import * as outputs from "../types/output";
export interface GetConstAlarmsConstAlarm {
    /**
     * Description of the alarm type
     */
    display: string;
    /**
     * Group to which the alarm belongs
     */
    group: string;
    /**
     * Key name of the alarm type
     */
    key: string;
    /**
     * Severity of the alarm
     */
    severity: string;
}
export interface GetConstAppCategoriesConstAppCategory {
    /**
     * Description of the app category
     */
    display: string;
    filters: outputs.GetConstAppCategoriesConstAppCategoryFilters;
    /**
     * List of other App Categories contained by this one
     */
    includes: string[];
    /**
     * Key name of the app category
     */
    key: string;
}
export interface GetConstAppCategoriesConstAppCategoryFilters {
    srxes: string[];
    ssrs: string[];
}
export interface GetConstAppSubCategoriesConstAppSubCategory {
    /**
     * Description of the app subcategory
     */
    display: string;
    /**
     * Key name of the app subcategory
     */
    key: string;
    /**
     * Type of traffic (QoS) of the app subcategory
     */
    trafficType: string;
}
export interface GetConstApplicationsConstApplication {
    appId: boolean;
    appImageUrl: string;
    appProbe: boolean;
    category: string;
    group: string;
    key: string;
    name: string;
    signatureBased: boolean;
    ssrAppId: boolean;
}
export interface GetConstCountriesConstCountry {
    /**
     * Country code, in two-character
     */
    alpha2: string;
    certified: boolean;
    name: string;
    /**
     * Country code, ISO 3166-1 numeric
     */
    numeric: number;
}
export interface GetConstTrafficTypesConstTrafficType {
    display: string;
    dscp: number;
    failoverPolicy: string;
    maxJitter: number;
    maxLatency: number;
    maxLoss: number;
    name: string;
    trafficClass: string;
}
export interface GetConstWebhooksConstWebhook {
    /**
     * supports single event per message results
     */
    allowsSingleEventPerMessage: boolean;
    /**
     * Can be used in org webhooks, optional
     */
    forOrg: boolean;
    /**
     * Supports webhook delivery results /api/v1/:scope/:scope*id/webhooks/:webhook*id/events/search
     */
    hasDeliveryResults: boolean;
    /**
     * Internal topic (not selectable in site/org webhooks)
     */
    internal: boolean;
    /**
     * Webhook topic name
     */
    key: string;
}
export interface GetSitesSite {
    /**
     * full address of the site
     */
    address: string;
    /**
     * Alarm Template ID, this takes precedence over the Org-level alarmtemplate_id
     */
    alarmtemplateId: string;
    /**
     * AP Template ID, used by APs
     */
    aptemplateId: string;
    /**
     * country code for the site (for AP config generation), in two-character
     */
    countryCode: string;
    createdTime: number;
    /**
     * Gateway Template ID, used by gateways
     */
    gatewaytemplateId: string;
    id: string;
    latlng: outputs.GetSitesSiteLatlng;
    modifiedTime: number;
    name: string;
    /**
     * Network Template ID, this takes precedence over Site Settings
     */
    networktemplateId: string;
    /**
     * optional, any notes about the site
     */
    notes: string;
    orgId: string;
    /**
     * RF Template ID, this takes precedence over Site Settings
     */
    rftemplateId: string;
    /**
     * SecPolicy ID
     */
    secpolicyId: string;
    /**
     * sitegroups this site belongs to
     */
    sitegroupIds: string[];
    /**
     * Site Template ID
     */
    sitetemplateId: string;
    /**
     * Timezone the site is at
     */
    timezone: string;
}
export interface GetSitesSiteLatlng {
    lat: number;
    lng: number;
}
export interface UpgradeDeviceFwupdate {
    progress: number;
    /**
     * enum: `inprogress`, `failed`, `upgraded`
     */
    status: string;
    statusId: number;
    /**
     * Epoch (seconds)
     */
    timestamp: number;
    willRetry: boolean;
}
export declare namespace device {
    interface ApAeroscout {
        /**
         * Whether to enable aeroscout config
         */
        enabled: boolean;
        /**
         * Required if enabled, aeroscout server host
         */
        host: string;
        /**
         * Whether to enable the feature to allow wireless clients data received and sent to AES server for location calculation
         */
        locateConnected: boolean;
        port: number;
    }
    interface ApBleConfig {
        /**
         * Whether Mist beacons is enabled
         */
        beaconEnabled: boolean;
        /**
         * Required if `beaconRateMode`==`custom`, 1-10, in number-beacons-per-second
         */
        beaconRate?: number;
        /**
         * enum: `custom`, `default`
         */
        beaconRateMode?: string;
        /**
         * List of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam)
         */
        beamDisableds?: number[];
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send custom packet
         */
        customBlePacketEnabled?: boolean;
        /**
         * The custom frame to be sent out in this beacon. The frame must be a hexstring
         */
        customBlePacketFrame?: string;
        /**
         * Frequency (msec) of data emitted by custom ble beacon
         */
        customBlePacketFreqMsec?: number;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUidAdvPower?: number;
        eddystoneUidBeams?: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-UID beacon is enabled
         */
        eddystoneUidEnabled?: boolean;
        /**
         * Frequency (msec) of data emmit by Eddystone-UID beacon
         */
        eddystoneUidFreqMsec?: number;
        /**
         * Eddystone-UID instance for the device
         */
        eddystoneUidInstance?: string;
        /**
         * Eddystone-UID namespace
         */
        eddystoneUidNamespace?: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUrlAdvPower?: number;
        eddystoneUrlBeams?: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-URL beacon is enabled
         */
        eddystoneUrlEnabled?: boolean;
        /**
         * Frequency (msec) of data emit by Eddystone-UID beacon
         */
        eddystoneUrlFreqMsec?: number;
        /**
         * URL pointed by Eddystone-URL beacon
         */
        eddystoneUrlUrl?: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        ibeaconAdvPower?: number;
        ibeaconBeams?: string;
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send iBeacon
         */
        ibeaconEnabled?: boolean;
        /**
         * Frequency (msec) of data emmit for iBeacon
         */
        ibeaconFreqMsec?: number;
        /**
         * Major number for iBeacon
         */
        ibeaconMajor?: number;
        /**
         * Minor number for iBeacon
         */
        ibeaconMinor?: number;
        /**
         * Optional, if not specified, the same UUID as the beacon will be used
         */
        ibeaconUuid?: string;
        /**
         * Required if `powerMode`==`custom`; else use `powerMode` as default
         */
        power?: number;
        /**
         * enum: `custom`, `default`
         */
        powerMode?: string;
    }
    interface ApCentrak {
        enabled: boolean;
    }
    interface ApClientBridge {
        auth?: outputs.device.ApClientBridgeAuth;
        /**
         * When acted as client bridge:
         *   * only 5G radio can be used
         *   * will not serve as AP on any radios
         */
        enabled: boolean;
        ssid?: string;
    }
    interface ApClientBridgeAuth {
        psk?: string;
        /**
         * wpa2-AES/CCMPp is assumed when `type`==`psk`. enum: `open`, `psk`
         */
        type: string;
    }
    interface ApEslConfig {
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        cacert?: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        channel?: number;
        /**
         * usb_config is ignored if eslConfig enabled
         */
        enabled: boolean;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        host: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        port?: number;
        /**
         * note: bleConfig will be ignored if eslConfig is enabled and with native mode. enum: `hanshow`, `imagotag`, `native`, `solum`
         */
        type: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        verifyCert?: boolean;
        /**
         * Only if `type`==`solum` or `type`==`hanshow`
         */
        vlanId: number;
    }
    interface ApIpConfig {
        /**
         * If `type`==`static`
         */
        dns: string[];
        /**
         * Required if `type`==`static`
         */
        dnsSuffixes: string[];
        /**
         * Required if `type`==`static`
         */
        gateway?: string;
        gateway6?: string;
        /**
         * Required if `type`==`static`
         */
        ip?: string;
        ip6?: string;
        mtu: number;
        /**
         * Required if `type`==`static`
         */
        netmask?: string;
        netmask6?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * enum: `autoconf`, `dhcp`, `disabled`, `static`
         */
        type6?: string;
        /**
         * Management VLAN id, default is 1 (untagged)
         */
        vlanId?: number;
    }
    interface ApLacpConfig {
        enabled: boolean;
    }
    interface ApLed {
        brightness: number;
        enabled: boolean;
    }
    interface ApMesh {
        /**
         * List of bands that the mesh should apply to. For relay, the first viable one will be picked. For relay, the first viable one will be picked. enum: `24`, `5`, `6`
         */
        bands?: string[];
        /**
         * Whether mesh is enabled on this AP
         */
        enabled: boolean;
        /**
         * Mesh group, base AP(s) will only allow remote AP(s) in the same mesh group to join, 1-9, optional
         */
        group?: number;
        /**
         * enum: `base`, `remote`
         */
        role?: string;
    }
    interface ApPwrConfig {
        /**
         * Additional power to request during negotiating with PSE over PoE, in mW
         */
        base: number;
        /**
         * Whether to enable power out to peripheral, meanwhile will reduce power to Wi-Fi (only for AP45 at power mode)
         */
        preferUsbOverWifi: boolean;
    }
    interface ApRadioConfig {
        allowRrmDisable?: boolean;
        /**
         * Antenna gain for 2.4G - for models with external antenna only
         */
        antGain24?: number;
        /**
         * Antenna gain for 5G - for models with external antenna only
         */
        antGain5?: number;
        /**
         * Antenna gain for 6G - for models with external antenna only
         */
        antGain6?: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * Radio Band AP settings
         */
        band24?: outputs.device.ApRadioConfigBand24;
        /**
         * enum: `24`, `5`, `6`, `auto`
         */
        band24Usage?: string;
        /**
         * Radio Band AP settings
         */
        band5?: outputs.device.ApRadioConfigBand5;
        /**
         * Radio Band AP settings
         */
        band5On24Radio?: outputs.device.ApRadioConfigBand5On24Radio;
        /**
         * Radio Band AP settings
         */
        band6?: outputs.device.ApRadioConfigBand6;
        /**
         * To make an outdoor operate indoor. For an outdoor-ap, some channels are disallowed by default, this allows the user to use it as an indoor-ap
         */
        indoorUse?: boolean;
        /**
         * Whether scanning radio is enabled
         */
        scanningEnabled?: boolean;
    }
    interface ApRadioConfigBand24 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 2.4GHz band. enum: `20`, `40`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface ApRadioConfigBand5 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface ApRadioConfigBand5On24Radio {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface ApRadioConfigBand6 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 6GHz band. enum: `20`, `40`, `80`, `160`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
        /**
         * For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed
         */
        standardPower: boolean;
    }
    interface ApUplinkPortConfig {
        /**
         * Whether to do 802.1x against uplink switch. When enabled, AP cert will be used to do EAP-TLS and the Org's CA Cert has to be provisioned at the switch
         */
        dot1x: boolean;
        /**
         * By default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons.
         */
        keepWlansUpIfDown?: boolean;
    }
    interface ApUsbConfig {
        /**
         * Only if `type`==`imagotag`
         */
        cacert: string;
        /**
         * Only if `type`==`imagotag`, channel selection, not needed by default, required for manual channel override only
         */
        channel?: number;
        /**
         * Whether to enable any usb config
         */
        enabled?: boolean;
        /**
         * Only if `type`==`imagotag`
         */
        host: string;
        /**
         * Only if `type`==`imagotag`
         */
        port?: number;
        /**
         * usb config type. enum: `hanshow`, `imagotag`, `solum`
         */
        type?: string;
        /**
         * Only if `type`==`imagotag`, whether to turn on SSL verification
         */
        verifyCert?: boolean;
        /**
         * Only if `type`==`solum` or `type`==`hanshow`
         */
        vlanId?: number;
    }
    interface BaseLatlng {
        lat: number;
        lng: number;
    }
    interface GatewayBgpConfig {
        authKey?: string;
        /**
         * When bfdMultiplier is configured alone. Default:
         *   * 1000 if `type`==`external`
         *   * 350 `type`==`internal`
         */
        bfdMinimumInterval: number;
        /**
         * When bfdMinimumIntervalIsConfigured alone
         */
        bfdMultiplier: number;
        /**
         * BFD provides faster path failure detection and is enabled by default
         */
        disableBfd: boolean;
        export?: string;
        /**
         * Default export policies if no per-neighbor policies defined
         */
        exportPolicy?: string;
        /**
         * By default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
         */
        extendedV4Nexthop?: boolean;
        /**
         * `0` means disable
         */
        gracefulRestartTime: number;
        holdTime: number;
        import?: string;
        /**
         * Default import policies if no per-neighbor policies defined
         */
        importPolicy?: string;
        /**
         * Local AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        localAs?: string;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
        /**
         * If per-neighbor as is desired. Property key is the neighbor address
         */
        neighbors?: {
            [key: string]: outputs.device.GatewayBgpConfigNeighbors;
        };
        /**
         * If `type`!=`external`or `via`==`wan`networks where we expect BGP neighbor to connect to/from
         */
        networks: string[];
        noPrivateAs: boolean;
        /**
         * By default, we'll re-advertise all learned BGP routers toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * If `type`==`tunnel`
         */
        tunnelName?: string;
        /**
         * enum: `external`, `internal`
         */
        type?: string;
        /**
         * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
         */
        via: string;
        vpnName?: string;
        /**
         * If `via`==`wan`
         */
        wanName?: string;
    }
    interface GatewayBgpConfigNeighbors {
        /**
         * If true, the BGP session to this neighbor will be administratively disabled/shutdown
         */
        disabled: boolean;
        exportPolicy?: string;
        holdTime: number;
        importPolicy?: string;
        /**
         * Assuming BGP neighbor is directly connected
         */
        multihopTtl?: number;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
    }
    interface GatewayClusterNode {
        /**
         * Gateway MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
         */
        mac: string;
    }
    interface GatewayDhcpdConfig {
        /**
         * Property key is the network name
         */
        config?: {
            [key: string]: outputs.device.GatewayDhcpdConfigConfig;
        };
        /**
         * If set to `false`, disable the DHCP server
         */
        enabled: boolean;
    }
    interface GatewayDhcpdConfigConfig {
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsServers: string[];
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsSuffixes: string[];
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
         */
        fixedBindings?: {
            [key: string]: outputs.device.GatewayDhcpdConfigConfigFixedBindings;
        };
        /**
         * If `type`==`local` - optional, `ip` will be used if not provided
         */
        gateway?: string;
        /**
         * If `type`==`local`
         */
        ipEnd?: string;
        /**
         * If `type6`==`local`
         */
        ipEnd6?: string;
        /**
         * If `type`==`local`
         */
        ipStart?: string;
        /**
         * If `type6`==`local`
         */
        ipStart6?: string;
        /**
         * In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
         */
        leaseTime: number;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the DHCP option number
         */
        options?: {
            [key: string]: outputs.device.GatewayDhcpdConfigConfigOptions;
        };
        /**
         * `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
         * should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
         */
        serverIdOverride: boolean;
        /**
         * If `type`==`relay`
         */
        servers: string[];
        /**
         * If `type6`==`relay`
         */
        servers6s: string[];
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type: string;
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type6: string;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is <enterprise number>:<sub option code>, with
         *   * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
         *   * sub option code: 1-255, sub-option code
         */
        vendorEncapsulated?: {
            [key: string]: outputs.device.GatewayDhcpdConfigConfigVendorEncapsulated;
        };
    }
    interface GatewayDhcpdConfigConfigFixedBindings {
        ip: string;
        name?: string;
    }
    interface GatewayDhcpdConfigConfigOptions {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface GatewayDhcpdConfigConfigVendorEncapsulated {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface GatewayExtraRoutes {
        via: string;
    }
    interface GatewayExtraRoutes6 {
        via: string;
    }
    interface GatewayIdpProfiles {
        /**
         * enum: `critical`, `standard`, `strict`
         */
        baseProfile?: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id?: string;
        name?: string;
        orgId?: string;
        overwrites?: outputs.device.GatewayIdpProfilesOverwrite[];
    }
    interface GatewayIdpProfilesOverwrite {
        /**
         * enum:
         *   * alert (default)
         *   * drop: silently dropping packets
         *   * close: notify client/server to close connection
         */
        action: string;
        matching?: outputs.device.GatewayIdpProfilesOverwriteMatching;
        name?: string;
    }
    interface GatewayIdpProfilesOverwriteMatching {
        attackNames?: string[];
        dstSubnets?: string[];
        severities?: string[];
    }
    interface GatewayIpConfigs {
        ip?: string;
        netmask?: string;
        /**
         * Optional list of secondary IPs in CIDR format
         */
        secondaryIps: string[];
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface GatewayNetwork {
        /**
         * Whether to disallow Mist Devices in the network
         */
        disallowMistServices: boolean;
        gateway?: string;
        gateway6?: string;
        internalAccess?: outputs.device.GatewayNetworkInternalAccess;
        /**
         * Whether this network has direct internet access
         */
        internetAccess?: outputs.device.GatewayNetworkInternetAccess;
        /**
         * Whether to allow clients in the network to talk to each other
         */
        isolation?: boolean;
        /**
         * Whether to enable multicast support (only PIM-sparse mode is supported)
         */
        multicast?: outputs.device.GatewayNetworkMulticast;
        name: string;
        /**
         * For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
         */
        routedForNetworks?: string[];
        subnet: string;
        subnet6?: string;
        /**
         * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
         */
        tenants?: {
            [key: string]: outputs.device.GatewayNetworkTenants;
        };
        vlanId?: string;
        /**
         * Property key is the VPN name. Whether this network can be accessed from vpn
         */
        vpnAccess?: {
            [key: string]: outputs.device.GatewayNetworkVpnAccess;
        };
    }
    interface GatewayNetworkInternalAccess {
        enabled?: boolean;
    }
    interface GatewayNetworkInternetAccess {
        createSimpleServicePolicy: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.device.GatewayNetworkInternetAccessDestinationNat;
        };
        enabled?: boolean;
        /**
         * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
         */
        restricted: boolean;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat?: {
            [key: string]: outputs.device.GatewayNetworkInternetAccessStaticNat;
        };
    }
    interface GatewayNetworkInternetAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        /**
         * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
         */
        port?: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
         */
        wanName?: string;
    }
    interface GatewayNetworkInternetAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
         */
        wanName?: string;
    }
    interface GatewayNetworkMulticast {
        /**
         * If the network will only be the source of the multicast traffic, IGMP can be disabled
         */
        disableIgmp: boolean;
        enabled: boolean;
        /**
         * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
         */
        groups?: {
            [key: string]: outputs.device.GatewayNetworkMulticastGroups;
        };
    }
    interface GatewayNetworkMulticastGroups {
        /**
         * RP (rendezvous point) IP Address
         */
        rpIp?: string;
    }
    interface GatewayNetworkTenants {
        addresses?: string[];
    }
    interface GatewayNetworkVpnAccess {
        /**
         * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
         */
        advertisedSubnet?: string;
        /**
         * Whether to allow ping from vpn into this routed network
         */
        allowPing?: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.device.GatewayNetworkVpnAccessDestinationNat;
        };
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
         */
        natPool?: string;
        /**
         * toward LAN-side BGP peers
         */
        noReadvertiseToLanBgp: boolean;
        /**
         * toward LAN-side OSPF peers
         */
        noReadvertiseToLanOspf: boolean;
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        noReadvertiseToOverlay?: boolean;
        /**
         * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
         */
        otherVrfs: string[];
        /**
         * Whether this network is routable
         */
        routed?: boolean;
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
         */
        sourceNat: outputs.device.GatewayNetworkVpnAccessSourceNat;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.device.GatewayNetworkVpnAccessStaticNat;
        };
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        summarizedSubnet?: string;
        /**
         * toward LAN-side BGP peers
         */
        summarizedSubnetToLanBgp?: string;
        /**
         * toward LAN-side OSPF peers
         */
        summarizedSubnetToLanOspf?: string;
    }
    interface GatewayNetworkVpnAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        port?: string;
    }
    interface GatewayNetworkVpnAccessSourceNat {
        externalIp?: string;
    }
    interface GatewayNetworkVpnAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
    }
    interface GatewayOobIpConfig {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        /**
         * If `type`==`static`
         */
        ip?: string;
        /**
         * If `type`==`static`
         */
        netmask?: string;
        /**
         * For HA Cluster, node1 can have different IP Config
         */
        node1: outputs.device.GatewayOobIpConfigNode1;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface GatewayOobIpConfigNode1 {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`
         */
        netmask?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * Whether to use `mgmtJunos` for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface GatewayPathPreferences {
        paths?: outputs.device.GatewayPathPreferencesPath[];
        /**
         * enum: `ecmp`, `ordered`, `weighted`
         */
        strategy: string;
    }
    interface GatewayPathPreferencesPath {
        cost?: number;
        /**
         * For SSR Only. `true`, if this specific path is undesired
         */
        disabled?: boolean;
        /**
         * Only if `type`==`local`, if a different gateway is desired
         */
