send_logs_to_server = ["mylogserver"]
+resource "checkpoint_management_simple_gateway" "example" {
+ name = "gw1"
+ ipv4_address = "192.0.2.1"
}
```
@@ -27,143 +25,171 @@ resource "checkpoint_management_simple_gateway" "gateway" {
The following arguments are supported:
* `name` - (Required) Object name.
-* `ipv4_address` - (Optional) IPv4 address.
-* `ipv6_address` - (Optional) IPv6 address.
-* `interfaces` - (Optional) Gateway interfaces. interfaces blocks are documented below.
+* `advanced_settings` - (Optional) N/Aadvanced_settings blocks are documented below.
* `anti_bot` - (Optional) Anti-Bot blade enabled.
* `anti_virus` - (Optional) Anti-Virus blade enabled.
-* `application_control` - (Optional) Application Control blade enabled.
-* `content_awareness` - (Optional) Content Awareness blade enabled.
-* `icap_server` - (Optional) ICAP Server enabled.
-* `ips` - (Optional) Intrusion Prevention System blade enabled.
-* `threat_emulation` - (Optional) Threat Emulation blade enabled.
-* `threat_extraction` - (Optional) Threat Extraction blade enabled.
-* `url_filtering` - (Optional) URL Filtering blade enabled.
-* `firewall` - (Optional) Firewall blade enabled.
-* `firewall_settings` - (Optional) Firewall settings. firewall_settings blocks are documented below.
-* `vpn` - (Optional) VPN blade enabled.
-* `vpn_settings` - (Optional) Gateway VPN settings. vpn_settings blocks are documented below.
-* `dynamic_ip` - (Computed) Dynamic IP address.
-* `version` - (Optional) Gateway platform version.
-* `os_name` - (Optional) Operating system name.
-* `hardware` - (Computed) Gateway platform hardware name.
-* `one_time_password` - (Optional) Secure internal connection one time password.
-* `sic_name` - (Computed) Secure Internal Communication name.
-* `sic_state` - (Computed) Secure Internal Communication state.
-* `save_logs_locally` - (Optional) Enable save logs locally.
-* `send_alerts_to_server` - (Optional) Collection of Server(s) to send alerts to identified by the name.
-* `send_logs_to_backup_server` - (Optional) Collection of Backup server(s) to send logs to identified by the name.
-* `send_logs_to_server` - (Optional) Collection of Server(s) to send logs to identified by the name.
-* `logs_settings` - (Optional) Logs settings. logs_settings blocks are documented below.
-* `color` - (Optional) Color of the object.
+* `application_control` - (Optional) Application Control blade enabled.
+* `application_control_and_url_filtering_settings` - (Optional) Gateway Application Control and URL filtering settings.application_control_and_url_filtering_settings blocks are documented below.
+* `content_awareness` - (Optional) Content Awareness blade enabled.
+* `enable_https_inspection` - (Optional) Enable HTTPS Inspection after defining an outbound inspection certificate.
To define the outbound certificate use outbound inspection certificate API.
+* `fetch_policy` - (Optional) Security management server(s) to fetch the policy from.fetch_policy blocks are documented below.
+* `firewall` - (Optional) Firewall blade enabled.
+* `firewall_settings` - (Optional) N/Afirewall_settings blocks are documented below.
+* `hit_count` - (Optional) Hit count tracks the number of connections each rule matches.
+* `https_inspection` - (Optional) HTTPS inspection.https_inspection blocks are documented below.
+* `icap_server` - (Optional) ICAP Server enabled.
+* `identity_awareness` - (Optional) Identity awareness blade enabled.
+* `identity_awareness_settings` - (Optional) Gateway Identity Awareness settings.identity_awareness_settings blocks are documented below.
+* `interfaces` - (Optional) Network interfaces.interfaces blocks are documented below.
+* `ipv4_address` - (Optional) IPv4 address.
+* `ipv6_address` - (Optional) IPv6 address.
+* `ips` - (Optional) Intrusion Prevention System blade enabled.
+* `ips_update_policy` - (Optional) Specifies whether the IPS will be downloaded from the Management or directly to the Gateway.
+* `nat_hide_internal_interfaces` - (Optional) Hide internal networks behind the Gateway's external IP.
+* `nat_settings` - (Optional) NAT settings.nat_settings blocks are documented below.
+* `one_time_password` - (Optional) N/A
+* `os_name` - (Optional) Gateway platform operating system.