        gatewayIp?: string;
        /**
         * Only if `type`==`vpn`, if this vpn path can be used for internet
         */
        internetAccess?: boolean;
        /**
         * Required when
         *   * `type`==`vpn`: the name of the VPN Path to use
         *   * `type`==`wan`: the name of the WAN interface to use
         */
        name?: string;
        /**
         * Required when `type`==`local`
         */
        networks: string[];
        /**
         * If `type`==`local`, if destination IP is to be replaced
         */
        targetIps: string[];
        /**
         * enum: `local`, `tunnel`, `vpn`, `wan`
         */
        type?: string;
        /**
         * Optional if `type`==`vpn`
         */
        wanName?: string;
    }
    interface GatewayPortConfig {
        /**
         * If `aggregated`==`true`. To disable LCP support for the AE interface
         */
        aeDisableLacp: boolean;
        /**
         * If `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127)
         */
        aeIdx?: string;
        /**
         * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
         */
        aeLacpForceUp: boolean;
        aggregated: boolean;
        /**
         * To generate port up/down alarm, set it to true
         */
        critical: boolean;
        /**
         * Interface Description. Can be a variable (i.e. "{{myvar}}")
         */
        description?: string;
        disableAutoneg: boolean;
        /**
         * Port admin up (true) / down (false)
         */
        disabled: boolean;
        /**
         * if `wanType`==`dsl`. enum: `adsl`, `vdsl`
         */
        dslType: string;
        /**
         * If `wanType`==`dsl`, 16 bit int
         */
        dslVci: number;
        /**
         * If `wanType`==`dsl`, 8 bit int
         */
        dslVpi: number;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Junos IP Config
         */
        ipConfig?: outputs.device.GatewayPortConfigIpConfig;
        /**
         * If `wanType`==`lte`
         */
        lteApn?: string;
        /**
         * if `wanType`==`lte`. enum: `chap`, `none`, `pap`
         */
        lteAuth: string;
        lteBackup?: boolean;
        /**
         * If `wanType`==`lte`
         */
        ltePassword?: string;
        /**
         * If `wanType`==`lte`
         */
        lteUsername?: string;
        mtu?: number;
        /**
         * Name that we'll use to derive config
         */
        name?: string;
        /**
         * if `usage`==`lan`, name of the `junipermist.org.Network` resource
         */
        networks: string[];
        /**
         * For Q-in-Q
         */
        outerVlanId?: number;
        poeDisabled: boolean;
        /**
         * Only for SRX and if `usage`==`lan`, the name of the Network to be used as the Untagged VLAN
         */
        portNetwork?: string;
        /**
         * Whether to preserve dscp when sending traffic over VPN (SSR-only)
         */
        preserveDscp: boolean;
        /**
         * If HA mode
         */
        redundant?: boolean;
        /**
         * If HA mode, SRX Only - support redundancy-group. 1-128 for physical SRX, 1-64 for virtual SRX
         */
        redundantGroup?: number;
        /**
         * For SRX only and if HA Mode
         */
        rethIdx?: string;
        /**
         * If HA mode
         */
        rethNode?: string;
        /**
         * SSR only - supporting vlan-based redundancy (matching the size of `networks`)
         */
        rethNodes: string[];
        speed: string;
        /**
         * When SSR is running as VM, this is required on certain hosting platforms
         */
        ssrNoVirtualMac: boolean;
        /**
         * For SSR only
         */
        svrPortRange: string;
        trafficShaping?: outputs.device.GatewayPortConfigTrafficShaping;
        /**
         * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
         */
        usage: string;
        vlanId?: string;
        /**
         * Property key is the VPN name
         */
        vpnPaths?: {
            [key: string]: outputs.device.GatewayPortConfigVpnPaths;
        };
        /**
         * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
         */
        wanArpPolicer: string;
        /**
         * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
         */
        wanExtIp?: string;
        /**
         * Only if `usage`==`wan`. Property Key is the destination CIDR (e.g. "100.100.100.0/24")
         */
        wanExtraRoutes: {
            [key: string]: outputs.device.GatewayPortConfigWanExtraRoutes;
        };
        /**
         * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
         */
        wanNetworks: string[];
        /**
         * Only if `usage`==`wan`
         */
        wanProbeOverride?: outputs.device.GatewayPortConfigWanProbeOverride;
        /**
         * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
         */
        wanSourceNat?: outputs.device.GatewayPortConfigWanSourceNat;
        /**
         * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
         */
        wanType: string;
    }
    interface GatewayPortConfigIpConfig {
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dns?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dnsSuffixes?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
         */
        gateway?: string;
        /**
         * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
         */
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
         */
        netmask?: string;
        /**
         * Optional, the network to be used for mgmt
         */
        network?: string;
        /**
         * If `type`==`pppoe`
         */
        poserPassword?: string;
        /**
         * if `type`==`pppoe`. enum: `chap`, `none`, `pap`
         */
        pppoeAuth: string;
        /**
         * If `type`==`pppoe`
         */
        pppoeUsername?: string;
        /**
         * enum: `dhcp`, `pppoe`, `static`
         */
        type: string;
    }
    interface GatewayPortConfigTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface GatewayPortConfigVpnPaths {
        /**
         * Only if the VPN `type`==`hubSpoke`. enum: `broadband`, `lte`
         */
        bfdProfile: string;
        /**
         * Only if the VPN `type`==`hubSpoke`. Whether to use tunnel mode. SSR only
         */
        bfdUseTunnelMode: boolean;
        /**
         * Only if the VPN `type`==`hubSpoke`. For a given VPN, when `path_selection.strategy`==`simple`, the preference for a path (lower is preferred)
         */
        preference?: number;
        /**
         * If the VPN `type`==`hubSpoke`, enum: `hub`, `spoke`. If the VPN `type`==`mesh`, enum: `mesh`
         */
        role: string;
        trafficShaping?: outputs.device.GatewayPortConfigVpnPathsTrafficShaping;
    }
    interface GatewayPortConfigVpnPathsTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface GatewayPortConfigWanExtraRoutes {
        via?: string;
    }
    interface GatewayPortConfigWanProbeOverride {
        ips?: string[];
        /**
         * enum: `broadband`, `lte`
         */
        probeProfile: string;
    }
    interface GatewayPortConfigWanSourceNat {
        /**
         * Or to disable the source-nat
         */
        disabled: boolean;
        /**
         * If alternative natPool is desired
         */
        natPool?: string;
    }
    interface GatewayPortMirroring {
        portMirror?: outputs.device.GatewayPortMirroringPortMirror;
    }
    interface GatewayPortMirroringPortMirror {
        familyType?: string;
        ingressPortIds?: string[];
        outputPortId?: string;
        rate?: number;
        runLength?: number;
    }
    interface GatewayRoutingPolicies {
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        terms?: outputs.device.GatewayRoutingPoliciesTerm[];
    }
    interface GatewayRoutingPoliciesTerm {
        /**
         * When used as import policy
         */
        action?: outputs.device.GatewayRoutingPoliciesTermAction;
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        matching?: outputs.device.GatewayRoutingPoliciesTermMatching;
    }
    interface GatewayRoutingPoliciesTermAction {
        accept?: boolean;
        addCommunities?: string[];
        /**
         * For SSR, hub decides how VRF routes are leaked on spoke
         */
        addTargetVrfs?: string[];
        /**
         * When used as export policy, optional
         */
        communities?: string[];
        /**
         * When used as export policy, optional. To exclude certain AS
         */
        excludeAsPaths?: string[];
        excludeCommunities?: string[];
        /**
         * When used as export policy, optional
         */
        exportCommunities?: string[];
        /**
         * Optional, for an import policy, localPreference can be changed
         */
        localPreference?: string;
        /**
         * When used as export policy, optional. By default, the local AS will be prepended, to change it
         */
        prependAsPaths?: string[];
    }
    interface GatewayRoutingPoliciesTermMatching {
        /**
         * takes regular expression
         */
        asPaths?: string[];
        communities?: string[];
        networks?: string[];
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        prefixes?: string[];
        /**
         * `direct`, `bgp`, `osp`, `static`, `aggregate`...
         */
        protocols?: string[];
        routeExists?: outputs.device.GatewayRoutingPoliciesTermMatchingRouteExists;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn)
         */
        vpnNeighborMacs?: string[];
        vpnPathSla?: outputs.device.GatewayRoutingPoliciesTermMatchingVpnPathSla;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
         */
        vpnPaths?: string[];
    }
    interface GatewayRoutingPoliciesTermMatchingRouteExists {
        route?: string;
        /**
         * Name of the vrf instance, it can also be the name of the VPN or wan if they
         */
        vrfName: string;
    }
    interface GatewayRoutingPoliciesTermMatchingVpnPathSla {
        maxJitter?: number;
        maxLatency?: number;
        maxLoss?: number;
    }
    interface GatewayServicePolicy {
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
         */
        action?: string;
        /**
         * For SRX-only
         */
        antivirus?: outputs.device.GatewayServicePolicyAntivirus;
        /**
         * For SRX Only
         */
        appqoe?: outputs.device.GatewayServicePolicyAppqoe;
        ewfs?: outputs.device.GatewayServicePolicyEwf[];
        idp?: outputs.device.GatewayServicePolicyIdp;
        /**
         * access within the same VRF
         */
        localRouting?: boolean;
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
         */
        name?: string;
        /**
         * By default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
         */
        pathPreference?: string;
        /**
         * Used to link servicepolicy defined at org level and overwrite some attributes
         */
        servicepolicyId?: string;
        /**
         * Required when `servicepolicyId` is not defined. List of Applications / Destinations
         */
        services: string[];
        /**
         * For SRX-only
         */
        sslProxy?: outputs.device.GatewayServicePolicySslProxy;
        /**
         * Required when `servicepolicyId` is not defined. List of Networks / Users
         */
        tenants: string[];
    }
    interface GatewayServicePolicyAntivirus {
        /**
         * org-level AV Profile can be used, this takes precedence over 'profile'
         */
        avprofileId?: string;
        enabled: boolean;
        /**
         * Default / noftp / httponly / or keys from av_profiles
         */
        profile?: string;
    }
    interface GatewayServicePolicyAppqoe {
        enabled: boolean;
    }
    interface GatewayServicePolicyEwf {
        alertOnly?: boolean;
        blockMessage?: string;
        enabled: boolean;
        /**
         * enum: `critical`, `standard`, `strict`
         */
        profile: string;
    }
    interface GatewayServicePolicyIdp {
        alertOnly?: boolean;
        enabled: boolean;
        /**
         * org_level IDP Profile can be used, this takes precedence over `profile`
         */
        idpprofileId?: string;
        /**
         * enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles
         */
        profile: string;
    }
    interface GatewayServicePolicySslProxy {
        /**
         * enum: `medium`, `strong`, `weak`
         */
        ciphersCategory: string;
        enabled: boolean;
    }
    interface GatewayTunnelConfigs {
        autoProvision?: outputs.device.GatewayTunnelConfigsAutoProvision;
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ikeLifetime?: number;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
         */
        ikeMode: string;
        /**
         * If `provider`==`custom-ipsec`
         */
        ikeProposals?: outputs.device.GatewayTunnelConfigsIkeProposal[];
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ipsecLifetime?: number;
        /**
         * Only if  `provider`==`custom-ipsec`
         */
        ipsecProposals?: outputs.device.GatewayTunnelConfigsIpsecProposal[];
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        localId?: string;
        /**
         * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
         */
        mode: string;
        /**
         * If `provider`==`custom-ipsec`, networks reachable via this tunnel
         */
        networks: string[];
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        primary?: outputs.device.GatewayTunnelConfigsPrimary;
        /**
         * Only if `provider`==`custom-ipsec`
         */
        probe?: outputs.device.GatewayTunnelConfigsProbe;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
         */
        protocol?: string;
        /**
         * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `custom-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
         */
        provider?: string;
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        psk?: string;
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        secondary?: outputs.device.GatewayTunnelConfigsSecondary;
        /**
         * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
         */
        version: string;
    }
    interface GatewayTunnelConfigsAutoProvision {
        enable?: boolean;
        /**
         * API override for POP selection
         */
        latlng?: outputs.device.GatewayTunnelConfigsAutoProvisionLatlng;
        primary?: outputs.device.GatewayTunnelConfigsAutoProvisionPrimary;
        /**
         * enum: `jse-ipsec`, `zscaler-ipsec`
         */
        provider: string;
        /**
         * API override for POP selection
         */
        region?: string;
        secondary?: outputs.device.GatewayTunnelConfigsAutoProvisionSecondary;
    }
    interface GatewayTunnelConfigsAutoProvisionLatlng {
        lat: number;
        lng: number;
    }
    interface GatewayTunnelConfigsAutoProvisionPrimary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface GatewayTunnelConfigsAutoProvisionSecondary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface GatewayTunnelConfigsIkeProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface GatewayTunnelConfigsIpsecProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * Only if `provider`==`custom-ipsec`. enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface GatewayTunnelConfigsPrimary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface GatewayTunnelConfigsProbe {
        /**
         * How often to trigger the probe
         */
        interval?: number;
        /**
         * Number of consecutive misses before declaring the tunnel down
         */
        threshold?: number;
        /**
         * Time within which to complete the connectivity check
         */
        timeout?: number;
        /**
         * enum: `http`, `icmp`
         */
        type: string;
    }
    interface GatewayTunnelConfigsSecondary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface GatewayTunnelProviderOptions {
        /**
         * For jse-ipsec, this allows provisioning of adequate resource on JSE. Make sure adequate licenses are added
         */
        jse?: outputs.device.GatewayTunnelProviderOptionsJse;
        /**
         * For zscaler-ipsec and zscaler-gre
         */
        zscaler?: outputs.device.GatewayTunnelProviderOptionsZscaler;
    }
    interface GatewayTunnelProviderOptionsJse {
        numUsers?: number;
        /**
         * JSE Organization name
         */
        orgName?: string;
    }
    interface GatewayTunnelProviderOptionsZscaler {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to enforce user authentication
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
         */
        subLocations?: outputs.device.GatewayTunnelProviderOptionsZscalerSubLocation[];
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
        /**
         * Location uses proxy chaining to forward traffic
         */
        xffForwardEnabled?: boolean;
    }
    interface GatewayTunnelProviderOptionsZscalerSubLocation {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to authenticate users
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * Network name
         */
        name?: string;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
    }
    interface GatewayVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface GatewayVrfInstances {
        networks?: string[];
    }
    interface GetApStatsDeviceApStat {
        autoPlacement: outputs.device.GetApStatsDeviceApStatAutoPlacement;
        autoUpgradeStat: outputs.device.GetApStatsDeviceApStatAutoUpgradeStat;
        bleStat: outputs.device.GetApStatsDeviceApStatBleStat;
        certExpiry: number;
        configReverted: boolean;
        cpuSystem: number;
        cpuUtil: number;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        deviceprofileId: string;
        /**
         * Device environment, including CPU temperature, Ambient temperature, Humidity, Attitude, Pressure, Accelerometers, Magnetometers and vCore Voltage
         */
        envStat: outputs.device.GetApStatsDeviceApStatEnvStat;
        eslStat: outputs.device.GetApStatsDeviceApStatEslStat;
        extIp: string;
        fwupdate: outputs.device.GetApStatsDeviceApStatFwupdate;
        gps: outputs.device.GetApStatsDeviceApStatGps;
        hwRev: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        inactiveWiredVlans: number[];
        iotStat: {
            [key: string]: outputs.device.GetApStatsDeviceApStatIotStat;
        };
        ip: string;
        /**
         * IP AP settings
         */
        ipConfig: outputs.device.GetApStatsDeviceApStatIpConfig;
        ipStat: outputs.device.GetApStatsDeviceApStatIpStat;
        /**
         * L2TP tunnel status (key is the wxtunnel_id)
         */
        l2tpStat: {
            [key: string]: outputs.device.GetApStatsDeviceApStatL2tpStat;
        };
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        /**
         * Last trouble code of switch
         */
        lastTrouble: outputs.device.GetApStatsDeviceApStatLastTrouble;
        /**
         * LED AP settings
         */
        led: outputs.device.GetApStatsDeviceApStatLed;
        /**
         * LLDP Stat (neighbor information, power negotiations)
         */
        lldpStat: outputs.device.GetApStatsDeviceApStatLldpStat;
        locating: boolean;
        /**
         * Whether this AP is considered locked (placement / orientation has been vetted)
         */
        locked: boolean;
        /**
         * Device mac
         */
        mac: string;
        mapId: string;
        memUsedKb: number;
        /**
         * Property key is the mesh downlink id (e.g. `00000000-0000-0000-1000-5c5b35000010`)
         */
        meshDownlinks: {
            [key: string]: outputs.device.GetApStatsDeviceApStatMeshDownlinks;
        };
        meshUplink: outputs.device.GetApStatsDeviceApStatMeshUplink;
        /**
         * Device model
         */
        model: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        mount: string;
        name: string;
        notes: string;
        /**
         * How many wireless clients are currently connected
         */
        numClients: number;
        /**
         * How many WLANs are applied to the device
         */
        numWlans: number;
        orgId: string;
        /**
         * Property key is the port name (e.g. `eth0`)
         */
        portStat: {
            [key: string]: outputs.device.GetApStatsDeviceApStatPortStat;
        };
        /**
         * In mW, surplus if positive or deficit if negative
         */
        powerBudget: number;
        /**
         * Whether insufficient power
         */
        powerConstrained: boolean;
        /**
         * Constrained mode
         */
        powerOpmode: string;
        /**
         * DC Input / PoE 802.3at / PoE 802.3af / LLDP / ? (unknown)
         */
        powerSrc: string;
        radioStat: outputs.device.GetApStatsDeviceApStatRadioStat;
        /**
         * Rate of receiving traffic, bits/seconds, last known
         */
        rxBps: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Serial Number
         */
        serial: string;
        siteId: string;
        status: string;
        switchRedundancy: outputs.device.GetApStatsDeviceApStatSwitchRedundancy;
        /**
         * Rate of transmitting traffic, bits/seconds, last known
         */
        txBps: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        /**
         * How long, in seconds, has the device been up (or rebooted)
         */
        uptime: number;
        usbStat: outputs.device.GetApStatsDeviceApStatUsbStat;
        version: string;
        x: number;
        y: number;
    }
    interface GetApStatsDeviceApStatAutoPlacement {
        /**
         * Additional information about auto placements AP data
         */
        info: outputs.device.GetApStatsDeviceApStatAutoPlacementInfo;
        /**
         * Flag to represent if AP is recommended as an anchor by auto placement service
         */
        recommendedAnchor: boolean;
        /**
         * Basic Placement Status
         */
        status: string;
        /**
         * Additional info about placement status
         */
        statusDetail: string;
        /**
         * X Autoplaced Position in pixels
         */
        x: number;
        /**
         * X Autoplaced Position in meters
         */
        xM: number;
        /**
         * Y Autoplaced Position in pixels
         */
        y: number;
        /**
         * X Autoplaced Position in meters
         */
        yM: number;
    }
    interface GetApStatsDeviceApStatAutoPlacementInfo {
        /**
         * All APs sharing a given cluster number can be placed relative to each other
         */
        clusterNumber: number;
        /**
         * The orientation of an AP
         */
        orientationStats: number;
        /**
         * Coordinates representing a circle where the AP is most likely exists in the event of an inaccurate placement result
         */
        probabilitySurface: outputs.device.GetApStatsDeviceApStatAutoPlacementInfoProbabilitySurface;
    }
    interface GetApStatsDeviceApStatAutoPlacementInfoProbabilitySurface {
        /**
         * The radius representing placement uncertainty, measured in pixels
         */
        radius: number;
        /**
         * The radius representing placement uncertainty, measured in meters
         */
        radiusM: number;
        /**
         * Y-coordinate of the potential placement’s center, measured in pixels
         */
        x: number;
    }
    interface GetApStatsDeviceApStatAutoUpgradeStat {
        lastcheck: number;
    }
    interface GetApStatsDeviceApStatBleStat {
        beaconEnabled: boolean;
        beaconRate: number;
        eddystoneUidEnabled: boolean;
        eddystoneUidFreqMsec: number;
        eddystoneUidInstance: string;
        eddystoneUidNamespace: string;
        eddystoneUrlEnabled: boolean;
        /**
         * Frequency (msec) of data emmit by Eddystone-UID beacon
         */
        eddystoneUrlFreqMsec: number;
        eddystoneUrlUrl: string;
        ibeaconEnabled: boolean;
        ibeaconFreqMsec: number;
        ibeaconMajor: number;
        ibeaconMinor: number;
        ibeaconUuid: string;
        major: number;
        minors: number[];
        power: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        /**
         * Resets due to tx hung
         */
        txResets: number;
        uuid: string;
    }
    interface GetApStatsDeviceApStatEnvStat {
        accelX: number;
        accelY: number;
        accelZ: number;
        ambientTemp: number;
        attitude: number;
        cpuTemp: number;
        humidity: number;
        magneX: number;
        magneY: number;
        magneZ: number;
        pressure: number;
        vcoreVoltage: number;
    }
    interface GetApStatsDeviceApStatEslStat {
        channel: number;
        connected: boolean;
        type: string;
        up: boolean;
    }
    interface GetApStatsDeviceApStatFwupdate {
        progress: number;
        /**
         * enum: `inprogress`, `failed`, `upgraded`
         */
        status: string;
        statusId: number;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
        willRetry: boolean;
    }
    interface GetApStatsDeviceApStatGps {
        /**
         * The estimated accuracy or accuracy of the GPS coordinates, measured in meters.
         */
        accuracy: number;
        /**
         * The elevation of the AP above sea level, measured in meters.
         */
        altitude: number;
        /**
         * The geographic latitude of the AP, measured in degrees.
         */
        latitude: number;
        /**
         * The geographic longitude of the AP, measured in degrees.
         */
        longitude: number;
        /**
         * The origin of the GPS data. enum:
         *   * `gps`: from this device’s GPS estimates
         *   * `otherAp` from neighboring device GPS estimates
         */
        src: string;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
    }
    interface GetApStatsDeviceApStatIotStat {
        value: number;
    }
    interface GetApStatsDeviceApStatIpConfig {
        /**
         * If `type`==`static`
         */
        dns: string[];
        /**
         * Required if `type`==`static`
         */
        dnsSuffixes: string[];
        /**
         * Required if `type`==`static`
         */
        gateway: string;
        gateway6: string;
        /**
         * Required if `type`==`static`
         */
        ip: string;
        ip6: string;
        mtu: number;
        /**
         * Required if `type`==`static`
         */
        netmask: string;
        netmask6: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * enum: `autoconf`, `dhcp`, `disabled`, `static`
         */
        type6: string;
        /**
         * Management VLAN id, default is 1 (untagged)
         */
        vlanId: number;
    }
    interface GetApStatsDeviceApStatIpStat {
        dhcpServer: string;
        dns: string[];
        dnsSuffixes: string[];
        gateway: string;
        gateway6: string;
        ip: string;
        ip6: string;
        ips: {
            [key: string]: string;
        };
        netmask: string;
        netmask6: string;
    }
    interface GetApStatsDeviceApStatL2tpStat {
        /**
         * List of sessions
         */
        sessions: outputs.device.GetApStatsDeviceApStatL2tpStatSession[];
        /**
         * enum: `established`, `establishedWithSession`, `idle`, `wait-ctrl-conn`, `wait-ctrl-reply`
         */
        state: string;
        /**
         * Uptime
         */
        uptime: number;
        /**
         * WxlanTunnel ID
         */
        wxtunnelId: string;
    }
    interface GetApStatsDeviceApStatL2tpStatSession {
        /**
         * Remote sessions id (dynamically unless Tunnel is said to be static)
         */
        localSid: number;
        /**
         * WxlanTunnel Remote ID (user-configured)
         */
        remoteId: string;
        /**
         * Remote sessions id (dynamically unless Tunnel is said to be static)
         */
        remoteSid: number;
        /**
         * enum: `established`, `establishedWithSession`, `idle`, `wait-ctrl-conn`, `wait-ctrl-reply`
         */
        state: string;
    }
    interface GetApStatsDeviceApStatLastTrouble {
        /**
         * Code definitions list at List Ap Led Definition
         */
        code: string;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
    }
    interface GetApStatsDeviceApStatLed {
        brightness: number;
        enabled: boolean;
    }
    interface GetApStatsDeviceApStatLldpStat {
        chassisId: string;
        /**
         * Whether it support LLDP-MED
         */
        lldpMedSupported: boolean;
        /**
         * Switch’s management address (if advertised), can be IPv4, IPv6, or MAC
         */
        mgmtAddr: string;
        mgmtAddrs: string[];
        /**
         * ge-0/0/4
         */
        portDesc: string;
        portId: string;
        /**
         * In mW, provided/allocated by PSE
         */
        powerAllocated: number;
        /**
         * In mW, total power needed by PD
         */
        powerDraw: number;
        /**
         * Number of negotiations, if it keeps increasing, we don’ t have a stable power
         */
        powerRequestCount: number;
        /**
         * In mW, the current power requested by PD
         */
        powerRequested: number;
        /**
         * Description provided by switch
         */
        systemDesc: string;
        /**
         * Name of the switch
         */
        systemName: string;
    }
    interface GetApStatsDeviceApStatMeshDownlinks {
        band: string;
        channel: number;
        idleTime: number;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        proto: string;
        rssi: number;
        /**
         * Rate of receiving traffic, bits/seconds, last known
         */
        rxBps: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPackets: number;
        /**
         * RX Rate, Mbps
         */
        rxRate: number;
        /**
         * Amount of rx retries
         */
        rxRetries: number;
        siteId: string;
        snr: number;
        /**
         * Rate of transmitting traffic, bits/seconds, last known
         */
        txBps: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPackets: number;
        /**
         * TX Rate, Mbps
         */
        txRate: number;
        /**
         * Amount of tx retries
         */
        txRetries: number;
    }
    interface GetApStatsDeviceApStatMeshUplink {
        band: string;
        channel: number;
        idleTime: number;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        proto: string;
        rssi: number;
        /**
         * Rate of receiving traffic, bits/seconds, last known
         */
        rxBps: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPackets: number;
        /**
         * RX Rate, Mbps
         */
        rxRate: number;
        /**
         * Amount of rx retries
         */
        rxRetries: number;
        siteId: string;
        snr: number;
        /**
         * Rate of transmitting traffic, bits/seconds, last known
         */
        txBps: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPackets: number;
        /**
         * TX Rate, Mbps
         */
        txRate: number;
        /**
         * Amount of tx retries
         */
        txRetries: number;
        uplinkApId: string;
    }
    interface GetApStatsDeviceApStatPortStat {
        fullDuplex: boolean;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        rxErrors: number;
        rxPeakBps: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        speed: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        txPeakBps: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        up: boolean;
    }
    interface GetApStatsDeviceApStatRadioStat {
        /**
         * Radio stat
         */
        band24: outputs.device.GetApStatsDeviceApStatRadioStatBand24;
        /**
         * Radio stat
         */
        band5: outputs.device.GetApStatsDeviceApStatRadioStatBand5;
        /**
         * Radio stat
         */
        band6: outputs.device.GetApStatsDeviceApStatRadioStatBand6;
    }
    interface GetApStatsDeviceApStatRadioStatBand24 {
        /**
         * channel width for the band.enum: `20`, `40`, `80` (only applicable for band5 and band_6), `160` (only for band_6)
         */
        bandwidth: number;
        /**
         * Current channel the radio is running on
         */
        channel: number;
        /**
         * Use dynamic chaining for downlink
         */
        dynamicChainingEnabled: boolean;
        /**
         * Radio (base) mac, it can have 16 bssids (e.g. 5c5b350001a0-5c5b350001af)
         */
        mac: string;
        noiseFloor: number;
        numClients: number;
        /**
         * How many WLANs are applied to the radio
         */
        numWlans: number;
        /**
         * Transmit power (in dBm)
         */
        power: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        usage: string;
        /**
         * All utilization in percentage
         */
        utilAll: number;
        /**
         * Reception of "No Packets" utilization in percentage, received frames with invalid PLCPs and CRS glitches as noise
         */
        utilNonWifi: number;
        /**
         * Reception of "In BSS" utilization in percentage, only frames that are received from AP/STAs within the BSS
         */
        utilRxInBss: number;
        /**
         * Reception of "Other BSS" utilization in percentage, all frames received from AP/STAs that are outside the BSS
         */
        utilRxOtherBss: number;
        /**
         * Transmission utilization in percentage
         */
        utilTx: number;
        /**
         * Reception of "UnDecodable Wifi" utilization in percentage, only Preamble, PLCP header is decoded, Rest is undecodable in this radio
         */
        utilUndecodableWifi: number;
        /**
         * Reception of "No Category" utilization in percentage, all 802.11 frames that are corrupted at the receiver
         */
        utilUnknownWifi: number;
    }
    interface GetApStatsDeviceApStatRadioStatBand5 {
        /**
         * channel width for the band.enum: `20`, `40`, `80` (only applicable for band5 and band_6), `160` (only for band_6)
         */
        bandwidth: number;
        /**
         * Current channel the radio is running on
         */
        channel: number;
        /**
         * Use dynamic chaining for downlink
         */
        dynamicChainingEnabled: boolean;
        /**
         * Radio (base) mac, it can have 16 bssids (e.g. 5c5b350001a0-5c5b350001af)
         */
        mac: string;
        noiseFloor: number;
        numClients: number;
        /**
         * How many WLANs are applied to the radio
         */
        numWlans: number;
        /**
         * Transmit power (in dBm)
         */
        power: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        usage: string;
        /**
         * All utilization in percentage
         */
        utilAll: number;
        /**
         * Reception of "No Packets" utilization in percentage, received frames with invalid PLCPs and CRS glitches as noise
         */
        utilNonWifi: number;
        /**
         * Reception of "In BSS" utilization in percentage, only frames that are received from AP/STAs within the BSS
         */
        utilRxInBss: number;
        /**
         * Reception of "Other BSS" utilization in percentage, all frames received from AP/STAs that are outside the BSS
         */
        utilRxOtherBss: number;
        /**
         * Transmission utilization in percentage
         */
        utilTx: number;
        /**
         * Reception of "UnDecodable Wifi" utilization in percentage, only Preamble, PLCP header is decoded, Rest is undecodable in this radio
         */
        utilUndecodableWifi: number;
        /**
         * Reception of "No Category" utilization in percentage, all 802.11 frames that are corrupted at the receiver
         */
        utilUnknownWifi: number;
    }
    interface GetApStatsDeviceApStatRadioStatBand6 {
        /**
         * channel width for the band.enum: `20`, `40`, `80` (only applicable for band5 and band_6), `160` (only for band_6)
         */
        bandwidth: number;
        /**
         * Current channel the radio is running on
         */
        channel: number;
        /**
         * Use dynamic chaining for downlink
         */
        dynamicChainingEnabled: boolean;
        /**
         * Radio (base) mac, it can have 16 bssids (e.g. 5c5b350001a0-5c5b350001af)
         */
        mac: string;
        noiseFloor: number;
        numClients: number;
        /**
         * How many WLANs are applied to the radio
         */
        numWlans: number;
        /**
         * Transmit power (in dBm)
         */
        power: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        usage: string;
        /**
         * All utilization in percentage
         */
        utilAll: number;
        /**
         * Reception of "No Packets" utilization in percentage, received frames with invalid PLCPs and CRS glitches as noise
         */
        utilNonWifi: number;
        /**
         * Reception of "In BSS" utilization in percentage, only frames that are received from AP/STAs within the BSS
         */
        utilRxInBss: number;
        /**
         * Reception of "Other BSS" utilization in percentage, all frames received from AP/STAs that are outside the BSS
         */
        utilRxOtherBss: number;
        /**
         * Transmission utilization in percentage
         */
        utilTx: number;
        /**
         * Reception of "UnDecodable Wifi" utilization in percentage, only Preamble, PLCP header is decoded, Rest is undecodable in this radio
         */
        utilUndecodableWifi: number;
        /**
         * Reception of "No Category" utilization in percentage, all 802.11 frames that are corrupted at the receiver
         */
        utilUnknownWifi: number;
    }
    interface GetApStatsDeviceApStatSwitchRedundancy {
        numRedundantAps: number;
    }
    interface GetApStatsDeviceApStatUsbStat {
        channel: number;
        connected: boolean;
        lastActivity: number;
        type: string;
        up: boolean;
    }
    interface GetGatewayStatsDeviceGatewayStat {
        apRedundancy: outputs.device.GetGatewayStatsDeviceGatewayStatApRedundancy;
        arpTableStats: outputs.device.GetGatewayStatsDeviceGatewayStatArpTableStats;
        /**
         * Only present when `bgpPeers` in `fields` query parameter. Each port object is same as `GET /api/v1/sites/{site_id}/stats/bgp_peers/search` result object, except that org*id, site*id, mac, model are removed
         */
        bgpPeers: outputs.device.GetGatewayStatsDeviceGatewayStatBgpPeer[];
        certExpiry: number;
        clusterConfig: outputs.device.GetGatewayStatsDeviceGatewayStatClusterConfig;
        clusterStat: outputs.device.GetGatewayStatsDeviceGatewayStatClusterStat;
        conductorName: string;
        configStatus: string;
        cpu2Stat: outputs.device.GetGatewayStatsDeviceGatewayStatCpu2Stat;
        cpuStat: outputs.device.GetGatewayStatsDeviceGatewayStatCpuStat;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        deviceprofileId: string;
        /**
         * Property key is the network name
         */
        dhcpd2Stat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatDhcpd2Stat;
        };
        /**
         * Property key is the network name
         */
        dhcpdStat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatDhcpdStat;
        };
        /**
         * IP address
         */
        extIp: string;
        fwupdate: outputs.device.GetGatewayStatsDeviceGatewayStatFwupdate;
        hasPcap: boolean;
        /**
         * Hostname reported by the device
         */
        hostname: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * Property key is the interface name
         */
        if2Stat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatIf2Stat;
        };
        /**
         * Property key is the interface name
         */
        ifStat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatIfStat;
        };
        /**
         * IP address
         */
        ip: string;
        ip2Stat: outputs.device.GetGatewayStatsDeviceGatewayStatIp2Stat;
        ipStat: outputs.device.GetGatewayStatsDeviceGatewayStatIpStat;
        isHa: boolean;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        /**
         * Device mac
         */
        mac: string;
        /**
         * Serial Number
         */
        mapId: string;
        /**
         * Memory usage stat (for virtual chassis, memory usage of master RE)
         */
        memory2Stat: outputs.device.GetGatewayStatsDeviceGatewayStatMemory2Stat;
        /**
         * Memory usage stat (for virtual chassis, memory usage of master RE)
         */
        memoryStat: outputs.device.GetGatewayStatsDeviceGatewayStatMemoryStat;
        /**
         * Device model
         */
        model: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        module2Stats: outputs.device.GetGatewayStatsDeviceGatewayStatModule2Stat[];
        moduleStats: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStat[];
        /**
         * Device name if configured
         */
        name: string;
        nodeName: string;
        orgId: string;
        /**
         * Only present when `ports` in `fields` query parameter. Each port object is same as `GET /api/v1/sites/{site_id}/stats/ports/search` result object, except that org*id, site*id, mac, model are removed
         */
        ports: outputs.device.GetGatewayStatsDeviceGatewayStatPort[];
        routeSummaryStats: outputs.device.GetGatewayStatsDeviceGatewayStatRouteSummaryStats;
        /**
         * Device name if configured
         */
        routerName: string;
        /**
         * Serial Number
         */
        serial: string;
        service2Stat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatService2Stat;
        };
        serviceStat: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatServiceStat;
        };
        serviceStatus: outputs.device.GetGatewayStatsDeviceGatewayStatServiceStatus;
        siteId: string;
        spu2Stats: outputs.device.GetGatewayStatsDeviceGatewayStatSpu2Stat[];
        spuStats: outputs.device.GetGatewayStatsDeviceGatewayStatSpuStat[];
        status: string;
        /**
         * Only present when `tunnels` in `fields` query parameter. Each port object is same as `GET /api/v1/sites/{site_id}/stats/tunnels/search` result object, except that org*id, site*id, mac, model are removed
         */
        tunnels: outputs.device.GetGatewayStatsDeviceGatewayStatTunnel[];
        uptime: number;
        version: string;
        /**
         * Only present when `vpnPeers` in `fields` query parameter. Each port object is same as `GET /api/v1/sites/{site_id}/stats/vpn_peers/search` result object, except that org*id, site*id, mac, model are removed
         */
        vpnPeers: outputs.device.GetGatewayStatsDeviceGatewayStatVpnPeer[];
    }
    interface GetGatewayStatsDeviceGatewayStatApRedundancy {
        /**
         * Property key is the node id
         */
        modules: {
            [key: string]: outputs.device.GetGatewayStatsDeviceGatewayStatApRedundancyModules;
        };
        numAps: number;
        numApsWithSwitchRedundancy: number;
    }
    interface GetGatewayStatsDeviceGatewayStatApRedundancyModules {
        numAps: number;
        numApsWithSwitchRedundancy: number;
    }
    interface GetGatewayStatsDeviceGatewayStatArpTableStats {
        arpTableCount: number;
        maxEntriesSupported: number;
    }
    interface GetGatewayStatsDeviceGatewayStatBgpPeer {
        /**
         * If this is created for evpn overlay
         */
        evpnOverlay: boolean;
        /**
         * If this is created for overlay
         */
        forOverlay: boolean;
        localAs: string;
        neighbor: string;
        neighborAs: string;
        /**
         * If it's another device in the same org
         */
        neighborMac: string;
        /**
         * Node0/node1
         */
        node: string;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Number of received routes
         */
        rxRoutes: number;
        /**
         * enum: `active`, `connect`, `established`, `idle`, `openConfig`, `openSent`
         */
        state: string;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        txRoutes: number;
        up: boolean;
        uptime: number;
        vrfName: string;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterConfig {
        configuration: string;
        controlLinkInfo: outputs.device.GetGatewayStatsDeviceGatewayStatClusterConfigControlLinkInfo;
        ethernetConnections: outputs.device.GetGatewayStatsDeviceGatewayStatClusterConfigEthernetConnection[];
        fabricLinkInfo: outputs.device.GetGatewayStatsDeviceGatewayStatClusterConfigFabricLinkInfo;
        lastStatusChangeReason: string;
        operational: string;
        primaryNodeHealth: string;
        redundancyGroupInformations: outputs.device.GetGatewayStatsDeviceGatewayStatClusterConfigRedundancyGroupInformation[];
        secondaryNodeHealth: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterConfigControlLinkInfo {
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterConfigEthernetConnection {
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterConfigFabricLinkInfo {
        dataPlaneNotifiedStatus: string;
        interfaces: string[];
        internalStatus: string;
        state: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterConfigRedundancyGroupInformation {
        id: number;
        monitoringFailure: string;
        threshold: number;
    }
    interface GetGatewayStatsDeviceGatewayStatClusterStat {
        state: string;
    }
    interface GetGatewayStatsDeviceGatewayStatCpu2Stat {
        /**
         * Percentage of CPU time that is idle
         */
        idle: number;
        /**
         * Percentage of CPU time being used by interrupts
         */
        interrupt: number;
        /**
         * Load averages for the last 1, 5, and 15 minutes
         */
        loadAvgs: number[];
        /**
         * Percentage of CPU time being used by system processes
         */
        system: number;
        /**
         * Percentage of CPU time being used by user processes
         */
        user: number;
    }
    interface GetGatewayStatsDeviceGatewayStatCpuStat {
        /**
         * Percentage of CPU time that is idle
         */
        idle: number;
        /**
         * Percentage of CPU time being used by interrupts
         */
        interrupt: number;
        /**
         * Load averages for the last 1, 5, and 15 minutes
         */
        loadAvgs: number[];
        /**
         * Percentage of CPU time being used by system processes
         */
        system: number;
        /**
         * Percentage of CPU time being used by user processes
         */
        user: number;
    }
    interface GetGatewayStatsDeviceGatewayStatDhcpd2Stat {
        numIps: number;
        numLeased: number;
    }
    interface GetGatewayStatsDeviceGatewayStatDhcpdStat {
        numIps: number;
        numLeased: number;
    }
    interface GetGatewayStatsDeviceGatewayStatFwupdate {
        progress: number;
        /**
         * enum: `inprogress`, `failed`, `upgraded`
         */
        status: string;
        statusId: number;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
        willRetry: boolean;
    }
    interface GetGatewayStatsDeviceGatewayStatIf2Stat {
        addressMode: string;
        ips: string[];
        natAddresses: string[];
        networkName: string;
        portId: string;
        portUsage: string;
        redundancyState: string;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        servpInfo: outputs.device.GetGatewayStatsDeviceGatewayStatIf2StatServpInfo;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        up: boolean;
        vlan: number;
        wanName: string;
        wanType: string;
    }
    interface GetGatewayStatsDeviceGatewayStatIf2StatServpInfo {
        asn: string;
        city: string;
        countryCode: string;
        latitude: number;
        longitude: number;
        org: string;
        regionCode: string;
    }
    interface GetGatewayStatsDeviceGatewayStatIfStat {
        addressMode: string;
        ips: string[];
        natAddresses: string[];
        networkName: string;
        portId: string;
        portUsage: string;
        redundancyState: string;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        servpInfo: outputs.device.GetGatewayStatsDeviceGatewayStatIfStatServpInfo;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        up: boolean;
        vlan: number;
        wanName: string;
        wanType: string;
    }
    interface GetGatewayStatsDeviceGatewayStatIfStatServpInfo {
        asn: string;
        city: string;
        countryCode: string;
        latitude: number;
        longitude: number;
        org: string;
        regionCode: string;
    }
    interface GetGatewayStatsDeviceGatewayStatIp2Stat {
        dhcpServer: string;
        dns: string[];
        dnsSuffixes: string[];
        gateway: string;
        gateway6: string;
        ip: string;
        ip6: string;
        ips: {
            [key: string]: string;
        };
        netmask: string;
        netmask6: string;
    }
    interface GetGatewayStatsDeviceGatewayStatIpStat {
        dhcpServer: string;
        dns: string[];
        dnsSuffixes: string[];
        gateway: string;
        gateway6: string;
        ip: string;
        ip6: string;
        ips: {
            [key: string]: string;
        };
        netmask: string;
        netmask6: string;
    }
    interface GetGatewayStatsDeviceGatewayStatMemory2Stat {
        usage: number;
    }
    interface GetGatewayStatsDeviceGatewayStatMemoryStat {
        usage: number;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2Stat {
        backupVersion: string;
        biosVersion: string;
        cpldVersion: string;
        fans: outputs.device.GetGatewayStatsDeviceGatewayStatModule2StatFan[];
        fpgaVersion: string;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        locating: boolean;
        mac: string;
        model: string;
        opticsCpldVersion: string;
        pendingVersion: string;
        poe: outputs.device.GetGatewayStatsDeviceGatewayStatModule2StatPoe;
        poeVersion: string;
        powerCpldVersion: string;
        psuses: outputs.device.GetGatewayStatsDeviceGatewayStatModule2StatPsus[];
        reFpgaVersion: string;
        recoveryVersion: string;
        serial: string;
        status: string;
        temperatures: outputs.device.GetGatewayStatsDeviceGatewayStatModule2StatTemperature[];
        tmcFpgaVersion: string;
        ubootVersion: string;
        uptime: number;
        vcLinks: outputs.device.GetGatewayStatsDeviceGatewayStatModule2StatVcLink[];
        vcMode: string;
        /**
         * enum: `master`, `backup`, `linecard`
         */
        vcRole: string;
        vcState: string;
        version: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2StatFan {
        airflow: string;
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2StatPoe {
        maxPower: number;
        powerDraw: number;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2StatPsus {
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2StatTemperature {
        celsius: number;
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModule2StatVcLink {
        neighborModuleIdx: number;
        neighborPortId: string;
        portId: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStat {
        backupVersion: string;
        biosVersion: string;
        cpldVersion: string;
        fans: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStatFan[];
        fpgaVersion: string;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        locating: boolean;
        mac: string;
        model: string;
        opticsCpldVersion: string;
        pendingVersion: string;
        poe: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStatPoe;
        poeVersion: string;
        powerCpldVersion: string;
        psuses: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStatPsus[];
        reFpgaVersion: string;
        recoveryVersion: string;
        serial: string;
        status: string;
        temperatures: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStatTemperature[];
        tmcFpgaVersion: string;
        ubootVersion: string;
        uptime: number;
        vcLinks: outputs.device.GetGatewayStatsDeviceGatewayStatModuleStatVcLink[];
        vcMode: string;
        /**
         * enum: `master`, `backup`, `linecard`
         */
        vcRole: string;
        vcState: string;
        version: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStatFan {
        airflow: string;
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStatPoe {
        maxPower: number;
        powerDraw: number;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStatPsus {
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStatTemperature {
        celsius: number;
        name: string;
        status: string;
    }
    interface GetGatewayStatsDeviceGatewayStatModuleStatVcLink {
        neighborModuleIdx: number;
        neighborPortId: string;
        portId: string;
    }
    interface GetGatewayStatsDeviceGatewayStatPort {
        /**
         * Indicates if interface is active/inactive
         */
        active: boolean;
        /**
         * if `up`==`true` and has Authenticator role. enum: `authenticated`, `authenticating`, `held`, `init`
         */
        authState: string;
        /**
         * Indicates if interface is disabled
         */
        disabled: boolean;
        forSite: boolean;
        /**
         * Indicates full or half duplex
         */
        fullDuplex: boolean;
        /**
         * Last sampled jitter of the interface
         */
        jitter: number;
        /**
         * Last sampled latency of the interface
         */
        latency: number;
        /**
         * Last sampled loss of the interface
         */
        loss: number;
        /**
         * LTE ICCID value, Check for null/empty
         */
        lteIccid: string;
        /**
         * LTE IMEI value, Check for null/empty
         */
        lteImei: string;
        /**
         * LTE IMSI value, Check for null/empty
         */
        lteImsi: string;
        /**
         * Number of mac addresses in the forwarding table
         */
        macCount: number;
        /**
         * Limit on number of dynamically learned macs
         */
        macLimit: number;
        /**
         * chassis identifier of the chassis type listed
         */
        neighborMac: string;
        /**
         * Description supplied by the system on the interface E.g. "GigabitEthernet2/0/39"
         */
        neighborPortDesc: string;
        /**
         * Name supplied by the system on the interface E.g. neighbor system name E.g. "Kumar-Acc-SW.mist.local"
         */
        neighborSystemName: string;
        /**
         * Is the POE configured not be disabled.