+* `platform_portal_settings` - (Optional) Platform portal settings.platform_portal_settings blocks are documented below.
+* `proxy_settings` - (Optional) Proxy Server for Gateway.proxy_settings blocks are documented below.
+* `qos` - (Optional) QoS.
+* `save_logs_locally` - (Optional) Save logs locally on the gateway.
+* `send_alerts_to_server` - (Optional) Server(s) to send alerts to.send_alerts_to_server blocks are documented below.
+* `send_logs_to_backup_server` - (Optional) Backup server(s) to send logs to.send_logs_to_backup_server blocks are documented below.
+* `send_logs_to_server` - (Optional) Server(s) to send logs to.send_logs_to_server blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `threat_emulation` - (Optional) Threat Emulation blade enabled.
+* `threat_extraction` - (Optional) Threat Extraction blade enabled.
+* `threat_prevention_mode` - (Optional) The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed.
+* `url_filtering` - (Optional) URL Filtering blade enabled.
+* `usercheck_portal_settings` - (Optional) UserCheck portal settings.usercheck_portal_settings blocks are documented below.
+* `version` - (Optional) Gateway platform version.
+* `vpn` - (Optional) VPN blade enabled.
+* `vpn_settings` - (Optional) Gateway VPN settings.vpn_settings blocks are documented below.
+* `zero_phishing` - (Optional) Zero Phishing blade enabled.
+* `zero_phishing_fqdn` - (Optional) Zero Phishing gateway FQDN.
+* `logs_settings` - (Optional) Logs settings that apply to Quantum Security Gateways that run Gaia OS.logs_settings blocks are documented below.
+* `show_portals_certificate` - (Optional) Indicates whether to show the portals certificate value in the reply.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
* `comments` - (Optional) Comments string.
-* `tags` - (Optional) Collection of tags identified by name.
-* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `groups` - (Optional) Collection of group identifiers.groups blocks are documented below.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+
+
+`advanced_settings` supports the following:
+
+* `connection_persistence` - (Optional) Handling established connections when installing a new policy.
+* `sam` - (Optional) SAM.sam blocks are documented below.
+
+
+`application_control_and_url_filtering_settings` supports the following:
+
+* `global_settings_mode` - (Optional) Whether to override global settings or not.
+* `override_global_settings` - (Optional) override global settings object.override_global_settings blocks are documented below.
+
+
+`firewall_settings` supports the following:
+
+* `auto_calculate_connections_hash_table_size_and_memory_pool` - (Optional) N/A
+* `auto_maximum_limit_for_concurrent_connections` - (Optional) N/A
+* `connections_hash_size` - (Optional) N/A
+* `maximum_limit_for_concurrent_connections` - (Optional) N/A
+* `maximum_memory_pool_size` - (Optional) N/A
+* `memory_pool_size` - (Optional) N/A
+
+
+`https_inspection` supports the following:
+
+* `bypass_on_failure` - (Optional) Set to be true in order to bypass all requests (Fail-open) in case of internal system error.bypass_on_failure blocks are documented below.
+* `site_categorization_allow_mode` - (Optional) Set to 'background' in order to allowed requests until categorization is complete.site_categorization_allow_mode blocks are documented below.
+* `deny_untrusted_server_cert` - (Optional) Set to be true in order to drop traffic from servers with untrusted server certificate.deny_untrusted_server_cert blocks are documented below.
+* `deny_revoked_server_cert` - (Optional) Set to be true in order to drop traffic from servers with revoked server certificate (validate CRL).deny_revoked_server_cert blocks are documented below.
+* `deny_expired_server_cert` - (Optional) Set to be true in order to drop traffic from servers with expired server certificate.deny_expired_server_cert blocks are documented below.
+
+
+`identity_awareness_settings` supports the following:
+
+* `browser_based_authentication` - (Optional) Enable Browser Based Authentication source.
+* `browser_based_authentication_settings` - (Optional) Browser Based Authentication settings.browser_based_authentication_settings blocks are documented below.
+* `identity_agent` - (Optional) Enable Identity Agent source.
+* `identity_agent_settings` - (Optional) Identity Agent settings.identity_agent_settings blocks are documented below.
+* `identity_collector` - (Optional) Enable Identity Collector source.
+* `identity_collector_settings` - (Optional) Identity Collector settings.identity_collector_settings blocks are documented below.
+* `identity_sharing_settings` - (Optional) Identity sharing settings.identity_sharing_settings blocks are documented below.