         */
        poeDisabled: boolean;
        /**
         * enum: `802.3af`, `802.3at`, `802.3bt`
         */
        poeMode: string;
        /**
         * Is the device attached to POE
         */
        poeOn: boolean;
        portId: string;
        /**
         * Interface mac address
         */
        portMac: string;
        /**
         * gateway port usage. enum: `lan`
         */
        portUsage: string;
        /**
         * Amount of power being used by the interface at the time the command is executed. Unit in watts.
         */
        powerDraw: number;
        /**
         * Broadcast input packets
         */
        rxBcastPkts: number;
        /**
         * Rate of receiving traffic, bits/seconds, last known
         */
        rxBps: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Input errors
         */
        rxErrors: number;
        /**
         * Multicast input packets
         */
        rxMcastPkts: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Port speed
         */
        speed: number;
        /**
         * if `up`==`true`. enum: `alternate`, `backup`, `designated`, `root`, `root-prevented`
         */
        stpRole: string;
        /**
         * if `up`==`true`. enum: `blocking`, `disabled`, `forwarding`, `learning`, `listening`
         */
        stpState: string;
        /**
         * Broadcast output packets
         */
        txBcastPkts: number;
        /**
         * Rate of transmitting traffic, bits/seconds, last known
         */
        txBps: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Output errors
         */
        txErrors: number;
        /**
         * Multicast output packets
         */
        txMcastPkts: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        /**
         * device type. enum: `ap`, `ble`, `gateway`, `mxedge`, `nac`, `switch`
         */
        type: string;
        /**
         * Indicates if interface is unconfigured
         */
        unconfigured: boolean;
        /**
         * Indicates if interface is up
         */
        up: boolean;
        /**
         * Optic Slot ModelName, Check for null/empty
         */
        xcvrModel: string;
        /**
         * Optic Slot Partnumber, Check for null/empty
         */
        xcvrPartNumber: string;
        /**
         * Optic Slot SerialNumber, Check for null/empty
         */
        xcvrSerial: string;
    }
    interface GetGatewayStatsDeviceGatewayStatRouteSummaryStats {
        fibRoutes: number;
        maxUnicastRoutesSupported: number;
        ribRoutes: number;
        totalRoutes: number;
    }
    interface GetGatewayStatsDeviceGatewayStatService2Stat {
        ashVersion: string;
        ciaVersion: string;
        emberVersion: string;
        ipsecClientVersion: string;
        mistAgentVersion: string;
        packageVersion: string;
        testingToolsVersion: string;
        wheeljackVersion: string;
    }
    interface GetGatewayStatsDeviceGatewayStatServiceStat {
        ashVersion: string;
        ciaVersion: string;
        emberVersion: string;
        ipsecClientVersion: string;
        mistAgentVersion: string;
        packageVersion: string;
        testingToolsVersion: string;
        wheeljackVersion: string;
    }
    interface GetGatewayStatsDeviceGatewayStatServiceStatus {
        appidInstallResult: string;
        appidInstallTimestamp: string;
        appidStatus: string;
        appidVersion: number;
        ewfStatus: string;
        idpInstallResult: string;
        idpInstallTimestamp: string;
        idpPolicy: string;
        idpStatus: string;
        idpUpdateTimestamp: string;
    }
    interface GetGatewayStatsDeviceGatewayStatSpu2Stat {
        spuCpu: number;
        spuCurrentSession: number;
        spuMaxSession: number;
        spuMemory: number;
        spuPendingSession: number;
        spuValidSession: number;
    }
    interface GetGatewayStatsDeviceGatewayStatSpuStat {
        spuCpu: number;
        spuCurrentSession: number;
        spuMaxSession: number;
        spuMemory: number;
        spuPendingSession: number;
        spuValidSession: number;
    }
    interface GetGatewayStatsDeviceGatewayStatTunnel {
        /**
         * Authentication algorithm
         */
        authAlgo: string;
        /**
         * Encryption algorithm
         */
        encryptAlgo: string;
        /**
         * IKE version
         */
        ikeVersion: string;
        /**
         * IP Address
         */
        ip: string;
        /**
         * Reason of why the tunnel is down
         */
        lastEvent: string;
        /**
         * Indicates when the port was last flapped
         */
        lastFlapped: number;
        /**
         * Node0/node1
         */
        node: string;
        /**
         * Peer host
         */
        peerHost: string;
        /**
         * Peer ip address
         */
        peerIp: string;
        /**
         * enum: `primary`, `secondary`
         */
        priority: string;
        /**
         * enum: `gre`, `ipsec`
         */
        protocol: string;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        /**
         * Mist Tunnel Name
         */
        tunnelName: string;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        up: boolean;
        /**
         * Duration from first (or last) SA was established
         */
        uptime: number;
        /**
         * WAN interface name
         */
        wanName: string;
    }
    interface GetGatewayStatsDeviceGatewayStatVpnPeer {
        /**
         * Redundancy status of the associated interface
         */
        isActive: boolean;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        latency: number;
        mos: number;
        mtu: number;
        /**
         * Peer router mac address
         */
        peerMac: string;
        /**
         * Peer router device interface
         */
        peerPortId: string;
        peerRouterName: string;
        peerSiteId: string;
        /**
         * Router device interface
         */
        portId: string;
        routerName: string;
        /**
         * `ipsec`for SRX, `svr` for 128T
         */
        type: string;
        up: boolean;
        uptime: number;
    }
    interface GetSwitchStatsDeviceSwitchStat {
        apRedundancy: outputs.device.GetSwitchStatsDeviceSwitchStatApRedundancy;
        arpTableStats: outputs.device.GetSwitchStatsDeviceSwitchStatArpTableStats;
        certExpiry: number;
        clients: outputs.device.GetSwitchStatsDeviceSwitchStatClient[];
        clientsStats: outputs.device.GetSwitchStatsDeviceSwitchStatClientsStats;
        configStatus: string;
        cpuStat: outputs.device.GetSwitchStatsDeviceSwitchStatCpuStat;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        deviceprofileId: string;
        /**
         * Property key is the network name
         */
        dhcpdStat: {
            [key: string]: outputs.device.GetSwitchStatsDeviceSwitchStatDhcpdStat;
        };
        evpntopoId: string;
        fwVersionsOutofsync: boolean;
        fwupdate: outputs.device.GetSwitchStatsDeviceSwitchStatFwupdate;
        /**
         * Whether the switch supports packet capture
         */
        hasPcap: boolean;
        /**
         * Hostname reported by the device
         */
        hostname: string;
        /**
         * Device hardware revision number
         */
        hwRev: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * Property key is the interface name
         */
        ifStat: {
            [key: string]: outputs.device.GetSwitchStatsDeviceSwitchStatIfStat;
        };
        ip: string;
        ipStat: outputs.device.GetSwitchStatsDeviceSwitchStatIpStat;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        /**
         * Last trouble code of switch
         */
        lastTrouble: outputs.device.GetSwitchStatsDeviceSwitchStatLastTrouble;
        mac: string;
        macTableStats: outputs.device.GetSwitchStatsDeviceSwitchStatMacTableStats;
        mapId: string;
        /**
         * Memory usage stat (for virtual chassis, memory usage of master RE)
         */
        memoryStat: outputs.device.GetSwitchStatsDeviceSwitchStatMemoryStat;
        model: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        moduleStats: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStat[];
        /**
         * Device name if configured
         */
        name: string;
        orgId: string;
        ports: outputs.device.GetSwitchStatsDeviceSwitchStatPort[];
        routeSummaryStats: outputs.device.GetSwitchStatsDeviceSwitchStatRouteSummaryStats;
        serial: string;
        serviceStat: {
            [key: string]: outputs.device.GetSwitchStatsDeviceSwitchStatServiceStat;
        };
        siteId: string;
        status: string;
        uptime: number;
        vcMac: string;
        vcSetupInfo: outputs.device.GetSwitchStatsDeviceSwitchStatVcSetupInfo;
        version: string;
    }
    interface GetSwitchStatsDeviceSwitchStatApRedundancy {
        /**
         * For a VC / stacked switches.
         */
        modules: {
            [key: string]: outputs.device.GetSwitchStatsDeviceSwitchStatApRedundancyModules;
        };
        numAps: number;
        numApsWithSwitchRedundancy: number;
    }
    interface GetSwitchStatsDeviceSwitchStatApRedundancyModules {
        numAps: number;
        numApsWithSwitchRedundancy: number;
    }
    interface GetSwitchStatsDeviceSwitchStatArpTableStats {
        arpTableCount: number;
        maxEntriesSupported: number;
    }
    interface GetSwitchStatsDeviceSwitchStatClient {
        deviceMac: string;
        hostname: string;
        mac: string;
        portId: string;
    }
    interface GetSwitchStatsDeviceSwitchStatClientsStats {
        total: outputs.device.GetSwitchStatsDeviceSwitchStatClientsStatsTotal;
    }
    interface GetSwitchStatsDeviceSwitchStatClientsStatsTotal {
        numAps: number[];
        numWiredClients: number;
    }
    interface GetSwitchStatsDeviceSwitchStatCpuStat {
        /**
         * Percentage of CPU time that is idle
         */
        idle: number;
        /**
         * Percentage of CPU time being used by interrupts
         */
        interrupt: number;
        /**
         * Load averages for the last 1, 5, and 15 minutes
         */
        loadAvgs: number[];
        /**
         * Percentage of CPU time being used by system processes
         */
        system: number;
        /**
         * Percentage of CPU time being used by user processes
         */
        user: number;
    }
    interface GetSwitchStatsDeviceSwitchStatDhcpdStat {
        numIps: number;
        numLeased: number;
    }
    interface GetSwitchStatsDeviceSwitchStatFwupdate {
        progress: number;
        /**
         * enum: `inprogress`, `failed`, `upgraded`
         */
        status: string;
        statusId: number;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
        willRetry: boolean;
    }
    interface GetSwitchStatsDeviceSwitchStatIfStat {
        addressMode: string;
        ips: string[];
        natAddresses: string[];
        networkName: string;
        portId: string;
        portUsage: string;
        redundancyState: string;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        servpInfo: outputs.device.GetSwitchStatsDeviceSwitchStatIfStatServpInfo;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        up: boolean;
        vlan: number;
        wanName: string;
        wanType: string;
    }
    interface GetSwitchStatsDeviceSwitchStatIfStatServpInfo {
        asn: string;
        city: string;
        countryCode: string;
        latitude: number;
        longitude: number;
        org: string;
        regionCode: string;
    }
    interface GetSwitchStatsDeviceSwitchStatIpStat {
        dhcpServer: string;
        dns: string[];
        dnsSuffixes: string[];
        gateway: string;
        gateway6: string;
        ip: string;
        ip6: string;
        ips: {
            [key: string]: string;
        };
        netmask: string;
        netmask6: string;
    }
    interface GetSwitchStatsDeviceSwitchStatLastTrouble {
        /**
         * Code definitions list at List Ap Led Definition
         */
        code: string;
        /**
         * Epoch (seconds)
         */
        timestamp: number;
    }
    interface GetSwitchStatsDeviceSwitchStatMacTableStats {
        macTableCount: number;
        maxMacEntriesSupported: number;
    }
    interface GetSwitchStatsDeviceSwitchStatMemoryStat {
        usage: number;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStat {
        backupVersion: string;
        biosVersion: string;
        cpldVersion: string;
        cpuStat: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatCpuStat;
        /**
         * Used to report all error states the device node is running into. An error should always have `type` and `since` fields, and could have some other fields specific to that type.
         */
        errors: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatError[];
        fans: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatFan[];
        fpcIdx: number;
        fpgaVersion: string;
        /**
         * Last seen timestamp
         */
        lastSeen: number;
        locating: boolean;
        mac: string;
        model: string;
        opticsCpldVersion: string;
        pendingVersion: string;
        pics: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatPic[];
        poe: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatPoe;
        poeVersion: string;
        powerCpldVersion: string;
        psuses: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatPsus[];
        reFpgaVersion: string;
        recoveryVersion: string;
        serial: string;
        status: string;
        temperatures: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatTemperature[];
        tmcFpgaVersion: string;
        type: string;
        ubootVersion: string;
        uptime: number;
        vcLinks: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatVcLink[];
        vcMode: string;
        /**
         * enum: `master`, `backup`, `linecard`
         */
        vcRole: string;
        vcState: string;
        version: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatCpuStat {
        /**
         * Percentage of CPU time that is idle
         */
        idle: number;
        /**
         * Percentage of CPU time being used by interrupts
         */
        interrupt: number;
        /**
         * Load averages for the last 1, 5, and 15 minutes
         */
        loadAvgs: number[];
        /**
         * Percentage of CPU time being used by system processes
         */
        system: number;
        /**
         * Percentage of CPU time being used by user processes
         */
        user: number;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatError {
        feature: string;
        minimumVersion: string;
        reason: string;
        since: number;
        type: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatFan {
        airflow: string;
        name: string;
        status: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatPic {
        index: number;
        modelNumber: string;
        portGroups: outputs.device.GetSwitchStatsDeviceSwitchStatModuleStatPicPortGroup[];
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatPicPortGroup {
        count: number;
        type: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatPoe {
        maxPower: number;
        powerDraw: number;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatPsus {
        name: string;
        status: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatTemperature {
        celsius: number;
        name: string;
        status: string;
    }
    interface GetSwitchStatsDeviceSwitchStatModuleStatVcLink {
        neighborModuleIdx: number;
        neighborPortId: string;
        portId: string;
    }
    interface GetSwitchStatsDeviceSwitchStatPort {
        /**
         * Indicates if interface is active/inactive
         */
        active: boolean;
        /**
         * if `up`==`true` and has Authenticator role. enum: `authenticated`, `authenticating`, `held`, `init`
         */
        authState: string;
        /**
         * Indicates if interface is disabled
         */
        disabled: boolean;
        forSite: boolean;
        /**
         * Indicates full or half duplex
         */
        fullDuplex: boolean;
        /**
         * Last sampled jitter of the interface
         */
        jitter: number;
        /**
         * Indicates when the port was last flapped
         */
        lastFlapped: number;
        /**
         * Last sampled latency of the interface
         */
        latency: number;
        /**
         * Last sampled loss of the interface
         */
        loss: number;
        /**
         * LTE ICCID value, Check for null/empty
         */
        lteIccid: string;
        /**
         * LTE IMEI value, Check for null/empty
         */
        lteImei: string;
        /**
         * LTE IMSI value, Check for null/empty
         */
        lteImsi: string;
        mac: string;
        /**
         * Number of mac addresses in the forwarding table
         */
        macCount: number;
        /**
         * Limit on number of dynamically learned macs
         */
        macLimit: number;
        /**
         * chassis identifier of the chassis type listed
         */
        neighborMac: string;
        /**
         * Description supplied by the system on the interface E.g. "GigabitEthernet2/0/39"
         */
        neighborPortDesc: string;
        /**
         * Name supplied by the system on the interface E.g. neighbor system name E.g. "Kumar-Acc-SW.mist.local"
         */
        neighborSystemName: string;
        orgId: string;
        /**
         * Is the POE disabled
         */
        poeDisabled: boolean;
        /**
         * enum: `802.3af`, `802.3at`, `802.3bt`
         */
        poeMode: string;
        /**
         * Is the device attached to POE
         */
        poeOn: boolean;
        portId: string;
        /**
         * Interface MAC address
         */
        portMac: string;
        /**
         * gateway port usage. enum: `lan`
         */
        portUsage: string;
        /**
         * Amount of power being used by the interface at the time the command is executed. Unit in watts.
         */
        powerDraw: number;
        /**
         * Broadcast input packets
         */
        rxBcastPkts: number;
        /**
         * Rate of receiving traffic, bits/seconds, last known
         */
        rxBps: number;
        /**
         * Amount of traffic received since connection
         */
        rxBytes: number;
        /**
         * Input errors
         */
        rxErrors: number;
        /**
         * Multicast input packets
         */
        rxMcastPkts: number;
        /**
         * Amount of packets received since connection
         */
        rxPkts: number;
        siteId: string;
        /**
         * Port speed
         */
        speed: number;
        /**
         * if `up`==`true`. enum: `alternate`, `backup`, `designated`, `root`, `root-prevented`
         */
        stpRole: string;
        /**
         * if `up`==`true`. enum: `blocking`, `disabled`, `forwarding`, `learning`, `listening`
         */
        stpState: string;
        /**
         * Broadcast output packets
         */
        txBcastPkts: number;
        /**
         * Rate of transmitting traffic, bits/seconds, last known
         */
        txBps: number;
        /**
         * Amount of traffic sent since connection
         */
        txBytes: number;
        /**
         * Output errors
         */
        txErrors: number;
        /**
         * Multicast output packets
         */
        txMcastPkts: number;
        /**
         * Amount of packets sent since connection
         */
        txPkts: number;
        /**
         * device type. enum: `ap`, `ble`, `gateway`, `mxedge`, `nac`, `switch`
         */
        type: string;
        /**
         * Indicates if interface is unconfigured
         */
        unconfigured: boolean;
        /**
         * Indicates if interface is up
         */
        up: boolean;
        /**
         * Optic Slot ModelName, Check for null/empty
         */
        xcvrModel: string;
        /**
         * Optic Slot Partnumber, Check for null/empty
         */
        xcvrPartNumber: string;
        /**
         * Optic Slot SerialNumber, Check for null/empty
         */
        xcvrSerial: string;
    }
    interface GetSwitchStatsDeviceSwitchStatRouteSummaryStats {
        fibRoutes: number;
        maxUnicastRoutesSupported: number;
        ribRoutes: number;
        totalRoutes: number;
    }
    interface GetSwitchStatsDeviceSwitchStatServiceStat {
        ashVersion: string;
        ciaVersion: string;
        emberVersion: string;
        ipsecClientVersion: string;
        mistAgentVersion: string;
        packageVersion: string;
        testingToolsVersion: string;
        wheeljackVersion: string;
    }
    interface GetSwitchStatsDeviceSwitchStatVcSetupInfo {
        configType: string;
        currentStats: string;
        errMissingDevIdFpc: boolean;
        lastUpdate: number;
        requestTime: number;
        requestType: string;
    }
    interface GetVersionsDeviceVersion {
        /**
         * Device model (as seen in the device stats)
         */
        model: string;
        /**
         * Annotation, stable / beta / alpha. Or it can be empty or nothing which is likely a dev build
         */
        tag: string;
        /**
         * Firmware version
         */
        version: string;
    }
    interface SwitchAclPolicy {
        /**
         * ACL Policy Actions:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        actions?: outputs.device.SwitchAclPolicyAction[];
        name?: string;
        /**
         * ACL Policy Source Tags:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        srcTags?: string[];
    }
    interface SwitchAclPolicyAction {
        /**
         * enum: `allow`, `deny`
         */
        action?: string;
        dstTag: string;
    }
    interface SwitchAclTags {
        /**
         * Required if
         *   - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
         *   - `type`==`gbpResource`
         *   - `type`==`staticGbp` (applying gbp tag against matching conditions)
         */
        gbpTag?: number;
        /**
         * Required if
         * - `type`==`mac`
         * - `type`==`staticGbp` if from matching mac
         */
        macs: string[];
        /**
         * If:
         *   * `type`==`mac` (optional. default is `any`)
         *   * `type`==`subnet` (optional. default is `any`)
         *   * `type`==`network`
         *   * `type`==`resource` (optional. default is `any`)
         *   * `type`==`staticGbp` if from matching network (vlan)
         */
        network?: string;
        /**
         * Required if:
         *   * `type`==`radiusGroup`
         *   * `type`==`staticGbp`
         * if from matching radius_group
         */
        radiusGroup?: string;
        /**
         * If `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
         */
        specs?: outputs.device.SwitchAclTagsSpec[];
        /**
         * If
         * - `type`==`subnet`
         * - `type`==`resource` (optional. default is `any`)
         * - `type`==`staticGbp` if from matching subnet
         */
        subnets: string[];
        /**
         * enum:
         *   * `any`: matching anything not identified
         *   * `dynamicGbp`: from the gbpTag received from RADIUS
         *   * `gbpResource`: can only be used in `dstTags`
         *   * `mac`
         *   * `network`
         *   * `radiusGroup`
         *   * `resource`: can only be used in `dstTags`
         *   * `staticGbp`: applying gbp tag against matching conditions
         *   * `subnet`'
         */
        type: string;
    }
    interface SwitchAclTagsSpec {
        /**
         * Matched dst port, "0" means any
         */
        portRange: string;
        /**
         * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
         */
        protocol: string;
    }
    interface SwitchDhcpSnooping {
        allNetworks?: boolean;
        /**
         * Enable for dynamic ARP inspection check
         */
        enableArpSpoofCheck?: boolean;
        /**
         * Enable for check for forging source IP address
         */
        enableIpSourceGuard?: boolean;
        enabled?: boolean;
        /**
         * If `allNetworks`==`false`, list of network with DHCP snooping enabled
         */
        networks?: string[];
    }
    interface SwitchDhcpdConfig {
        /**
         * Property key is the network name
         */
        config?: {
            [key: string]: outputs.device.SwitchDhcpdConfigConfig;
        };
        /**
         * If set to `true`, enable the DHCP server
         */
        enabled: boolean;
    }
    interface SwitchDhcpdConfigConfig {
        /**
         * If `type`==`server` or `type6`==`server` - optional, if not defined, system one will be used
         */
        dnsServers: string[];
        /**
         * If `type`==`server` or `type6`==`server` - optional, if not defined, system one will be used
         */
        dnsSuffixes: string[];
        /**
         * If `type`==`server` or `type6`==`server`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
         */
        fixedBindings?: {
            [key: string]: outputs.device.SwitchDhcpdConfigConfigFixedBindings;
        };
        /**
         * If `type`==`server`  - optional, `ip` will be used if not provided
         */
        gateway?: string;
        /**
         * If `type`==`server`
         */
        ipEnd?: string;
        /**
         * If `type6`==`server`
         */
        ipEnd6?: string;
        /**
         * If `type`==`server`
         */
        ipStart?: string;
        /**
         * If `type6`==`server`
         */
        ipStart6?: string;
        /**
         * In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
         */
        leaseTime: number;
        /**
         * If `type`==`server` or `type6`==`server`. Property key is the DHCP option number
         */
        options?: {
            [key: string]: outputs.device.SwitchDhcpdConfigConfigOptions;
        };
        /**
         * `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
         * should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
         */
        serverIdOverride: boolean;
        /**
         * If `type`==`relay`
         */
        servers: string[];
        /**
         * If `type6`==`relay`
         */
        servers6s: string[];
        /**
         * enum: `none`, `relay` (DHCP Relay), `server` (DHCP Server)
         */
        type?: string;
        /**
         * enum: `none`, `relay` (DHCP Relay), `server` (DHCP Server)
         */
        type6: string;
        /**
         * If `type`==`server` or `type6`==`server`. Property key is <enterprise number>:<sub option code>, with
         *   * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
         *   * sub option code: 1-255, sub-option code'
         */
        vendorEncapsulated?: {
            [key: string]: outputs.device.SwitchDhcpdConfigConfigVendorEncapsulated;
        };
    }
    interface SwitchDhcpdConfigConfigFixedBindings {
        ip: string;
        name?: string;
    }
    interface SwitchDhcpdConfigConfigOptions {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface SwitchDhcpdConfigConfigVendorEncapsulated {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface SwitchExtraRoutes {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.device.SwitchExtraRoutesNextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface SwitchExtraRoutes6 {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.device.SwitchExtraRoutes6NextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface SwitchExtraRoutes6NextQualified {
        metric?: number;
        preference?: number;
    }
    interface SwitchExtraRoutesNextQualified {
        metric?: number;
        preference?: number;
    }
    interface SwitchIpConfig {
        /**
         * Required when `type`==`static`
         */
        dns: string[];
        dnsSuffixes: string[];
        gateway?: string;
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`
         */
        netmask?: string;
        /**
         * Network where this mgmt IP reside, this will be used as default network for outbound-ssh, dns, ntp, dns, tacplus, radius, syslog, snmp
         */
        network?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface SwitchLocalPortConfig {
        /**
         * Only if `mode`==`trunk` whether to trunk all network/vlans
         */
        allNetworks: boolean;
        /**
         * If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is an access or trunk port.
         */
        allowDhcpd?: boolean;
        allowMultipleSupplicants: boolean;
        /**
         * Only if `portAuth`==`dot1x` bypass auth for known clients if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDown: boolean;
        /**
         * Only if `portAuth`=`dot1x` bypass auth for all (including unknown clients) if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDownForUnknownClient: boolean;
        description?: string;
        /**
         * Only if `mode`!=`dynamic` if speed and duplex are specified, whether to disable autonegotiation
         */
        disableAutoneg?: boolean;
        /**
         * Whether the port is disabled
         */
        disabled: boolean;
        /**
         * link connection mode. enum: `auto`, `full`, `half`
         */
        duplex?: string;
        /**
         * Only if `portAuth`==`dot1x`, if dynamic vlan is used, specify the possible networks/vlans RADIUS can return
         */
        dynamicVlanNetworks?: string[];
        /**
         * Only if `portAuth`==`dot1x` whether to enable MAC Auth
         */
        enableMacAuth: boolean;
        enableQos: boolean;
        /**
         * Only if `portAuth`==`dot1x` which network to put the device into if the device cannot do dot1x. default is null (i.e. not allowed)
         */
        guestNetwork?: string;
        /**
         * inter_switch_link is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
         */
        interSwitchLink: boolean;
        /**
         * Only if `enableMacAuth`==`true`
         */
        macAuthOnly?: boolean;
        /**
         * Only if `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
         */
        macAuthPreferred?: boolean;
        /**
         * Only if `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
         */
        macAuthProtocol: string;
        /**
         * Max number of mac addresses, default is 0 for unlimited, otherwise range is 1 or higher, with upper bound constrained by platform
         */
        macLimit: number;
        /**
         * enum: `access`, `inet`, `trunk`
         */
        mode?: string;
        /**
         * Media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation. The default value is 1514.
         */
        mtu?: number;
        /**
         * Only if `mode`==`trunk`, the list of network/vlans
         */
        networks?: string[];
        /**
         * Additional note for the port config override
         */
        note?: string;
        /**
         * Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
         */
        persistMac: boolean;
        /**
         * Whether PoE capabilities are disabled for a port
         */
        poeDisabled?: boolean;
        /**
         * if dot1x is desired, set to dot1x. enum: `dot1x`
         */
        portAuth?: string;
        /**
         * Native network/vlan for untagged traffic
         */
        portNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range between 10 and 65535 (default: 3600)
         */
        reauthInterval?: string;
        /**
         * Only if `portAuth`==`dot1x` sets server fail fallback vlan
         */
        serverFailNetwork?: string;
        /**
         * Only if `portAuth`==`dot1x` when radius server reject / fails
         */
        serverRejectNetwork?: string;
        /**
         * enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed?: string;
        /**
         * Switch storm control
         */
        stormControl?: outputs.device.SwitchLocalPortConfigStormControl;
        /**
         * When enabled, the port is not expected to receive BPDU frames
         */
        stpEdge: boolean;
        stpNoRootPort: boolean;
        stpP2p: boolean;
        /**
         * Port usage name.
         */
        usage: string;
        /**
         * If this is connected to a vstp network
         */
        useVstp: boolean;
        /**
         * Network/vlan for voip traffic, must also set port_network. to authenticate device, set port_auth
         */
        voipNetwork?: string;
    }
    interface SwitchLocalPortConfigStormControl {
        /**
         * Whether to disable storm control on broadcast traffic
         */
        noBroadcast: boolean;
        /**
         * Whether to disable storm control on multicast traffic
         */
        noMulticast: boolean;
        /**
         * Whether to disable storm control on registered multicast traffic
         */
        noRegisteredMulticast: boolean;
        /**
         * Whether to disable storm control on unknown unicast traffic
         */
        noUnknownUnicast: boolean;
        /**
         * Bandwidth-percentage, configures the storm control level as a percentage of the available bandwidth
         */
        percentage: number;
    }
    interface SwitchMistNac {
        enabled?: boolean;
        network?: string;
    }
    interface SwitchNetworks {
        /**
         * Only required for EVPN-VXLAN networks, IPv4 Virtual Gateway
         */
        gateway?: string;
        /**
         * Only required for EVPN-VXLAN networks, IPv6 Virtual Gateway
         */
        gateway6?: string;
        /**
         * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
         */
        isolation?: boolean;
        isolationVlanId?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet6?: string;
        vlanId: string;
    }
    interface SwitchOobIpConfig {
        gateway?: string;
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`
         */
        netmask?: string;
        /**
         * Optional, the network to be used for mgmt
         */
        network?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
    }
    interface SwitchOspfAreas {
        includeLoopback: boolean;
        networks: {
            [key: string]: outputs.device.SwitchOspfAreasNetworks;
        };
        /**
         * OSPF type. enum: `default`, `nssa`, `stub`
         */
        type: string;
    }
    interface SwitchOspfAreasNetworks {
        /**
         * Required if `authType`==`md5`. Property key is the key number
         */
        authKeys: {
            [key: string]: string;
        };
        /**
         * Required if `authType`==`password`, the password, max length is 8
         */
        authPassword?: string;
        /**
         * auth type. enum: `md5`, `none`, `password`
         */
        authType: string;
        bfdMinimumInterval?: number;
        deadInterval?: number;
        exportPolicy?: string;
        helloInterval?: number;
        importPolicy?: string;
        /**
         * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
         */
        interfaceType: string;
        metric?: number;
        /**
         * By default, we'll re-advertise all learned OSPF routes toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * Whether to send OSPF-Hello
         */
        passive: boolean;
    }
    interface SwitchOtherIpConfigs {
        /**
         * For EVPN, if anycast is desired
         */
        evpnAnycast: boolean;
        /**
         * Required if `type`==`static`
         */
        ip?: string;
        /**
         * Required if `type6`==`static`
         */
        ip6?: string;
        /**
         * Optional, `subnet` from `network` definition will be used if defined
         */
        netmask?: string;
        /**
         * Optional, `subnet` from `network` definition will be used if defined
         */
        netmask6?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * enum: `autoconf`, `dhcp`, `disabled`, `static`
         */
        type6: string;
    }
    interface SwitchPortConfig {
        /**
         * To disable LACP support for the AE interface
         */
        aeDisableLacp?: boolean;
        /**
         * Users could force to use the designated AE name
         */
        aeIdx?: number;
        /**
         * To use fast timeout
         */
        aeLacpSlow?: boolean;
        aggregated?: boolean;
        /**
         * To generate port up/down alarm
         */
        critical: boolean;
        description?: string;
        /**
         * If `speed` and `duplex` are specified, whether to disable autonegotiation
         */
        disableAutoneg?: boolean;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex?: string;
        /**
         * Enable dynamic usage for this port. Set to `dynamic` to enable.
         */
        dynamicUsage?: string;
        esilag?: boolean;
        /**
         * Media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation
         */
        mtu?: number;
        /**
         * Prevent helpdesk to override the port config
         */
        noLocalOverwrite: boolean;
        poeDisabled?: boolean;
        /**
         * enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed?: string;
        /**
         * Port usage name. If EVPN is used, use `evpnUplink`or `evpnDownlink`
         */
        usage: string;
    }
    interface SwitchPortMirroring {
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputNetworksIngresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsEgresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsIngresses: string[];
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputNetwork?: string;
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputPortId?: string;
    }
    interface SwitchPortUsages {
        /**
         * Only if `mode`==`trunk` whether to trunk all network/vlans
         */
        allNetworks: boolean;
        /**
         * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is an access or trunk port.
         */
        allowDhcpd?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        allowMultipleSupplicants?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` bypass auth for known clients if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDown?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` bypass auth for all (including unknown clients) if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDownForUnknownClient?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        description: string;
        /**
         * Only if `mode`!=`dynamic` if speed and duplex are specified, whether to disable autonegotiation
         */
        disableAutoneg: boolean;
        /**
         * Only if `mode`!=`dynamic` whether the port is disabled
         */
        disabled: boolean;
        /**
         * Only if `mode`!=`dynamic` link connection mode. enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x`, if dynamic vlan is used, specify the possible networks/vlans RADIUS can return
         */
        dynamicVlanNetworks: string[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` whether to enable MAC Auth
         */
        enableMacAuth?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        enableQos: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` which network to put the device into if the device cannot do dot1x. default is null (i.e. not allowed)
         */
        guestNetwork?: string;
        /**
         * `interSwitchLink` is used together with `isolation` under networks. NOTE: `interSwitchLink` works only between Juniper device. This has to be applied to both ports connected together
         */
        interIsolationNetworkLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
         */
        interSwitchLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
         */
        macAuthOnly?: boolean;
        /**
         * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
         */
        macAuthPreferred?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
         */
        macAuthProtocol?: string;
        /**
         * Only if `mode`!=`dynamic` max number of mac addresses, default is 0 for unlimited, otherwise range is 1 to 16383 (upper bound constrained by platform)
         */
        macLimit: string;
        /**
         * `mode`==`dynamic` must only be used if the port usage name is `dynamic`. enum: `access`, `dynamic`, `inet`, `trunk`
         */
        mode?: string;
        /**
         * Only if `mode`!=`dynamic` media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation. Value between 256 and 9216, default value is 1514.
         */
        mtu?: string;
        /**
         * Only if `mode`==`trunk`, the list of network/vlans
         */
        networks: string[];
        /**
         * Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
         */
        persistMac: boolean;
        /**
         * Only if `mode`!=`dynamic` whether PoE capabilities are disabled for a port
         */
        poeDisabled: boolean;
        /**
         * Only if `mode`!=`dynamic` if dot1x is desired, set to dot1x. enum: `dot1x`
         */
        portAuth?: string;
        /**
         * Only if `mode`!=`dynamic` native network/vlan for untagged traffic
         */
        portNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range between 10 and 65535 (default: 3600)
         */
        reauthInterval?: string;
        /**
         * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
         */
        resetDefaultWhen?: string;
        /**
         * Only if `mode`==`dynamic`
         */
        rules?: outputs.device.SwitchPortUsagesRule[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
         */
        serverFailNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
         */
        serverRejectNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed: string;
        /**
         * Switch storm control. Only if `mode`!=`dynamic`
         */
        stormControl?: outputs.device.SwitchPortUsagesStormControl;
        /**
         * Only if `mode`!=`dynamic` when enabled, the port is not expected to receive BPDU frames
         */
        stpEdge: boolean;
        stpNoRootPort?: boolean;
        stpP2p?: boolean;
        /**
         * If this is connected to a vstp network
         */
        useVstp?: boolean;
        /**
         * Only if `mode`!=`dynamic` network/vlan for voip traffic, must also set port_network. to authenticate device, set port_auth
         */
        voipNetwork?: string;
    }
    interface SwitchPortUsagesRule {
        equals?: string;
        /**
         * Use `equalsAny` to match any item in a list
         */
        equalsAnies?: string[];
        /**
         * "[0:3]":"abcdef" > "abc"
         * "split(.)[1]": "a.b.c" > "b"
         * "split(-)[1][0:3]: "a1234-b5678-c90" > "b56"
         */
        expression?: string;
        /**
         * enum: `linkPeermac`, `lldpChassisId`, `lldpHardwareRevision`, `lldpManufacturerName`, `lldpOui`, `lldpSerialNumber`, `lldpSystemName`, `radiusDynamicfilter`, `radiusUsermac`, `radiusUsername`
         */
        src: string;
        /**
         * `portUsage` name
         */
        usage?: string;
    }
    interface SwitchPortUsagesStormControl {
        /**
         * Whether to disable storm control on broadcast traffic
         */
        noBroadcast?: boolean;
        /**
         * Whether to disable storm control on multicast traffic
         */
        noMulticast?: boolean;
        /**
         * Whether to disable storm control on registered multicast traffic
         */
        noRegisteredMulticast?: boolean;
        /**
         * Whether to disable storm control on unknown unicast traffic
         */
        noUnknownUnicast?: boolean;
        /**
         * Bandwidth-percentage, configures the storm control level as a percentage of the available bandwidth
         */
        percentage?: number;
    }
    interface SwitchRadiusConfig {
        acctImmediateUpdate?: boolean;
        /**
         * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
         */
        acctInterimInterval: number;
        acctServers?: outputs.device.SwitchRadiusConfigAcctServer[];
        /**
         * enum: `ordered`, `unordered`
         */
        authServerSelection: string;
        authServers?: outputs.device.SwitchRadiusConfigAuthServer[];
        /**
         * Radius auth session retries
         */
        authServersRetries: number;
        /**
         * Radius auth session timeout
         */
        authServersTimeout: number;
        coaEnabled: boolean;
        coaPort: string;
        fastDot1xTimers: boolean;
        /**
         * Use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
         */
        network?: string;
        /**
         * Use `network`or `sourceIp`
         */
        sourceIp?: string;
    }
    interface SwitchRadiusConfigAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface SwitchRadiusConfigAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator?: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface SwitchRemoteSyslog {
        archive?: outputs.device.SwitchRemoteSyslogArchive;
        console?: outputs.device.SwitchRemoteSyslogConsole;
        enabled: boolean;
        files?: outputs.device.SwitchRemoteSyslogFile[];
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        network?: string;
        sendToAllServers?: boolean;
        servers?: outputs.device.SwitchRemoteSyslogServer[];
        /**
         * enum: `millisecond`, `year`, `year millisecond`
         */
        timeFormat?: string;
        users?: outputs.device.SwitchRemoteSyslogUser[];
    }
    interface SwitchRemoteSyslogArchive {
        files?: string;
        size?: string;
    }
    interface SwitchRemoteSyslogConsole {
        contents?: outputs.device.SwitchRemoteSyslogConsoleContent[];
    }
    interface SwitchRemoteSyslogConsoleContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface SwitchRemoteSyslogFile {
        archive?: outputs.device.SwitchRemoteSyslogFileArchive;
        contents?: outputs.device.SwitchRemoteSyslogFileContent[];
        explicitPriority?: boolean;
        file?: string;
        match?: string;
        structuredData?: boolean;
    }
    interface SwitchRemoteSyslogFileArchive {
        files?: string;
        size?: string;
    }
    interface SwitchRemoteSyslogFileContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface SwitchRemoteSyslogServer {
        contents?: outputs.device.SwitchRemoteSyslogServerContent[];
        explicitPriority?: boolean;
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        host?: string;
        match?: string;
        port?: string;
        /**
         * enum: `tcp`, `udp`
         */
        protocol: string;
        routingInstance?: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        sourceAddress?: string;
        structuredData?: boolean;
        tag?: string;
    }
    interface SwitchRemoteSyslogServerContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface SwitchRemoteSyslogUser {
        contents?: outputs.device.SwitchRemoteSyslogUserContent[];
        match?: string;
        user?: string;
    }
    interface SwitchRemoteSyslogUserContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface SwitchSnmpConfig {
        clientLists?: outputs.device.SwitchSnmpConfigClientList[];
        contact?: string;
        description?: string;
        enabled: boolean;
        engineId?: string;
        location?: string;
        name?: string;
        network?: string;
        trapGroups?: outputs.device.SwitchSnmpConfigTrapGroup[];
        v2cConfigs?: outputs.device.SwitchSnmpConfigV2cConfig[];
        v3Config?: outputs.device.SwitchSnmpConfigV3Config;
        views?: outputs.device.SwitchSnmpConfigView[];
    }
    interface SwitchSnmpConfigClientList {
        clientListName?: string;
        clients?: string[];
    }
    interface SwitchSnmpConfigTrapGroup {
        categories?: string[];
        /**
         * Categories list can refer to https://www.juniper.net/documentation/software/topics/task/configuration/snmp_trap-groups-configuring-junos-nm.html
         */
        groupName?: string;
        targets?: string[];
        /**
         * enum: `all`, `v1`, `v2`
         */
        version: string;
    }
    interface SwitchSnmpConfigV2cConfig {
        authorization?: string;
        /**
         * Client_list_name here should refer to clientList above
         */
        clientListName?: string;
        communityName?: string;
        /**
         * View name here should be defined in views above
         */
        view?: string;
    }
    interface SwitchSnmpConfigV3Config {
        notifies?: outputs.device.SwitchSnmpConfigV3ConfigNotify[];
        notifyFilters?: outputs.device.SwitchSnmpConfigV3ConfigNotifyFilter[];
        targetAddresses?: outputs.device.SwitchSnmpConfigV3ConfigTargetAddress[];
        targetParameters?: outputs.device.SwitchSnmpConfigV3ConfigTargetParameter[];
        usms?: outputs.device.SwitchSnmpConfigV3ConfigUsm[];
        vacm?: outputs.device.SwitchSnmpConfigV3ConfigVacm;
    }
    interface SwitchSnmpConfigV3ConfigNotify {
        name: string;
        tag: string;
        /**
         * enum: `inform`, `trap`
         */
        type: string;
    }
    interface SwitchSnmpConfigV3ConfigNotifyFilter {
        contents?: outputs.device.SwitchSnmpConfigV3ConfigNotifyFilterContent[];
        profileName?: string;
    }
    interface SwitchSnmpConfigV3ConfigNotifyFilterContent {
        include?: boolean;
        oid: string;
    }
    interface SwitchSnmpConfigV3ConfigTargetAddress {
        address: string;
        addressMask: string;
        port: string;
        /**
         * Refer to notify tag, can be multiple with blank
         */
        tagList?: string;
        targetAddressName: string;
        /**
         * Refer to notify target parameters name
         */
        targetParameters?: string;
    }
    interface SwitchSnmpConfigV3ConfigTargetParameter {
        /**
         * enum: `v1`, `v2c`, `v3`
         */
        messageProcessingModel: string;
        name: string;
        /**
         * Refer to profile-name in notify_filter
         */
        notifyFilter?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * Refer to securityName in usm
         */
        securityName?: string;
    }
    interface SwitchSnmpConfigV3ConfigUsm {
        /**
         * enum: `localEngine`, `remoteEngine`
         */
        engineType: string;
        /**
         * Required only if `engineType`==`remoteEngine`
         */
        remoteEngineId?: string;
        users?: outputs.device.SwitchSnmpConfigV3ConfigUsmUser[];
    }
    interface SwitchSnmpConfigV3ConfigUsmUser {
        /**
         * Not required if `authenticationType`==`authentication-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
         */
        authenticationPassword?: string;
        /**
         * sha224, sha256, sha384, sha512 are supported in 21.1 and newer release. enum: `authentication-md5`, `authentication-none`, `authentication-sha`, `authentication-sha224`, `authentication-sha256`, `authentication-sha384`, `authentication-sha512`
         */
        authenticationType?: string;
        /**
         * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
         */
        encryptionPassword?: string;
        /**
         * enum: `privacy-3des`, `privacy-aes128`, `privacy-des`, `privacy-none`
         */
        encryptionType?: string;
        name?: string;
    }
    interface SwitchSnmpConfigV3ConfigVacm {
        accesses?: outputs.device.SwitchSnmpConfigV3ConfigVacmAccess[];
        securityToGroup?: outputs.device.SwitchSnmpConfigV3ConfigVacmSecurityToGroup;
    }
    interface SwitchSnmpConfigV3ConfigVacmAccess {
        groupName?: string;
        prefixLists?: outputs.device.SwitchSnmpConfigV3ConfigVacmAccessPrefixList[];
    }
    interface SwitchSnmpConfigV3ConfigVacmAccessPrefixList {
        /**
         * Only required if `type`==`contextPrefix`
         */
        contextPrefix?: string;
        /**
         * Refer to view name
         */
        notifyView?: string;
        /**
         * Refer to view name
         */
        readView?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `any`, `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * enum: `contextPrefix`, `defaultContextPrefix`
         */
        type?: string;
        /**
         * Refer to view name
         */
        writeView?: string;
    }
    interface SwitchSnmpConfigV3ConfigVacmSecurityToGroup {
        contents?: outputs.device.SwitchSnmpConfigV3ConfigVacmSecurityToGroupContent[];
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
    }
    interface SwitchSnmpConfigV3ConfigVacmSecurityToGroupContent {
        /**
         * Refer to groupName under access
         */
        group?: string;
        securityName?: string;
    }
    interface SwitchSnmpConfigView {
        /**
         * If the root oid configured is included
         */
        include?: boolean;
        oid?: string;
        viewName?: string;
    }
    interface SwitchStpConfig {
        /**
         * Switch STP priority. Range [0, 4k, 8k.. 60k] in steps of 4k. Bridge priority applies to both VSTP and RSTP.