+* `proxy_settings` - (Optional) Identity-Awareness Proxy settings.proxy_settings blocks are documented below.
+* `remote_access` - (Optional) Enable Remote Access Identity source.
+
`interfaces` supports the following:
-* `name` - (Optional) Interface name.
+
+* `name` - (Optional) Object name. Must be unique in the domain.
* `ipv4_address` - (Optional) IPv4 address.
* `ipv6_address` - (Optional) IPv6 address.
-* `ipv4_network_mask` - (Optional) IPv4 network address.
-* `ipv6_network_mask` - (Optional) IPv6 network address.
-* `ipv4_mask_length` - (Optional) IPv4 network mask length.
-* `ipv6_mask_length` - (Optional) IPv6 network mask length.
-* `anti_spoofing` - (Optional) Anti spoofing.
-* `anti_spoofing_settings` - (Optional) Anti spoofing settings. anti_spoofing_settings blocks are documented below.
-* `security_zone` - (Optional) Security zone.
-* `security_zone_settings` - (Optional) Security zone settings. security_zone_settings blocks are documented below.
-* `topology` - (Optional) Topology.
-* `topology_settings` - (Optional) Topology settings. topology_settings blocks are documented below.
-* `topology_automatic_calculation` - (Computed) Shows the automatic topology calculation..
+* `network_mask` - (Optional) IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
+* `ipv4_network_mask` - (Optional) IPv4 network address.
+* `ipv6_network_mask` - (Optional) IPv6 network address.
+* `ipv4_mask_length` - (Optional) IPv4 network mask length.
+* `ipv6_mask_length` - (Optional) IPv6 network mask length.
+* `anti_spoofing` - (Optional) N/A
+* `anti_spoofing_settings` - (Optional) N/Aanti_spoofing_settings blocks are documented below.
+* `security_zone` - (Optional) N/A
+* `security_zone_settings` - (Optional) N/Asecurity_zone_settings blocks are documented below.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `topology` - (Optional) N/A
+* `topology_settings` - (Optional) N/Atopology_settings blocks are documented below.
* `color` - (Optional) Color of the object. Should be one of existing colors.
* `comments` - (Optional) Comments string.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
-`anti_spoofing_settings` supports the following:
-* `action` - (Optional) If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
-`security_zone_settings` supports the following:
-* `auto_calculated` - (Optional) Security Zone is calculated according to where the interface leads to.
-* `specific_zone` - (Optional) Security Zone specified manually.
+`nat_settings` supports the following:
-`topology_settings` supports the following:
-* `interface_leads_to_dmz` - (Optional) Whether this interface leads to demilitarized zone (perimeter network).
-* `ip_address_behind_this_interface` - (Optional) Ip address behind this interface.
-* `specific_network` - (Optional) Network behind this interface.
+* `auto_rule` - (Optional) Whether to add automatic address translation rules.
+* `ipv4_address` - (Optional) IPv4 address.
+* `ipv6_address` - (Optional) IPv6 address.
+* `hide_behind` - (Optional) Hide behind method. This parameter is forbidden in case "method" parameter is "static".
+* `install_on` - (Optional) Which gateway should apply the NAT translation.
+* `method` - (Optional) NAT translation method.
-`firewall_settings` supports the following:
-* `auto_calculate_connections_hash_table_size_and_memory_pool` - (Optional) Auto calculate connections hash table size and memory pool.
-* `auto_maximum_limit_for_concurrent_connections` - (Optional) Auto maximum limit for concurrent connections.
-* `connections_hash_size` - (Optional) Connections hash size.
-* `maximum_limit_for_concurrent_connections` - (Optional) Maximum limit for concurrent connections.
-* `maximum_memory_pool_size` - (Optional) Maximum memory pool size.
-* `memory_pool_size` - (Optional) Memory pool size.
-`vpn_settings` supports the following:
-* `authentication` - (Optional) authentication blocks are documented below.
-* `link_selection` - (Optional) Link selection blocks are documented below.
-* `maximum_concurrent_ike_negotiations` - (Optional) Maximum concurrent ike negotiations.
-* `maximum_concurrent_tunnels` - (Optional) Maximum concurrent tunnels.
-* `office_mode` - (Optional) Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. office_mode blocks are documented below.
-* `remote_access` - (Optional) remote_access blocks are documented below.
-* `vpn_domain` - (Optional) Gateway VPN domain identified by the name.
-* `vpn_domain_type` - (Optional) Gateway VPN domain type.