         */
        bridgePriority: string;
    }
    interface SwitchSwitchMgmt {
        /**
         * AP_affinity_threshold apAffinityThreshold can be added as a field under site/setting. By default, this value is set to 12. If the field is set in both site/setting and org/setting, the value from site/setting will be used.
         */
        apAffinityThreshold?: number;
        /**
         * Set Banners for switches. Allows markup formatting
         */
        cliBanner?: string;
        /**
         * Sets timeout for switches
         */
        cliIdleTimeout?: number;
        /**
         * Rollback timer for commit confirmed
         */
        configRevertTimer: number;
        /**
         * Enable to provide the FQDN with DHCP option 81
         */
        dhcpOptionFqdn?: boolean;
        disableOobDownAlarm?: boolean;
        fipsEnabled?: boolean;
        /**
         * Property key is the user name. For Local user authentication
         */
        localAccounts?: {
            [key: string]: outputs.device.SwitchSwitchMgmtLocalAccounts;
        };
        /**
         * IP Address or FQDN of the Mist Edge used to proxy the switch management traffic to the Mist Cloud
         */
        mxedgeProxyHost?: string;
        /**
         * Mist Edge port used to proxy the switch management traffic to the Mist Cloud. Value in range 1-65535
         */
        mxedgeProxyPort?: string;
        /**
         * Restrict inbound-traffic to host
         * when enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default, if dhcpd is enabled, we'll make sure it works
         */
        protectRe?: outputs.device.SwitchSwitchMgmtProtectRe;
        rootPassword?: string;
        tacacs?: outputs.device.SwitchSwitchMgmtTacacs;
        /**
         * To use mxedge as proxy
         */
        useMxedgeProxy?: boolean;
    }
    interface SwitchSwitchMgmtLocalAccounts {
        password?: string;
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        role: string;
    }
    interface SwitchSwitchMgmtProtectRe {
        /**
         * optionally, services we'll allow. enum: `icmp`, `ssh`
         */
        allowedServices: string[];
        customs: outputs.device.SwitchSwitchMgmtProtectReCustom[];
        /**
         * When enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default
         *      if dhcpd is enabled, we'll make sure it works
         */
        enabled: boolean;
        /**
         * host/subnets we'll allow traffic to/from
         */
        trustedHosts: string[];
    }
    interface SwitchSwitchMgmtProtectReCustom {
        /**
         * matched dst port, "0" means any. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        portRange: string;
        /**
         * enum: `any`, `icmp`, `tcp`, `udp`. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        protocol: string;
        subnets: string[];
    }
    interface SwitchSwitchMgmtTacacs {
        acctServers?: outputs.device.SwitchSwitchMgmtTacacsAcctServer[];
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        defaultRole?: string;
        enabled?: boolean;
        /**
         * Which network the TACACS server resides
         */
        network?: string;
        tacplusServers?: outputs.device.SwitchSwitchMgmtTacacsTacplusServer[];
    }
    interface SwitchSwitchMgmtTacacsAcctServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface SwitchSwitchMgmtTacacsTacplusServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface SwitchVirtualChassis {
        /**
         * List of Virtual Chassis members
         */
        members?: outputs.device.SwitchVirtualChassisMember[];
        /**
         * To configure whether the VC is preprovisioned or nonprovisioned
         */
        preprovisioned: boolean;
    }
    interface SwitchVirtualChassisMember {
        /**
         * fpc0, same as the mac of device_id
         */
        mac: string;
        memberId: number;
        /**
         * Both vcRole master and backup will be matched to routing-engine role in Junos preprovisioned VC config. enum: `backup`, `linecard`, `master`
         */
        vcRole: string;
    }
    interface SwitchVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface SwitchVrfInstances {
        evpnAutoLoopbackSubnet?: string;
        evpnAutoLoopbackSubnet6?: string;
        /**
         * Property key is the destination CIDR (e.g. "10.0.0.0/8")
         */
        extraRoutes?: {
            [key: string]: outputs.device.SwitchVrfInstancesExtraRoutes;
        };
        /**
         * Property key is the destination CIDR (e.g. "2a02:1234:420a:10c9::/64")
         */
        extraRoutes6?: {
            [key: string]: outputs.device.SwitchVrfInstancesExtraRoutes6;
        };
        networks?: string[];
    }
    interface SwitchVrfInstancesExtraRoutes {
        /**
         * Next-hop address
         */
        via: string;
    }
    interface SwitchVrfInstancesExtraRoutes6 {
        /**
         * Next-hop address
         */
        via?: string;
    }
    interface SwitchVrrpConfig {
        enabled?: boolean;
        /**
         * Property key is the VRRP name
         */
        groups?: {
            [key: string]: outputs.device.SwitchVrrpConfigGroups;
        };
    }
    interface SwitchVrrpConfigGroups {
        priority?: number;
    }
}
export declare namespace org {
    interface AlarmtemplateDelivery {
        /**
         * List of additional email string to deliver the alarms via emails
         */
        additionalEmails: string[];
        /**
         * Whether to enable the alarm delivery via emails or not
         */
        enabled: boolean;
        /**
         * Whether to deliver the alarms via emails to Org admins or not
         */
        toOrgAdmins?: boolean;
        /**
         * Whether to deliver the alarms via emails to Site admins or not
         */
        toSiteAdmins?: boolean;
    }
    interface AlarmtemplateRules {
        /**
         * Delivery object to configure the alarm delivery
         */
        delivery?: outputs.org.AlarmtemplateRulesDelivery;
        enabled?: boolean;
    }
    interface AlarmtemplateRulesDelivery {
        /**
         * List of additional email string to deliver the alarms via emails
         */
        additionalEmails: string[];
        /**
         * Whether to enable the alarm delivery via emails or not
         */
        enabled: boolean;
        /**
         * Whether to deliver the alarms via emails to Org admins or not
         */
        toOrgAdmins?: boolean;
        /**
         * Whether to deliver the alarms via emails to Site admins or not
         */
        toSiteAdmins?: boolean;
    }
    interface ApitokenPrivilege {
        /**
         * access permissions. enum: `admin`, `helpdesk`, `installer`, `read`, `write`
         */
        role: string;
        /**
         * enum: `org`, `site`, `sitegroup`
         */
        scope: string;
        /**
         * Required if `scope`==`site`
         */
        siteId?: string;
        /**
         * Required if `scope`==`sitegroup`
         */
        sitegroupId?: string;
    }
    interface DeviceprofileApAeroscout {
        /**
         * Whether to enable aeroscout config
         */
        enabled: boolean;
        /**
         * Required if enabled, aeroscout server host
         */
        host: string;
        /**
         * Whether to enable the feature to allow wireless clients data received and sent to AES server for location calculation
         */
        locateConnected: boolean;
        port: number;
    }
    interface DeviceprofileApBleConfig {
        /**
         * Whether Mist beacons is enabled
         */
        beaconEnabled: boolean;
        /**
         * Required if `beaconRateMode`==`custom`, 1-10, in number-beacons-per-second
         */
        beaconRate?: number;
        /**
         * enum: `custom`, `default`
         */
        beaconRateMode?: string;
        /**
         * List of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam)
         */
        beamDisableds?: number[];
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send custom packet
         */
        customBlePacketEnabled?: boolean;
        /**
         * The custom frame to be sent out in this beacon. The frame must be a hexstring
         */
        customBlePacketFrame?: string;
        /**
         * Frequency (msec) of data emitted by custom ble beacon
         */
        customBlePacketFreqMsec?: number;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUidAdvPower?: number;
        eddystoneUidBeams?: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-UID beacon is enabled
         */
        eddystoneUidEnabled?: boolean;
        /**
         * Frequency (msec) of data emmit by Eddystone-UID beacon
         */
        eddystoneUidFreqMsec?: number;
        /**
         * Eddystone-UID instance for the device
         */
        eddystoneUidInstance?: string;
        /**
         * Eddystone-UID namespace
         */
        eddystoneUidNamespace?: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUrlAdvPower?: number;
        eddystoneUrlBeams?: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-URL beacon is enabled
         */
        eddystoneUrlEnabled?: boolean;
        /**
         * Frequency (msec) of data emit by Eddystone-UID beacon
         */
        eddystoneUrlFreqMsec?: number;
        /**
         * URL pointed by Eddystone-URL beacon
         */
        eddystoneUrlUrl?: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        ibeaconAdvPower?: number;
        ibeaconBeams?: string;
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send iBeacon
         */
        ibeaconEnabled?: boolean;
        /**
         * Frequency (msec) of data emmit for iBeacon
         */
        ibeaconFreqMsec?: number;
        /**
         * Major number for iBeacon
         */
        ibeaconMajor?: number;
        /**
         * Minor number for iBeacon
         */
        ibeaconMinor?: number;
        /**
         * Optional, if not specified, the same UUID as the beacon will be used
         */
        ibeaconUuid?: string;
        /**
         * Required if `powerMode`==`custom`; else use `powerMode` as default
         */
        power?: number;
        /**
         * enum: `custom`, `default`
         */
        powerMode?: string;
    }
    interface DeviceprofileApEslConfig {
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        cacert?: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        channel?: number;
        /**
         * usb_config is ignored if eslConfig enabled
         */
        enabled: boolean;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        host: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        port?: number;
        /**
         * note: bleConfig will be ignored if eslConfig is enabled and with native mode. enum: `hanshow`, `imagotag`, `native`, `solum`
         */
        type: string;
        /**
         * Only if `type`==`imagotag` or `type`==`native`
         */
        verifyCert?: boolean;
        /**
         * Only if `type`==`solum` or `type`==`hanshow`
         */
        vlanId: number;
    }
    interface DeviceprofileApIpConfig {
        /**
         * If `type`==`static`
         */
        dns: string[];
        /**
         * Required if `type`==`static`
         */
        dnsSuffixes: string[];
        /**
         * Required if `type`==`static`
         */
        gateway?: string;
        gateway6?: string;
        /**
         * Required if `type`==`static`
         */
        ip?: string;
        ip6?: string;
        mtu: number;
        /**
         * Required if `type`==`static`
         */
        netmask?: string;
        netmask6?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * enum: `autoconf`, `dhcp`, `disabled`, `static`
         */
        type6?: string;
        /**
         * Management VLAN id, default is 1 (untagged)
         */
        vlanId?: number;
    }
    interface DeviceprofileApLacpConfig {
        enabled: boolean;
    }
    interface DeviceprofileApLed {
        brightness: number;
        enabled: boolean;
    }
    interface DeviceprofileApMesh {
        /**
         * List of bands that the mesh should apply to. For relay, the first viable one will be picked. For relay, the first viable one will be picked. enum: `24`, `5`, `6`
         */
        bands?: string[];
        /**
         * Whether mesh is enabled on this AP
         */
        enabled: boolean;
        /**
         * Mesh group, base AP(s) will only allow remote AP(s) in the same mesh group to join, 1-9, optional
         */
        group?: number;
        /**
         * enum: `base`, `remote`
         */
        role?: string;
    }
    interface DeviceprofileApPwrConfig {
        /**
         * Additional power to request during negotiating with PSE over PoE, in mW
         */
        base: number;
        /**
         * Whether to enable power out to peripheral, meanwhile will reduce power to Wi-Fi (only for AP45 at power mode)
         */
        preferUsbOverWifi: boolean;
    }
    interface DeviceprofileApRadioConfig {
        allowRrmDisable?: boolean;
        /**
         * Antenna gain for 2.4G - for models with external antenna only
         */
        antGain24?: number;
        /**
         * Antenna gain for 5G - for models with external antenna only
         */
        antGain5?: number;
        /**
         * Antenna gain for 6G - for models with external antenna only
         */
        antGain6?: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * Radio Band AP settings
         */
        band24?: outputs.org.DeviceprofileApRadioConfigBand24;
        /**
         * enum: `24`, `5`, `6`, `auto`
         */
        band24Usage?: string;
        /**
         * Radio Band AP settings
         */
        band5?: outputs.org.DeviceprofileApRadioConfigBand5;
        /**
         * Radio Band AP settings
         */
        band5On24Radio?: outputs.org.DeviceprofileApRadioConfigBand5On24Radio;
        /**
         * Radio Band AP settings
         */
        band6?: outputs.org.DeviceprofileApRadioConfigBand6;
        /**
         * To make an outdoor operate indoor. For an outdoor-ap, some channels are disallowed by default, this allows the user to use it as an indoor-ap
         */
        indoorUse?: boolean;
        /**
         * Whether scanning radio is enabled
         */
        scanningEnabled?: boolean;
    }
    interface DeviceprofileApRadioConfigBand24 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 2.4GHz band. enum: `20`, `40`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface DeviceprofileApRadioConfigBand5 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface DeviceprofileApRadioConfigBand5On24Radio {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface DeviceprofileApRadioConfigBand6 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 6GHz band. enum: `20`, `40`, `80`, `160`
         */
        bandwidth: number;
        /**
         * For Device. (primary) channel for the band, 0 means using the Site Setting
         */
        channel: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * TX power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
        /**
         * For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed
         */
        standardPower: boolean;
    }
    interface DeviceprofileApUplinkPortConfig {
        /**
         * Whether to do 802.1x against uplink switch. When enabled, AP cert will be used to do EAP-TLS and the Org's CA Cert has to be provisioned at the switch
         */
        dot1x: boolean;
        /**
         * By default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons.