+`platform_portal_settings` supports the following:
-`authentication` supports the following:
-* `authentication_clients` - (Optional) Collection of VPN Authentication clients identified by the name.
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
-`link_selection` supports the following:
-* `ip_selection` - (Optional) IP selection.
-* `dns_resolving_hostname` - (Optional) DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
-* `ip_address` - (Optional) IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip".
-`office_mode` supports the following:
-* `mode` - (Optional) Office Mode Permissions. When selected to be "off", all the other definitions are irrelevant.
-* `group` - (Optional) Group. Identified by name. Must be set when "office-mode-permissions" was selected to be "group".
-* `allocate_ip_address_from` - (Optional) Allocate IP address Method. Allocate IP address by sequentially trying the given methods until success. allocate_ip_address_from blocks are documented below.
-* `support_multiple_interfaces` - (Optional) Support connectivity enhancement for gateways with multiple external interfaces.
-* `perform_anti_spoofing` - (Optional) Perform Anti-Spoofing on Office Mode addresses.
-* `anti_spoofing_additional_addresses` - (Optional) Additional IP Addresses for Anti-Spoofing. Identified by name. Must be set when "perform-anti-spoofings" is true.
+`proxy_settings` supports the following:
-`allocate_ip_address_from` supports the following:
-* `radius_server` - (Optional) Radius server used to authenticate the user.
-* `use_allocate_method` - (Optional) Use Allocate Method.
-* `allocate_method` - (Optional) Using either Manual (IP Pool) or Automatic (DHCP). Must be set when "use-allocate-method" is true.
-* `manual_network` - (Optional) Manual Network. Identified by name. Must be set when "allocate-method" was selected to be "manual".
-* `dhcp_server` - (Optional) DHCP Server. Identified by name. Must be set when "allocate-method" was selected to be "automatic".
-* `virtual_ip_address` - (Optional) Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method" was selected to be "automatic".
-* `dhcp_mac_address` - (Optional) Calculated MAC address for DHCP allocation. Must be set when "allocate-method" was selected to be "automatic".
-* `optional_parameters` - (Optional) This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. optional_parameters blocks are documented below.
+* `use_custom_proxy` - (Optional) Use custom proxy settings for this network object.
+* `proxy_server` - (Optional) N/A
+* `port` - (Optional) N/A
-`optional_parameters` supports the following:
-* `use_primary_dns_server` - (Optional) Use Primary DNS Server.
-* `primary_dns_server` - (Optional) Primary DNS Server. Identified by name. Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
-* `use_first_backup_dns_server` - (Optional) Use First Backup DNS Server.
-* `first_backup_dns_server` - (Optional) First Backup DNS Server. Identified by name. Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
-* `use_second_backup_dns_server` - (Optional) Use Second Backup DNS Server.
-* `second_backup_dns_server` - (Optional) Second Backup DNS Server. Identified by name. Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
-* `dns_suffixes` - (Optional) DNS Suffixes.
-* `use_primary_wins_server` - (Optional) Use Primary WINS Server.
-* `primary_wins_server` - (Optional) Primary WINS Server. Identified by name. Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
-* `use_first_backup_wins_server` - (Optional) Use First Backup WINS Server.
-* `first_backup_wins_server` - (Optional) First Backup WINS Server. Identified by name. Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
-* `use_second_backup_wins_server` - (Optional) Use Second Backup WINS Server.
-* `second_backup_wins_server` - (Optional) Second Backup WINS Server. Identified by name. Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
-* `ip_lease_duration` - (Optional) IP Lease Duration in Minutes. The value must be in the range 2-32767.
-`remote_access` supports the following:
-* `support_l2tp` - (Optional) Support L2TP (relevant only when office mode is active).
-* `l2tp_auth_method` - (Optional) L2TP Authentication Method. Must be set when "support-l2tp" is true.
-* `l2tp_certificate` - (Optional) L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be "certificate". Insert "defaultCert" when you want to use the default certificate.
-* `allow_vpn_clients_to_route_traffic` - (Optional) Allow VPN clients to route traffic.
-* `support_nat_traversal_mechanism` - (Optional) Support NAT traversal mechanism (UDP encapsulation).
-* `nat_traversal_service` - (Optional) Allocated NAT traversal UDP service. Identified by name. Must be set when "support-nat-traversal-mechanism" is true.
-* `support_visitor_mode` - (Optional) Support Visitor Mode.