         */
        keepWlansUpIfDown?: boolean;
    }
    interface DeviceprofileApUsbConfig {
        /**
         * Only if `type`==`imagotag`
         */
        cacert: string;
        /**
         * Only if `type`==`imagotag`, channel selection, not needed by default, required for manual channel override only
         */
        channel?: number;
        /**
         * Whether to enable any usb config
         */
        enabled?: boolean;
        /**
         * Only if `type`==`imagotag`
         */
        host: string;
        /**
         * Only if `type`==`imagotag`
         */
        port?: number;
        /**
         * usb config type. enum: `hanshow`, `imagotag`, `solum`
         */
        type?: string;
        /**
         * Only if `type`==`imagotag`, whether to turn on SSL verification
         */
        verifyCert?: boolean;
        /**
         * Only if `type`==`solum` or `type`==`hanshow`
         */
        vlanId?: number;
    }
    interface DeviceprofileGatewayBgpConfig {
        authKey?: string;
        /**
         * When bfdMultiplier is configured alone. Default:
         *   * 1000 if `type`==`external`
         *   * 350 `type`==`internal`
         */
        bfdMinimumInterval: number;
        /**
         * When bfdMinimumIntervalIsConfigured alone
         */
        bfdMultiplier: number;
        /**
         * BFD provides faster path failure detection and is enabled by default
         */
        disableBfd: boolean;
        export?: string;
        /**
         * Default export policies if no per-neighbor policies defined
         */
        exportPolicy?: string;
        /**
         * By default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
         */
        extendedV4Nexthop?: boolean;
        /**
         * `0` means disable
         */
        gracefulRestartTime: number;
        holdTime: number;
        import?: string;
        /**
         * Default import policies if no per-neighbor policies defined
         */
        importPolicy?: string;
        /**
         * Local AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        localAs?: string;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
        /**
         * If per-neighbor as is desired. Property key is the neighbor address
         */
        neighbors?: {
            [key: string]: outputs.org.DeviceprofileGatewayBgpConfigNeighbors;
        };
        /**
         * If `type`!=`external`or `via`==`wan`networks where we expect BGP neighbor to connect to/from
         */
        networks: string[];
        noPrivateAs: boolean;
        /**
         * By default, we'll re-advertise all learned BGP routers toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * If `type`==`tunnel`
         */
        tunnelName?: string;
        /**
         * enum: `external`, `internal`
         */
        type?: string;
        /**
         * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
         */
        via: string;
        vpnName?: string;
        /**
         * If `via`==`wan`
         */
        wanName?: string;
    }
    interface DeviceprofileGatewayBgpConfigNeighbors {
        /**
         * If true, the BGP session to this neighbor will be administratively disabled/shutdown
         */
        disabled: boolean;
        exportPolicy?: string;
        holdTime: number;
        importPolicy?: string;
        /**
         * Assuming BGP neighbor is directly connected
         */
        multihopTtl?: number;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
    }
    interface DeviceprofileGatewayDhcpdConfig {
        /**
         * Property key is the network name
         */
        config?: {
            [key: string]: outputs.org.DeviceprofileGatewayDhcpdConfigConfig;
        };
        /**
         * If set to `false`, disable the DHCP server
         */
        enabled: boolean;
    }
    interface DeviceprofileGatewayDhcpdConfigConfig {
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsServers: string[];
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsSuffixes: string[];
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
         */
        fixedBindings?: {
            [key: string]: outputs.org.DeviceprofileGatewayDhcpdConfigConfigFixedBindings;
        };
        /**
         * If `type`==`local` - optional, `ip` will be used if not provided
         */
        gateway?: string;
        /**
         * If `type`==`local`
         */
        ipEnd?: string;
        /**
         * If `type6`==`local`
         */
        ipEnd6?: string;
        /**
         * If `type`==`local`
         */
        ipStart?: string;
        /**
         * If `type6`==`local`
         */
        ipStart6?: string;
        /**
         * In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
         */
        leaseTime: number;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the DHCP option number
         */
        options?: {
            [key: string]: outputs.org.DeviceprofileGatewayDhcpdConfigConfigOptions;
        };
        /**
         * `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
         * should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
         */
        serverIdOverride: boolean;
        /**
         * If `type`==`relay`
         */
        servers: string[];
        /**
         * If `type6`==`relay`
         */
        servers6s: string[];
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type: string;
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type6: string;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is <enterprise number>:<sub option code>, with
         *   * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
         *   * sub option code: 1-255, sub-option code
         */
        vendorEncapsulated?: {
            [key: string]: outputs.org.DeviceprofileGatewayDhcpdConfigConfigVendorEncapsulated;
        };
    }
    interface DeviceprofileGatewayDhcpdConfigConfigFixedBindings {
        ip: string;
        name?: string;
    }
    interface DeviceprofileGatewayDhcpdConfigConfigOptions {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface DeviceprofileGatewayDhcpdConfigConfigVendorEncapsulated {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface DeviceprofileGatewayExtraRoutes {
        via: string;
    }
    interface DeviceprofileGatewayExtraRoutes6 {
        via: string;
    }
    interface DeviceprofileGatewayIdpProfiles {
        /**
         * enum: `critical`, `standard`, `strict`
         */
        baseProfile?: string;
        name?: string;
        orgId?: string;
        overwrites?: outputs.org.DeviceprofileGatewayIdpProfilesOverwrite[];
    }
    interface DeviceprofileGatewayIdpProfilesOverwrite {
        /**
         * enum:
         *   * alert (default)
         *   * drop: silently dropping packets
         *   * close: notify client/server to close connection
         */
        action: string;
        matching?: outputs.org.DeviceprofileGatewayIdpProfilesOverwriteMatching;
        name?: string;
    }
    interface DeviceprofileGatewayIdpProfilesOverwriteMatching {
        attackNames?: string[];
        dstSubnets?: string[];
        severities?: string[];
    }
    interface DeviceprofileGatewayIpConfigs {
        ip?: string;
        netmask?: string;
        /**
         * Optional list of secondary IPs in CIDR format
         */
        secondaryIps: string[];
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface DeviceprofileGatewayNetwork {
        /**
         * Whether to disallow Mist Devices in the network
         */
        disallowMistServices: boolean;
        gateway?: string;
        gateway6?: string;
        internalAccess?: outputs.org.DeviceprofileGatewayNetworkInternalAccess;
        /**
         * Whether this network has direct internet access
         */
        internetAccess?: outputs.org.DeviceprofileGatewayNetworkInternetAccess;
        /**
         * Whether to allow clients in the network to talk to each other
         */
        isolation?: boolean;
        /**
         * Whether to enable multicast support (only PIM-sparse mode is supported)
         */
        multicast?: outputs.org.DeviceprofileGatewayNetworkMulticast;
        name: string;
        /**
         * For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
         */
        routedForNetworks?: string[];
        subnet: string;
        subnet6?: string;
        /**
         * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
         */
        tenants?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkTenants;
        };
        vlanId?: string;
        /**
         * Property key is the VPN name. Whether this network can be accessed from vpn
         */
        vpnAccess?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkVpnAccess;
        };
    }
    interface DeviceprofileGatewayNetworkInternalAccess {
        enabled?: boolean;
    }
    interface DeviceprofileGatewayNetworkInternetAccess {
        createSimpleServicePolicy: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkInternetAccessDestinationNat;
        };
        enabled?: boolean;
        /**
         * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
         */
        restricted: boolean;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkInternetAccessStaticNat;
        };
    }
    interface DeviceprofileGatewayNetworkInternetAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        /**
         * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
         */
        port?: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
         */
        wanName?: string;
    }
    interface DeviceprofileGatewayNetworkInternetAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
         */
        wanName?: string;
    }
    interface DeviceprofileGatewayNetworkMulticast {
        /**
         * If the network will only be the source of the multicast traffic, IGMP can be disabled
         */
        disableIgmp: boolean;
        enabled: boolean;
        /**
         * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
         */
        groups?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkMulticastGroups;
        };
    }
    interface DeviceprofileGatewayNetworkMulticastGroups {
        /**
         * RP (rendezvous point) IP Address
         */
        rpIp?: string;
    }
    interface DeviceprofileGatewayNetworkTenants {
        addresses?: string[];
    }
    interface DeviceprofileGatewayNetworkVpnAccess {
        /**
         * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
         */
        advertisedSubnet?: string;
        /**
         * Whether to allow ping from vpn into this routed network
         */
        allowPing?: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkVpnAccessDestinationNat;
        };
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
         */
        natPool?: string;
        /**
         * toward LAN-side BGP peers
         */
        noReadvertiseToLanBgp: boolean;
        /**
         * toward LAN-side OSPF peers
         */
        noReadvertiseToLanOspf: boolean;
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        noReadvertiseToOverlay?: boolean;
        /**
         * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
         */
        otherVrfs: string[];
        /**
         * Whether this network is routable
         */
        routed?: boolean;
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
         */
        sourceNat: outputs.org.DeviceprofileGatewayNetworkVpnAccessSourceNat;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.org.DeviceprofileGatewayNetworkVpnAccessStaticNat;
        };
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        summarizedSubnet?: string;
        /**
         * toward LAN-side BGP peers
         */
        summarizedSubnetToLanBgp?: string;
        /**
         * toward LAN-side OSPF peers
         */
        summarizedSubnetToLanOspf?: string;
    }
    interface DeviceprofileGatewayNetworkVpnAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        port?: string;
    }
    interface DeviceprofileGatewayNetworkVpnAccessSourceNat {
        externalIp?: string;
    }
    interface DeviceprofileGatewayNetworkVpnAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
    }
    interface DeviceprofileGatewayOobIpConfig {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        /**
         * If `type`==`static`
         */
        ip?: string;
        /**
         * If `type`==`static`
         */
        netmask?: string;
        /**
         * For HA Cluster, node1 can have different IP Config
         */
        node1: outputs.org.DeviceprofileGatewayOobIpConfigNode1;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface DeviceprofileGatewayOobIpConfigNode1 {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`
         */
        netmask?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * Whether to use `mgmtJunos` for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface DeviceprofileGatewayPathPreferences {
        paths?: outputs.org.DeviceprofileGatewayPathPreferencesPath[];
        /**
         * enum: `ecmp`, `ordered`, `weighted`
         */
        strategy: string;
    }
    interface DeviceprofileGatewayPathPreferencesPath {
        cost?: number;
        /**
         * For SSR Only. `true`, if this specific path is undesired
         */
        disabled?: boolean;
        /**
         * Only if `type`==`local`, if a different gateway is desired
         */
        gatewayIp?: string;
        /**
         * Only if `type`==`vpn`, if this vpn path can be used for internet
         */
        internetAccess?: boolean;
        /**
         * Required when
         *   * `type`==`vpn`: the name of the VPN Path to use
         *   * `type`==`wan`: the name of the WAN interface to use
         */
        name?: string;
        /**
         * Required when `type`==`local`
         */
        networks: string[];
        /**
         * If `type`==`local`, if destination IP is to be replaced
         */
        targetIps: string[];
        /**
         * enum: `local`, `tunnel`, `vpn`, `wan`
         */
        type?: string;
        /**
         * Optional if `type`==`vpn`
         */
        wanName?: string;
    }
    interface DeviceprofileGatewayPortConfig {
        /**
         * If `aggregated`==`true`. To disable LCP support for the AE interface
         */
        aeDisableLacp: boolean;
        /**
         * If `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127)
         */
        aeIdx?: string;
        /**
         * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
         */
        aeLacpForceUp: boolean;
        aggregated: boolean;
        /**
         * To generate port up/down alarm, set it to true
         */
        critical: boolean;
        /**
         * Interface Description. Can be a variable (i.e. "{{myvar}}")
         */
        description?: string;
        disableAutoneg: boolean;
        /**
         * Port admin up (true) / down (false)
         */
        disabled: boolean;
        /**
         * if `wanType`==`dsl`. enum: `adsl`, `vdsl`
         */
        dslType: string;
        /**
         * If `wanType`==`dsl`, 16 bit int
         */
        dslVci: number;
        /**
         * If `wanType`==`dsl`, 8 bit int
         */
        dslVpi: number;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Junos IP Config
         */
        ipConfig?: outputs.org.DeviceprofileGatewayPortConfigIpConfig;
        /**
         * If `wanType`==`lte`
         */
        lteApn?: string;
        /**
         * if `wanType`==`lte`. enum: `chap`, `none`, `pap`
         */
        lteAuth: string;
        lteBackup?: boolean;
        /**
         * If `wanType`==`lte`
         */
        ltePassword?: string;
        /**
         * If `wanType`==`lte`
         */
        lteUsername?: string;
        mtu?: number;
        /**
         * Name that we'll use to derive config
         */
        name?: string;
        /**
         * if `usage`==`lan`, name of the `junipermist.org.Network` resource
         */
        networks: string[];
        /**
         * For Q-in-Q
         */
        outerVlanId?: number;
        poeDisabled: boolean;
        /**
         * Only for SRX and if `usage`==`lan`, the name of the Network to be used as the Untagged VLAN
         */
        portNetwork?: string;
        /**
         * Whether to preserve dscp when sending traffic over VPN (SSR-only)
         */
        preserveDscp: boolean;
        /**
         * If HA mode
         */
        redundant?: boolean;
        /**
         * If HA mode, SRX Only - support redundancy-group. 1-128 for physical SRX, 1-64 for virtual SRX
         */
        redundantGroup?: number;
        /**
         * For SRX only and if HA Mode
         */
        rethIdx?: string;
        /**
         * If HA mode
         */
        rethNode?: string;
        /**
         * SSR only - supporting vlan-based redundancy (matching the size of `networks`)
         */
        rethNodes: string[];
        speed: string;
        /**
         * When SSR is running as VM, this is required on certain hosting platforms
         */
        ssrNoVirtualMac: boolean;
        /**
         * For SSR only
         */
        svrPortRange: string;
        trafficShaping?: outputs.org.DeviceprofileGatewayPortConfigTrafficShaping;
        /**
         * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
         */
        usage: string;
        vlanId?: string;
        /**
         * Property key is the VPN name
         */
        vpnPaths?: {
            [key: string]: outputs.org.DeviceprofileGatewayPortConfigVpnPaths;
        };
        /**
         * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
         */
        wanArpPolicer: string;
        /**
         * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
         */
        wanExtIp?: string;
        /**
         * Only if `usage`==`wan`. Property Key is the destination CIDR (e.g. "100.100.100.0/24")
         */
        wanExtraRoutes: {
            [key: string]: outputs.org.DeviceprofileGatewayPortConfigWanExtraRoutes;
        };
        /**
         * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
         */
        wanNetworks: string[];
        /**
         * Only if `usage`==`wan`
         */
        wanProbeOverride?: outputs.org.DeviceprofileGatewayPortConfigWanProbeOverride;
        /**
         * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
         */
        wanSourceNat?: outputs.org.DeviceprofileGatewayPortConfigWanSourceNat;
        /**
         * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
         */
        wanType: string;
    }
    interface DeviceprofileGatewayPortConfigIpConfig {
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dns?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dnsSuffixes?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
         */
        gateway?: string;
        /**
         * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
         */
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
         */
        netmask?: string;
        /**
         * Optional, the network to be used for mgmt
         */
        network?: string;
        /**
         * If `type`==`pppoe`
         */
        poserPassword?: string;
        /**
         * if `type`==`pppoe`. enum: `chap`, `none`, `pap`
         */
        pppoeAuth: string;
        /**
         * If `type`==`pppoe`
         */
        pppoeUsername?: string;
        /**
         * enum: `dhcp`, `pppoe`, `static`
         */
        type: string;
    }
    interface DeviceprofileGatewayPortConfigTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface DeviceprofileGatewayPortConfigVpnPaths {
        /**
         * Only if the VPN `type`==`hubSpoke`. enum: `broadband`, `lte`
         */
        bfdProfile: string;
        /**
         * Only if the VPN `type`==`hubSpoke`. Whether to use tunnel mode. SSR only
         */
        bfdUseTunnelMode: boolean;
        /**
         * Only if the VPN `type`==`hubSpoke`. For a given VPN, when `path_selection.strategy`==`simple`, the preference for a path (lower is preferred)
         */
        preference?: number;
        /**
         * If the VPN `type`==`hubSpoke`, enum: `hub`, `spoke`. If the VPN `type`==`mesh`, enum: `mesh`
         */
        role: string;
        trafficShaping?: outputs.org.DeviceprofileGatewayPortConfigVpnPathsTrafficShaping;
    }
    interface DeviceprofileGatewayPortConfigVpnPathsTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface DeviceprofileGatewayPortConfigWanExtraRoutes {
        via?: string;
    }
    interface DeviceprofileGatewayPortConfigWanProbeOverride {
        ips?: string[];
        /**
         * enum: `broadband`, `lte`
         */
        probeProfile: string;
    }
    interface DeviceprofileGatewayPortConfigWanSourceNat {
        /**
         * Or to disable the source-nat
         */
        disabled: boolean;
        /**
         * If alternative natPool is desired
         */
        natPool?: string;
    }
    interface DeviceprofileGatewayRoutingPolicies {
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        terms?: outputs.org.DeviceprofileGatewayRoutingPoliciesTerm[];
    }
    interface DeviceprofileGatewayRoutingPoliciesTerm {
        /**
         * When used as import policy
         */
        action?: outputs.org.DeviceprofileGatewayRoutingPoliciesTermAction;
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        matching?: outputs.org.DeviceprofileGatewayRoutingPoliciesTermMatching;
    }
    interface DeviceprofileGatewayRoutingPoliciesTermAction {
        accept?: boolean;
        addCommunities?: string[];
        /**
         * For SSR, hub decides how VRF routes are leaked on spoke
         */
        addTargetVrfs?: string[];
        /**
         * When used as export policy, optional
         */
        communities?: string[];
        /**
         * When used as export policy, optional. To exclude certain AS
         */
        excludeAsPaths?: string[];
        excludeCommunities?: string[];
        /**
         * When used as export policy, optional
         */
        exportCommunities?: string[];
        /**
         * Optional, for an import policy, localPreference can be changed
         */
        localPreference?: string;
        /**
         * When used as export policy, optional. By default, the local AS will be prepended, to change it
         */
        prependAsPaths?: string[];
    }
    interface DeviceprofileGatewayRoutingPoliciesTermMatching {
        /**
         * takes regular expression
         */
        asPaths?: string[];
        communities?: string[];
        networks?: string[];
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        prefixes?: string[];
        /**
         * `direct`, `bgp`, `osp`, `static`, `aggregate`...
         */
        protocols?: string[];
        routeExists?: outputs.org.DeviceprofileGatewayRoutingPoliciesTermMatchingRouteExists;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn)
         */
        vpnNeighborMacs?: string[];
        vpnPathSla?: outputs.org.DeviceprofileGatewayRoutingPoliciesTermMatchingVpnPathSla;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
         */
        vpnPaths?: string[];
    }
    interface DeviceprofileGatewayRoutingPoliciesTermMatchingRouteExists {
        route?: string;
        /**
         * Name of the vrf instance, it can also be the name of the VPN or wan if they
         */
        vrfName: string;
    }
    interface DeviceprofileGatewayRoutingPoliciesTermMatchingVpnPathSla {
        maxJitter?: number;
        maxLatency?: number;
        maxLoss?: number;
    }
    interface DeviceprofileGatewayServicePolicy {
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
         */
        action?: string;
        /**
         * For SRX-only
         */
        antivirus?: outputs.org.DeviceprofileGatewayServicePolicyAntivirus;
        /**
         * For SRX Only
         */
        appqoe?: outputs.org.DeviceprofileGatewayServicePolicyAppqoe;
        ewfs?: outputs.org.DeviceprofileGatewayServicePolicyEwf[];
        idp?: outputs.org.DeviceprofileGatewayServicePolicyIdp;
        /**
         * access within the same VRF
         */
        localRouting?: boolean;
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
         */
        name?: string;
        /**
         * By default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
         */
        pathPreference?: string;
        /**
         * Used to link servicepolicy defined at org level and overwrite some attributes
         */
        servicepolicyId?: string;
        /**
         * Required when `servicepolicyId` is not defined. List of Applications / Destinations
         */
        services: string[];
        /**
         * For SRX-only
         */
        sslProxy?: outputs.org.DeviceprofileGatewayServicePolicySslProxy;
        /**
         * Required when `servicepolicyId` is not defined. List of Networks / Users
         */
        tenants: string[];
    }
    interface DeviceprofileGatewayServicePolicyAntivirus {
        /**
         * org-level AV Profile can be used, this takes precedence over 'profile'
         */
        avprofileId?: string;
        enabled: boolean;
        /**
         * Default / noftp / httponly / or keys from av_profiles
         */
        profile?: string;
    }
    interface DeviceprofileGatewayServicePolicyAppqoe {
        enabled: boolean;
    }
    interface DeviceprofileGatewayServicePolicyEwf {
        alertOnly?: boolean;
        blockMessage?: string;
        enabled: boolean;
        /**
         * enum: `critical`, `standard`, `strict`
         */
        profile: string;
    }
    interface DeviceprofileGatewayServicePolicyIdp {
        alertOnly?: boolean;
        enabled: boolean;
        /**
         * org_level IDP Profile can be used, this takes precedence over `profile`
         */
        idpprofileId?: string;
        /**
         * enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles
         */
        profile: string;
    }
    interface DeviceprofileGatewayServicePolicySslProxy {
        /**
         * enum: `medium`, `strong`, `weak`
         */
        ciphersCategory: string;
        enabled: boolean;
    }
    interface DeviceprofileGatewayTunnelConfigs {
        autoProvision?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvision;
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ikeLifetime?: number;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
         */
        ikeMode: string;
        /**
         * If `provider`==`custom-ipsec`
         */
        ikeProposals?: outputs.org.DeviceprofileGatewayTunnelConfigsIkeProposal[];
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ipsecLifetime?: number;
        /**
         * Only if  `provider`==`custom-ipsec`
         */
        ipsecProposals?: outputs.org.DeviceprofileGatewayTunnelConfigsIpsecProposal[];
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        localId?: string;
        /**
         * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
         */
        mode: string;
        /**
         * If `provider`==`custom-ipsec`, networks reachable via this tunnel
         */
        networks: string[];
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        primary?: outputs.org.DeviceprofileGatewayTunnelConfigsPrimary;
        /**
         * Only if `provider`==`custom-ipsec`
         */
        probe?: outputs.org.DeviceprofileGatewayTunnelConfigsProbe;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
         */
        protocol?: string;
        /**
         * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `custom-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
         */
        provider?: string;
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        psk?: string;
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        secondary?: outputs.org.DeviceprofileGatewayTunnelConfigsSecondary;
        /**
         * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
         */
        version: string;
    }
    interface DeviceprofileGatewayTunnelConfigsAutoProvision {
        enable?: boolean;
        /**
         * API override for POP selection
         */
        latlng?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng;
        primary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary;
        /**
         * enum: `jse-ipsec`, `zscaler-ipsec`
         */
        provider: string;
        /**
         * API override for POP selection
         */
        region?: string;
        secondary?: outputs.org.DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary;
    }
    interface DeviceprofileGatewayTunnelConfigsAutoProvisionLatlng {
        lat: number;
        lng: number;
    }
    interface DeviceprofileGatewayTunnelConfigsAutoProvisionPrimary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface DeviceprofileGatewayTunnelConfigsAutoProvisionSecondary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface DeviceprofileGatewayTunnelConfigsIkeProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface DeviceprofileGatewayTunnelConfigsIpsecProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * Only if `provider`==`custom-ipsec`. enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface DeviceprofileGatewayTunnelConfigsPrimary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface DeviceprofileGatewayTunnelConfigsProbe {
        /**
         * How often to trigger the probe
         */
        interval?: number;
        /**
         * Number of consecutive misses before declaring the tunnel down
         */
        threshold?: number;
        /**
         * Time within which to complete the connectivity check
         */
        timeout?: number;
        /**
         * enum: `http`, `icmp`
         */
        type: string;
    }
    interface DeviceprofileGatewayTunnelConfigsSecondary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface DeviceprofileGatewayTunnelProviderOptions {
        /**
         * For jse-ipsec, this allows provisioning of adequate resource on JSE. Make sure adequate licenses are added
         */
        jse?: outputs.org.DeviceprofileGatewayTunnelProviderOptionsJse;
        /**
         * For zscaler-ipsec and zscaler-gre
         */
        zscaler?: outputs.org.DeviceprofileGatewayTunnelProviderOptionsZscaler;
    }
    interface DeviceprofileGatewayTunnelProviderOptionsJse {
        numUsers?: number;
        /**
         * JSE Organization name
         */
        orgName?: string;
    }
    interface DeviceprofileGatewayTunnelProviderOptionsZscaler {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to enforce user authentication
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
         */
        subLocations?: outputs.org.DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation[];
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
        /**
         * Location uses proxy chaining to forward traffic
         */
        xffForwardEnabled?: boolean;
    }
    interface DeviceprofileGatewayTunnelProviderOptionsZscalerSubLocation {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to authenticate users
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * Network name
         */
        name?: string;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
    }
    interface DeviceprofileGatewayVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface DeviceprofileGatewayVrfInstances {
        networks?: string[];
    }
    interface EvpnTopologyEvpnOptions {
        /**
         * Optional, for dhcp_relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server_id-overrides
         */
        autoLoopbackSubnet: string;
        /**
         * Optional, for dhcp_relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server_id-overrides
         */
        autoLoopbackSubnet6: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet6?: string;
        /**
         * Optional, for ERB or CLOS, you can either use esilag to upstream routers or to also be the virtual-gateway. When `routedAt` != `core`, whether to do virtual-gateway at core as well
         */
        coreAsBorder: boolean;
        overlay?: outputs.org.EvpnTopologyEvpnOptionsOverlay;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-01-01 as the virtual-gateway-address's v4_mac. If enabled, 00-00-5e-00-0X-YY will be used (where XX=vlan_id/256, YY=vlan_id%256)
         */
        perVlanVgaV4Mac: boolean;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-02-01 as the virtual-gateway-address's v6_mac. If enabled, 00-00-5e-00-1X-YY will be used (where XX=vlan_id/256, YY=vlan_id%256)
         */
        perVlanVgaV6Mac: boolean;
        /**
         * optional, where virtual-gateway should reside. enum: `core`, `distribution`, `edge`
         */
        routedAt: string;
        underlay?: outputs.org.EvpnTopologyEvpnOptionsUnderlay;
        /**
         * Optional, for EX9200 only to segregate virtual-switches
         */
        vsInstances?: {
            [key: string]: outputs.org.EvpnTopologyEvpnOptionsVsInstances;
        };
    }
    interface EvpnTopologyEvpnOptionsOverlay {
        /**
         * Overlay BGP Local AS Number
         */
        as: number;
    }
    interface EvpnTopologyEvpnOptionsUnderlay {
        /**
         * Underlay BGP Base AS Number
         */
        asBase: number;
        routedIdPrefix?: string;
        /**
         * Underlay subnet, by default, `10.255.240.0/20`, or `fd31:5700::/64` for ipv6
         */
        subnet?: string;
        /**
         * If v6 is desired for underlay
         */
        useIpv6: boolean;
    }
    interface EvpnTopologyEvpnOptionsVsInstances {
        networks?: string[];
    }
    interface EvpnTopologySwitches {
        deviceprofileId: string;
        evpnId: number;
        mac: string;
        model: string;
        /**
         * Optionally, for distribution / access / esilag-access, they can be placed into different pods. e.g.