-* `visitor_mode_service` - (Optional) TCP Service for Visitor Mode. Identified by name. Must be set when "support-visitor-mode" is true.
-* `visitor_mode_interface` - (Optional) Interface for Visitor Mode. Must be set when "support-visitor-mode" is true. Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+`usercheck_portal_settings` supports the following:
+
+* `enabled` - (Optional) State of the web portal (enabled or disabled). The supported blades are: {'Application Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`vpn_settings` supports the following:
+
+* `authentication` - (Optional) Authentication.authentication blocks are documented below.
+* `link_selection` - (Optional) Link Selection.link_selection blocks are documented below.
+* `maximum_concurrent_ike_negotiations` - (Optional) N/A
+* `maximum_concurrent_tunnels` - (Optional) N/A
+* `office_mode` - (Optional) Office Mode.
+Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients.office_mode blocks are documented below.
+* `remote_access` - (Optional) Remote Access.remote_access blocks are documented below.
+* `vpn_domain` - (Optional) Gateway VPN domain identified by the name or UID.
+* `vpn_domain_exclude_external_ip_addresses` - (Optional) Exclude the external IP addresses from the VPN domain of this Security Gateway.
+* `vpn_domain_type` - (Optional) Gateway VPN domain type.
+
`logs_settings` supports the following:
-* `alert_when_free_disk_space_below` - (Optional) Enable alert when free disk space is below threshold.
-* `alert_when_free_disk_space_below_metrics` - (Optional) Free disk space metrics.
+
+* `alert_when_free_disk_space_below` - (Optional) Enable alert when free disk space is below threshold.
* `alert_when_free_disk_space_below_threshold` - (Optional) Alert when free disk space below threshold.
* `alert_when_free_disk_space_below_type` - (Optional) Alert when free disk space below type.
* `before_delete_keep_logs_from_the_last_days` - (Optional) Enable before delete keep logs from the last days.
@@ -172,21 +198,402 @@ The following arguments are supported:
* `before_delete_run_script_command` - (Optional) Before delete run script command.
* `delete_index_files_older_than_days` - (Optional) Enable delete index files older than days.
* `delete_index_files_older_than_days_threshold` - (Optional) Delete index files older than days threshold.
-* `delete_index_files_when_index_size_above` - (Optional) Enable delete index files when index size is above.
-* `delete_index_files_when_index_size_above_threshold` - (Optional) Delete index files when index size is above threshold.
+* `delete_index_files_when_index_size_above` - (Optional) Enable delete index files when index size above.
+* `delete_index_files_when_index_size_above_threshold` - (Optional) Delete index files when index size above threshold.
* `delete_when_free_disk_space_below` - (Optional) Enable delete when free disk space below.
* `delete_when_free_disk_space_below_threshold` - (Optional) Delete when free disk space below threshold.
-* `detect_new_citrix_ica_application_names` - (Optional) Enable detect new citrix ica application names.
-* `enable_log_indexing` - (Optional) Enable log indexing.
-* `forward_logs_to_log_server` - (Optional) Enable forward logs to log server.
-* `perform_log_rotate_before_log_forwarding` - (Optional) Enable perform log rotate before log forwarding.
-* `reject_connections_when_free_disk_space_below_threshold` - (Optional) Enable reject connections when free disk space below threshold.
-* `reserve_for_packet_capture_metrics` - (Optional) Reserve for packet capture metrics.
-* `reserve_for_packet_capture_threshold` - (Optional) Reserve for packet capture threshold.
+* `detect_new_citrix_ica_application_names` - (Optional) Enable detect new Citrix ICA application names.
+* `distribute_logs_between_all_active_servers` - (Optional) Distribute logs between all active servers.
+* `forward_logs_to_log_server` - (Optional) Enable forward logs to log server.
+* `forward_logs_to_log_server_name` - (Optional) Forward logs to log server name.
+* `forward_logs_to_log_server_schedule_name` - (Optional) Forward logs to log server schedule name.
+* `free_disk_space_metrics` - (Optional) Free disk space metrics.
+* `perform_log_rotate_before_log_forwarding` - (Optional) Enable perform log rotate before log forwarding.
+* `reject_connections_when_free_disk_space_below_threshold` - (Optional) Enable reject connections when free disk space below threshold.
+* `reserve_for_packet_capture_metrics` - (Optional) Reserve for packet capture metrics.
+* `reserve_for_packet_capture_threshold` - (Optional) Reserve for packet capture threshold.
* `rotate_log_by_file_size` - (Optional) Enable rotate log by file size.
* `rotate_log_file_size_threshold` - (Optional) Log file size threshold.
-* `rotate_log_on_schedule` - (Optional) Enable rotate log on schedule.
+* `rotate_log_on_schedule` - (Optional) Enable rotate log on schedule.
+* `rotate_log_schedule_name` - (Optional) Rotate log schedule name.
* `stop_logging_when_free_disk_space_below` - (Optional) Enable stop logging when free disk space below.
* `stop_logging_when_free_disk_space_below_threshold` - (Optional) Stop logging when free disk space below threshold.
-* `turn_on_qos_logging` - (Optional) Enable turn on qos loggig.
-* `update_account_log_every` - (Optional) Update account log in every amount of seconds.
+* `turn_on_qos_logging` - (Optional) Enable turn on QoS Logging.
+* `update_account_log_every` - (Optional) Update account log in every amount of seconds.
+
+
+`sam` supports the following:
+
+* `forward_to_other_sam_servers` - (Optional) Forward SAM clients' requests to other SAM servers.
+* `use_early_versions` - (Optional) Use early versions compatibility mode.use_early_versions blocks are documented below.
+* `purge_sam_file` - (Optional) Purge SAM File.purge_sam_file blocks are documented below.
+
+
+`override_global_settings` supports the following:
+
+* `fail_mode` - (Optional) Fail mode - allow or block all requests.
+* `website_categorization` - (Optional) Website categorization object.website_categorization blocks are documented below.
+
+
+`bypass_on_failure` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`site_categorization_allow_mode` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_untrusted_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_revoked_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`deny_expired_server_cert` supports the following:
+
+* `override_profile` - (Optional) Override profile of global configuration.
+* `value` - (Optional) Override value.
Required only for 'override-profile' is True.
+
+
+`browser_based_authentication_settings` supports the following:
+
+* `authentication_settings` - (Optional) Authentication Settings for Browser Based Authentication.authentication_settings blocks are documented below.
+* `browser_based_authentication_portal_settings` - (Optional) Browser Based Authentication portal settings.browser_based_authentication_portal_settings blocks are documented below.
+
+
+`identity_agent_settings` supports the following:
+
+* `agents_interval_keepalive` - (Optional) Agents send keepalive period (minutes).
+* `user_reauthenticate_interval` - (Optional) Agent reauthenticate time interval (minutes).
+* `authentication_settings` - (Optional) Authentication Settings for Identity Agent.authentication_settings blocks are documented below.
+* `identity_agent_portal_settings` - (Optional) Identity Agent accessibility settings.identity_agent_portal_settings blocks are documented below.
+
+
+`identity_collector_settings` supports the following:
+
+* `authorized_clients` - (Optional) Authorized Clients.authorized_clients blocks are documented below.
+* `authentication_settings` - (Optional) Authentication Settings for Identity Collector.authentication_settings blocks are documented below.
+* `client_access_permissions` - (Optional) Identity Collector accessibility settings.client_access_permissions blocks are documented below.
+
+
+`identity_sharing_settings` supports the following:
+
+* `share_with_other_gateways` - (Optional) Enable identity sharing with other gateways.
+* `receive_from_other_gateways` - (Optional) Enable receiving identity from other gateways.
+* `receive_from` - (Optional) Gateway(s) to receive identity from.receive_from blocks are documented below.
+
+
+`proxy_settings` supports the following:
+
+* `detect_using_x_forward_for` - (Optional) Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
+
+
+`anti_spoofing_settings` supports the following:
+
+* `action` - (Optional) If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+* `exclude_packets` - (Optional) Don't check packets from excluded network.
+* `excluded_network_name` - (Optional) Excluded network name.
+* `excluded_network_uid` - (Optional) Excluded network UID.
+* `spoof_tracking` - (Optional) Spoof tracking.
+
+
+`security_zone_settings` supports the following:
+
+* `auto_calculated` - (Optional) Security Zone is calculated according to where the interface leads to.
+* `specific_zone` - (Optional) Security Zone specified manually.
+
+
+`topology_settings` supports the following:
+
+* `interface_leads_to_dmz` - (Optional) Whether this interface leads to demilitarized zone (perimeter network).
+* `specific_network` - (Optional) Network behind this interface.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`authentication` supports the following:
+
+* `authentication_clients` - (Optional) Collection of VPN Authentication clients identified by the name or UID.authentication_clients blocks are documented below.
+
+
+`link_selection` supports the following:
+
+* `dns_resolving_hostname` - (Optional) DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
+
+
+`office_mode` supports the following:
+
+* `mode` - (Optional) Office Mode Permissions.
+When selected to be "off", all the other definitions are irrelevant.
+* `group` - (Optional) Group. Identified by name or UID.
+Must be set when "office-mode-permissions" was selected to be "group".
+* `allocate_ip_address_from` - (Optional) Allocate IP address Method.
+Allocate IP address by sequentially trying the given methods until success.allocate_ip_address_from blocks are documented below.
+* `support_multiple_interfaces` - (Optional) Support connectivity enhancement for gateways with multiple external interfaces.
+* `perform_anti_spoofing` - (Optional) Perform Anti-Spoofing on Office Mode addresses.
+* `anti_spoofing_additional_addresses` - (Optional) Additional IP Addresses for Anti-Spoofing.
+Identified by name or UID.
+Must be set when "perform-anti-spoofings" is true.
+
+
+`remote_access` supports the following:
+
+* `support_l2tp` - (Optional) Support L2TP (relevant only when office mode is active).
+* `l2tp_auth_method` - (Optional) L2TP Authentication Method.
+Must be set when "support-l2tp" is true.
+* `l2tp_certificate` - (Optional) L2TP Certificate.
+Must be set when "l2tp-auth-method" was selected to be "certificate".
+Insert "defaultCert" when you want to use the default certificate.
+* `allow_vpn_clients_to_route_traffic` - (Optional) Allow VPN clients to route traffic.
+* `support_nat_traversal_mechanism` - (Optional) Support NAT traversal mechanism (UDP encapsulation).
+* `nat_traversal_service` - (Optional) Allocated NAT traversal UDP service. Identified by name or UID.
+Must be set when "support-nat-traversal-mechanism" is true.
+* `support_visitor_mode` - (Optional) Support Visitor Mode.
+* `visitor_mode_service` - (Optional) TCP Service for Visitor Mode. Identified by name or UID.
+Must be set when "support-visitor-mode" is true.
+* `visitor_mode_interface` - (Optional) Interface for Visitor Mode.
+Must be set when "support-visitor-mode" is true.
+Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+
+
+`use_early_versions` supports the following:
+
+* `enabled` - (Optional) Use early versions compatibility mode.
+* `compatibility_mode` - (Optional) Early versions compatibility mode.
+
+
+`purge_sam_file` supports the following:
+
+* `enabled` - (Optional) Purge SAM File.
+* `purge_when_size_reaches_to` - (Optional) Purge SAM File When it Reaches to.
+
+
+`website_categorization` supports the following:
+
+* `mode` - (Optional) Website categorization mode.
+* `custom_mode` - (Optional) Custom mode object.custom_mode blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - (Optional) Authentication method.
+* `identity_provider` - (Optional) Identity provider object identified by the name or UID. Must be set when "authentication-method" was selected to be "identity provider".identity_provider blocks are documented below.
+* `radius` - (Optional) Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`browser_based_authentication_portal_settings` supports the following:
+
+* `portal_web_settings` - (Optional) Configuration of the portal web settings.portal_web_settings blocks are documented below.
+* `certificate_settings` - (Optional) Configuration of the portal certificate settings.certificate_settings blocks are documented below.
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authentication_settings` supports the following:
+
+* `authentication_method` - (Optional) Authentication method.
+* `radius` - (Optional) Radius server object identified by the name or UID. Must be set when "authentication-method" was selected to be "radius".
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`identity_agent_portal_settings` supports the following:
+
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`authorized_clients` supports the following:
+
+* `client` - (Optional) Host / Network Group Name or UID.
+* `client_secret` - (Optional) Client Secret.
+
+
+`authentication_settings` supports the following:
+
+* `users_directories` - (Optional) Users directories.users_directories blocks are documented below.
+
+
+`client_access_permissions` supports the following:
+
+* `accessibility` - (Optional) Configuration of the portal access settings.accessibility blocks are documented below.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`allocate_ip_address_from` supports the following:
+
+* `radius_server` - (Optional) Radius server used to authenticate the user.
+* `use_allocate_method` - (Optional) Use Allocate Method.
+* `allocate_method` - (Optional) Using either Manual (IP Pool) or Automatic (DHCP).
+Must be set when "use-allocate-method" is true.
+* `manual_network` - (Optional) Manual Network. Identified by name or UID.
+Must be set when "allocate-method" was selected to be "manual".
+* `dhcp_server` - (Optional) DHCP Server. Identified by name or UID.
+Must be set when "allocate-method" was selected to be "automatic".
+* `virtual_ip_address` - (Optional) Virtual IPV4 address for DHCP server replies.
+Must be set when "allocate-method" was selected to be "automatic".
+* `dhcp_mac_address` - (Optional) Calculated MAC address for DHCP allocation.
+Must be set when "allocate-method" was selected to be "automatic".
+* `optional_parameters` - (Optional) This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data.optional_parameters blocks are documented below.
+
+
+`custom_mode` supports the following:
+
+* `social_networking_widgets` - (Optional) Social networking widgets mode.
+* `url_filtering` - (Optional) URL filtering mode.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`portal_web_settings` supports the following:
+
+* `aliases` - (Optional) List of URL aliases that are redirected to the main portal URL.aliases blocks are documented below.
+* `main_url` - (Optional) The main URL for the web portal.
+
+
+`certificate_settings` supports the following:
+
+* `base64_certificate` - (Optional) The certificate file encoded in Base64 with padding.
+This file must be in the *.p12 format.
+* `base64_password` - (Optional) Password (encoded in Base64 with padding) for the certificate file.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`users_directories` supports the following:
+
+* `external_user_profile` - (Optional) External user profile.
+* `internal_users` - (Optional) Internal users.
+* `users_from_external_directories` - (Optional) Users from external directories.
+* `specific` - (Optional) LDAP AU objects identified by the name or UID. Must be set when "users-from-external-directories" was selected to be "specific".specific blocks are documented below.
+
+
+`accessibility` supports the following:
+
+* `allow_access_from` - (Optional) Allowed access to the web portal (based on interfaces, or security policy).
+* `internal_access_settings` - (Optional) Configuration of the additional portal access settings for internal interfaces only.internal_access_settings blocks are documented below.
+
+
+`optional_parameters` supports the following:
+
+* `use_primary_dns_server` - (Optional) Use Primary DNS Server.
+* `primary_dns_server` - (Optional) Primary DNS Server. Identified by name or UID.
+Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
+* `use_first_backup_dns_server` - (Optional) Use First Backup DNS Server.
+* `first_backup_dns_server` - (Optional) First Backup DNS Server. Identified by name or UID.
+Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
+* `use_second_backup_dns_server` - (Optional) Use Second Backup DNS Server.
+* `second_backup_dns_server` - (Optional) Second Backup DNS Server. Identified by name or UID.
+Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
+* `dns_suffixes` - (Optional) DNS Suffixes.
+* `use_primary_wins_server` - (Optional) Use Primary WINS Server.
+* `primary_wins_server` - (Optional) Primary WINS Server. Identified by name or UID.
+Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
+* `use_first_backup_wins_server` - (Optional) Use First Backup WINS Server.
+* `first_backup_wins_server` - (Optional) First Backup WINS Server. Identified by name or UID.
+Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
+* `use_second_backup_wins_server` - (Optional) Use Second Backup WINS Server.
+* `second_backup_wins_server` - (Optional) Second Backup WINS Server. Identified by name or UID.
+Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+
+
+`internal_access_settings` supports the following:
+
+* `undefined` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+* `dmz` - (Optional) Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+* `vpn` - (Optional) Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
diff --git a/website/docs/r/checkpoint_management_threat_layer.html.markdown b/website/docs/r/checkpoint_management_threat_layer.html.markdown
new file mode 100644
index 00000000..3e08c0d4
--- /dev/null
+++ b/website/docs/r/checkpoint_management_threat_layer.html.markdown
@@ -0,0 +1,32 @@
+---
+layout: "checkpoint"
+page_title: "checkpoint_management_threat_layer"
+sidebar_current: "docs-checkpoint-resource-checkpoint-management-threat-layer"
+description: |-
+This resource allows you to add/update/delete Check Point Threat Layer.
+---
+
+# Resource: checkpoint_management_threat_layer
+
+This resource allows you to add/update/delete Check Point Threat Layer.
+
+## Example Usage
+
+
+```hcl
+resource "checkpoint_management_threat_layer" "example" {
+ name = "New Layer 1"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Object name.
+* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below.
+* `color` - (Optional) Color of the object. Should be one of existing colors.
+* `comments` - (Optional) Comments string.
+* `ignore_warnings` - (Optional) Apply changes ignoring warnings.
+* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+* `add_default_rule` - (Optional) Indicates whether to include a default rule in the new layer.