         *   * for CLOS, to group dist / access switches into pods
         *   * for ERB/CRB, to group dist / esilag-access into pods
         */
        pod: number;
        /**
         * By default, core switches are assumed to be connecting all pods.
         * if you want to limit the pods, you can specify pods.
         */
        pods: number[];
        /**
         * use `role`==`none` to remove a switch from the topology. enum: `access`, `collapsed-core`, `core`, `distribution`, `esilag-access`, `none`
         */
        role: string;
        routerId: string;
        siteId: string;
    }
    interface GatewaytemplateBgpConfig {
        authKey?: string;
        /**
         * When bfdMultiplier is configured alone. Default:
         *   * 1000 if `type`==`external`
         *   * 350 `type`==`internal`
         */
        bfdMinimumInterval: number;
        /**
         * When bfdMinimumIntervalIsConfigured alone
         */
        bfdMultiplier: number;
        /**
         * BFD provides faster path failure detection and is enabled by default
         */
        disableBfd: boolean;
        export?: string;
        /**
         * Default export policies if no per-neighbor policies defined
         */
        exportPolicy?: string;
        /**
         * By default, either inet/net6 unicast depending on neighbor IP family (v4 or v6). For v6 neighbors, to exchange v4 nexthop, which allows dual-stack support, enable this
         */
        extendedV4Nexthop?: boolean;
        /**
         * `0` means disable
         */
        gracefulRestartTime: number;
        holdTime: number;
        import?: string;
        /**
         * Default import policies if no per-neighbor policies defined
         */
        importPolicy?: string;
        /**
         * Local AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        localAs?: string;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
        /**
         * If per-neighbor as is desired. Property key is the neighbor address
         */
        neighbors?: {
            [key: string]: outputs.org.GatewaytemplateBgpConfigNeighbors;
        };
        /**
         * If `type`!=`external`or `via`==`wan`networks where we expect BGP neighbor to connect to/from
         */
        networks: string[];
        noPrivateAs: boolean;
        /**
         * By default, we'll re-advertise all learned BGP routers toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * If `type`==`tunnel`
         */
        tunnelName?: string;
        /**
         * enum: `external`, `internal`
         */
        type?: string;
        /**
         * network name. enum: `lan`, `tunnel`, `vpn`, `wan`
         */
        via: string;
        vpnName?: string;
        /**
         * If `via`==`wan`
         */
        wanName?: string;
    }
    interface GatewaytemplateBgpConfigNeighbors {
        /**
         * If true, the BGP session to this neighbor will be administratively disabled/shutdown
         */
        disabled: boolean;
        exportPolicy?: string;
        holdTime: number;
        importPolicy?: string;
        /**
         * Assuming BGP neighbor is directly connected
         */
        multihopTtl?: number;
        /**
         * Neighbor AS. Value must be in range 1-4294967295 or a variable (e.g. `{{as_variable}}`)
         */
        neighborAs?: string;
    }
    interface GatewaytemplateDhcpdConfig {
        /**
         * Property key is the network name
         */
        config?: {
            [key: string]: outputs.org.GatewaytemplateDhcpdConfigConfig;
        };
        /**
         * If set to `false`, disable the DHCP server
         */
        enabled: boolean;
    }
    interface GatewaytemplateDhcpdConfigConfig {
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsServers: string[];
        /**
         * If `type`==`local` or `type6`==`local` - optional, if not defined, system one will be used
         */
        dnsSuffixes: string[];
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the MAC Address. Format is `[0-9a-f]{12}` (e.g. "5684dae9ac8b")
         */
        fixedBindings?: {
            [key: string]: outputs.org.GatewaytemplateDhcpdConfigConfigFixedBindings;
        };
        /**
         * If `type`==`local` - optional, `ip` will be used if not provided
         */
        gateway?: string;
        /**
         * If `type`==`local`
         */
        ipEnd?: string;
        /**
         * If `type6`==`local`
         */
        ipEnd6?: string;
        /**
         * If `type`==`local`
         */
        ipStart?: string;
        /**
         * If `type6`==`local`
         */
        ipStart6?: string;
        /**
         * In seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
         */
        leaseTime: number;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is the DHCP option number
         */
        options?: {
            [key: string]: outputs.org.GatewaytemplateDhcpdConfigConfigOptions;
        };
        /**
         * `serverIdOverride`==`true` means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
         * should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
         */
        serverIdOverride: boolean;
        /**
         * If `type`==`relay`
         */
        servers: string[];
        /**
         * If `type6`==`relay`
         */
        servers6s: string[];
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type: string;
        /**
         * enum: `local` (DHCP Server), `none`, `relay` (DHCP Relay)
         */
        type6: string;
        /**
         * If `type`==`local` or `type6`==`local`. Property key is <enterprise number>:<sub option code>, with
         *   * enterprise number: 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
         *   * sub option code: 1-255, sub-option code
         */
        vendorEncapsulated?: {
            [key: string]: outputs.org.GatewaytemplateDhcpdConfigConfigVendorEncapsulated;
        };
    }
    interface GatewaytemplateDhcpdConfigConfigFixedBindings {
        ip: string;
        name?: string;
    }
    interface GatewaytemplateDhcpdConfigConfigOptions {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface GatewaytemplateDhcpdConfigConfigVendorEncapsulated {
        /**
         * enum: `boolean`, `hex`, `int16`, `int32`, `ip`, `string`, `uint16`, `uint32`
         */
        type?: string;
        value?: string;
    }
    interface GatewaytemplateExtraRoutes {
        via: string;
    }
    interface GatewaytemplateExtraRoutes6 {
        via: string;
    }
    interface GatewaytemplateIdpProfiles {
        /**
         * enum: `critical`, `standard`, `strict`
         */
        baseProfile?: string;
        name?: string;
        orgId?: string;
        overwrites?: outputs.org.GatewaytemplateIdpProfilesOverwrite[];
    }
    interface GatewaytemplateIdpProfilesOverwrite {
        /**
         * enum:
         *   * alert (default)
         *   * drop: silently dropping packets
         *   * close: notify client/server to close connection
         */
        action: string;
        matching?: outputs.org.GatewaytemplateIdpProfilesOverwriteMatching;
        name?: string;
    }
    interface GatewaytemplateIdpProfilesOverwriteMatching {
        attackNames?: string[];
        dstSubnets?: string[];
        severities?: string[];
    }
    interface GatewaytemplateIpConfigs {
        ip?: string;
        netmask?: string;
        /**
         * Optional list of secondary IPs in CIDR format
         */
        secondaryIps: string[];
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface GatewaytemplateNetwork {
        /**
         * Whether to disallow Mist Devices in the network
         */
        disallowMistServices: boolean;
        gateway?: string;
        gateway6?: string;
        internalAccess?: outputs.org.GatewaytemplateNetworkInternalAccess;
        /**
         * Whether this network has direct internet access
         */
        internetAccess?: outputs.org.GatewaytemplateNetworkInternetAccess;
        /**
         * Whether to allow clients in the network to talk to each other
         */
        isolation?: boolean;
        /**
         * Whether to enable multicast support (only PIM-sparse mode is supported)
         */
        multicast?: outputs.org.GatewaytemplateNetworkMulticast;
        name: string;
        /**
         * For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
         */
        routedForNetworks?: string[];
        subnet: string;
        subnet6?: string;
        /**
         * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
         */
        tenants?: {
            [key: string]: outputs.org.GatewaytemplateNetworkTenants;
        };
        vlanId?: string;
        /**
         * Property key is the VPN name. Whether this network can be accessed from vpn
         */
        vpnAccess?: {
            [key: string]: outputs.org.GatewaytemplateNetworkVpnAccess;
        };
    }
    interface GatewaytemplateNetworkInternalAccess {
        enabled?: boolean;
    }
    interface GatewaytemplateNetworkInternetAccess {
        createSimpleServicePolicy: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.GatewaytemplateNetworkInternetAccessDestinationNat;
        };
        enabled?: boolean;
        /**
         * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
         */
        restricted: boolean;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat?: {
            [key: string]: outputs.org.GatewaytemplateNetworkInternetAccessStaticNat;
        };
    }
    interface GatewaytemplateNetworkInternetAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        /**
         * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
         */
        port?: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
         */
        wanName?: string;
    }
    interface GatewaytemplateNetworkInternetAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
         */
        wanName?: string;
    }
    interface GatewaytemplateNetworkMulticast {
        /**
         * If the network will only be the source of the multicast traffic, IGMP can be disabled
         */
        disableIgmp: boolean;
        enabled: boolean;
        /**
         * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
         */
        groups?: {
            [key: string]: outputs.org.GatewaytemplateNetworkMulticastGroups;
        };
    }
    interface GatewaytemplateNetworkMulticastGroups {
        /**
         * RP (rendezvous point) IP Address
         */
        rpIp?: string;
    }
    interface GatewaytemplateNetworkTenants {
        addresses?: string[];
    }
    interface GatewaytemplateNetworkVpnAccess {
        /**
         * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
         */
        advertisedSubnet?: string;
        /**
         * Whether to allow ping from vpn into this routed network
         */
        allowPing?: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.GatewaytemplateNetworkVpnAccessDestinationNat;
        };
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
         */
        natPool?: string;
        /**
         * toward LAN-side BGP peers
         */
        noReadvertiseToLanBgp: boolean;
        /**
         * toward LAN-side OSPF peers
         */
        noReadvertiseToLanOspf: boolean;
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        noReadvertiseToOverlay?: boolean;
        /**
         * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
         */
        otherVrfs: string[];
        /**
         * Whether this network is routable
         */
        routed?: boolean;
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
         */
        sourceNat: outputs.org.GatewaytemplateNetworkVpnAccessSourceNat;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.org.GatewaytemplateNetworkVpnAccessStaticNat;
        };
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        summarizedSubnet?: string;
        /**
         * toward LAN-side BGP peers
         */
        summarizedSubnetToLanBgp?: string;
        /**
         * toward LAN-side OSPF peers
         */
        summarizedSubnetToLanOspf?: string;
    }
    interface GatewaytemplateNetworkVpnAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        port?: string;
    }
    interface GatewaytemplateNetworkVpnAccessSourceNat {
        externalIp?: string;
    }
    interface GatewaytemplateNetworkVpnAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
    }
    interface GatewaytemplateOobIpConfig {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        /**
         * If `type`==`static`
         */
        ip?: string;
        /**
         * If `type`==`static`
         */
        netmask?: string;
        /**
         * For HA Cluster, node1 can have different IP Config
         */
        node1: outputs.org.GatewaytemplateOobIpConfigNode1;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface GatewaytemplateOobIpConfigNode1 {
        /**
         * If `type`==`static`
         */
        gateway?: string;
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`
         */
        netmask?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf?: boolean;
        /**
         * Whether to use `mgmtJunos` for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
        vlanId?: string;
    }
    interface GatewaytemplatePathPreferences {
        paths?: outputs.org.GatewaytemplatePathPreferencesPath[];
        /**
         * enum: `ecmp`, `ordered`, `weighted`
         */
        strategy: string;
    }
    interface GatewaytemplatePathPreferencesPath {
        cost?: number;
        /**
         * For SSR Only. `true`, if this specific path is undesired
         */
        disabled?: boolean;
        /**
         * Only if `type`==`local`, if a different gateway is desired
         */
        gatewayIp?: string;
        /**
         * Only if `type`==`vpn`, if this vpn path can be used for internet
         */
        internetAccess?: boolean;
        /**
         * Required when
         *   * `type`==`vpn`: the name of the VPN Path to use
         *   * `type`==`wan`: the name of the WAN interface to use
         */
        name?: string;
        /**
         * Required when `type`==`local`
         */
        networks: string[];
        /**
         * If `type`==`local`, if destination IP is to be replaced
         */
        targetIps: string[];
        /**
         * enum: `local`, `tunnel`, `vpn`, `wan`
         */
        type?: string;
        /**
         * Optional if `type`==`vpn`
         */
        wanName?: string;
    }
    interface GatewaytemplatePortConfig {
        /**
         * If `aggregated`==`true`. To disable LCP support for the AE interface
         */
        aeDisableLacp: boolean;
        /**
         * If `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127)
         */
        aeIdx?: string;
        /**
         * For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only
         */
        aeLacpForceUp: boolean;
        aggregated: boolean;
        /**
         * To generate port up/down alarm, set it to true
         */
        critical: boolean;
        /**
         * Interface Description. Can be a variable (i.e. "{{myvar}}")
         */
        description?: string;
        disableAutoneg: boolean;
        /**
         * Port admin up (true) / down (false)
         */
        disabled: boolean;
        /**
         * if `wanType`==`dsl`. enum: `adsl`, `vdsl`
         */
        dslType: string;
        /**
         * If `wanType`==`dsl`, 16 bit int
         */
        dslVci: number;
        /**
         * If `wanType`==`dsl`, 8 bit int
         */
        dslVpi: number;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Junos IP Config
         */
        ipConfig?: outputs.org.GatewaytemplatePortConfigIpConfig;
        /**
         * If `wanType`==`lte`
         */
        lteApn?: string;
        /**
         * if `wanType`==`lte`. enum: `chap`, `none`, `pap`
         */
        lteAuth: string;
        lteBackup?: boolean;
        /**
         * If `wanType`==`lte`
         */
        ltePassword?: string;
        /**
         * If `wanType`==`lte`
         */
        lteUsername?: string;
        mtu?: number;
        /**
         * Name that we'll use to derive config
         */
        name?: string;
        /**
         * if `usage`==`lan`, name of the `junipermist.org.Network` resource
         */
        networks: string[];
        /**
         * For Q-in-Q
         */
        outerVlanId?: number;
        poeDisabled: boolean;
        /**
         * Only for SRX and if `usage`==`lan`, the name of the Network to be used as the Untagged VLAN
         */
        portNetwork?: string;
        /**
         * Whether to preserve dscp when sending traffic over VPN (SSR-only)
         */
        preserveDscp: boolean;
        /**
         * If HA mode
         */
        redundant?: boolean;
        /**
         * If HA mode, SRX Only - support redundancy-group. 1-128 for physical SRX, 1-64 for virtual SRX
         */
        redundantGroup?: number;
        /**
         * For SRX only and if HA Mode
         */
        rethIdx?: string;
        /**
         * If HA mode
         */
        rethNode?: string;
        /**
         * SSR only - supporting vlan-based redundancy (matching the size of `networks`)
         */
        rethNodes: string[];
        speed: string;
        /**
         * When SSR is running as VM, this is required on certain hosting platforms
         */
        ssrNoVirtualMac: boolean;
        /**
         * For SSR only
         */
        svrPortRange: string;
        trafficShaping?: outputs.org.GatewaytemplatePortConfigTrafficShaping;
        /**
         * port usage name. enum: `haControl`, `haData`, `lan`, `wan`
         */
        usage: string;
        vlanId?: string;
        /**
         * Property key is the VPN name
         */
        vpnPaths?: {
            [key: string]: outputs.org.GatewaytemplatePortConfigVpnPaths;
        };
        /**
         * Only when `wanType`==`broadband`. enum: `default`, `max`, `recommended`
         */
        wanArpPolicer: string;
        /**
         * Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP
         */
        wanExtIp?: string;
        /**
         * Only if `usage`==`wan`. Property Key is the destination CIDR (e.g. "100.100.100.0/24")
         */
        wanExtraRoutes: {
            [key: string]: outputs.org.GatewaytemplatePortConfigWanExtraRoutes;
        };
        /**
         * Only if `usage`==`wan`. If some networks are connected to this WAN port, it can be added here so policies can be defined
         */
        wanNetworks: string[];
        /**
         * Only if `usage`==`wan`
         */
        wanProbeOverride?: outputs.org.GatewaytemplatePortConfigWanProbeOverride;
        /**
         * Only if `usage`==`wan`, optional. By default, source-NAT is performed on all WAN Ports using the interface-ip
         */
        wanSourceNat?: outputs.org.GatewaytemplatePortConfigWanSourceNat;
        /**
         * Only if `usage`==`wan`. enum: `broadband`, `dsl`, `lte`
         */
        wanType: string;
    }
    interface GatewaytemplatePortConfigIpConfig {
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dns?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0)
         */
        dnsSuffixes?: string[];
        /**
         * Except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}")
         */
        gateway?: string;
        /**
         * Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}")
         */
        ip?: string;
        /**
         * Used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}")
         */
        netmask?: string;
        /**
         * Optional, the network to be used for mgmt
         */
        network?: string;
        /**
         * If `type`==`pppoe`
         */
        poserPassword?: string;
        /**
         * if `type`==`pppoe`. enum: `chap`, `none`, `pap`
         */
        pppoeAuth: string;
        /**
         * If `type`==`pppoe`
         */
        pppoeUsername?: string;
        /**
         * enum: `dhcp`, `pppoe`, `static`
         */
        type: string;
    }
    interface GatewaytemplatePortConfigTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface GatewaytemplatePortConfigVpnPaths {
        /**
         * Only if the VPN `type`==`hubSpoke`. enum: `broadband`, `lte`
         */
        bfdProfile: string;
        /**
         * Only if the VPN `type`==`hubSpoke`. Whether to use tunnel mode. SSR only
         */
        bfdUseTunnelMode: boolean;
        /**
         * Only if the VPN `type`==`hubSpoke`. For a given VPN, when `path_selection.strategy`==`simple`, the preference for a path (lower is preferred)
         */
        preference?: number;
        /**
         * If the VPN `type`==`hubSpoke`, enum: `hub`, `spoke`. If the VPN `type`==`mesh`, enum: `mesh`
         */
        role: string;
        trafficShaping?: outputs.org.GatewaytemplatePortConfigVpnPathsTrafficShaping;
    }
    interface GatewaytemplatePortConfigVpnPathsTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort. Sum must be equal to 100
         */
        classPercentages?: number[];
        enabled: boolean;
        /**
         * Interface Transmit Cap in kbps
         */
        maxTxKbps?: number;
    }
    interface GatewaytemplatePortConfigWanExtraRoutes {
        via?: string;
    }
    interface GatewaytemplatePortConfigWanProbeOverride {
        ips?: string[];
        /**
         * enum: `broadband`, `lte`
         */
        probeProfile: string;
    }
    interface GatewaytemplatePortConfigWanSourceNat {
        /**
         * Or to disable the source-nat
         */
        disabled: boolean;
        /**
         * If alternative natPool is desired
         */
        natPool?: string;
    }
    interface GatewaytemplateRoutingPolicies {
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        terms?: outputs.org.GatewaytemplateRoutingPoliciesTerm[];
    }
    interface GatewaytemplateRoutingPoliciesTerm {
        /**
         * When used as import policy
         */
        action?: outputs.org.GatewaytemplateRoutingPoliciesTermAction;
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        matching?: outputs.org.GatewaytemplateRoutingPoliciesTermMatching;
    }
    interface GatewaytemplateRoutingPoliciesTermAction {
        accept?: boolean;
        addCommunities?: string[];
        /**
         * For SSR, hub decides how VRF routes are leaked on spoke
         */
        addTargetVrfs?: string[];
        /**
         * When used as export policy, optional
         */
        communities?: string[];
        /**
         * When used as export policy, optional. To exclude certain AS
         */
        excludeAsPaths?: string[];
        excludeCommunities?: string[];
        /**
         * When used as export policy, optional
         */
        exportCommunities?: string[];
        /**
         * Optional, for an import policy, localPreference can be changed
         */
        localPreference?: string;
        /**
         * When used as export policy, optional. By default, the local AS will be prepended, to change it
         */
        prependAsPaths?: string[];
    }
    interface GatewaytemplateRoutingPoliciesTermMatching {
        /**
         * takes regular expression
         */
        asPaths?: string[];
        communities?: string[];
        networks?: string[];
        /**
         * zero or more criteria/filter can be specified to match the term, all criteria have to be met
         */
        prefixes?: string[];
        /**
         * `direct`, `bgp`, `osp`, `static`, `aggregate`...
         */
        protocols?: string[];
        routeExists?: outputs.org.GatewaytemplateRoutingPoliciesTermMatchingRouteExists;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn)
         */
        vpnNeighborMacs?: string[];
        vpnPathSla?: outputs.org.GatewaytemplateRoutingPoliciesTermMatchingVpnPathSla;
        /**
         * overlay-facing criteria (used for bgpConfig where via=vpn). ordered-
         */
        vpnPaths?: string[];
    }
    interface GatewaytemplateRoutingPoliciesTermMatchingRouteExists {
        route?: string;
        /**
         * Name of the vrf instance, it can also be the name of the VPN or wan if they
         */
        vrfName: string;
    }
    interface GatewaytemplateRoutingPoliciesTermMatchingVpnPathSla {
        maxJitter?: number;
        maxLatency?: number;
        maxLoss?: number;
    }
    interface GatewaytemplateServicePolicy {
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy action). enum: `allow`, `deny`
         */
        action?: string;
        /**
         * For SRX-only
         */
        antivirus?: outputs.org.GatewaytemplateServicePolicyAntivirus;
        /**
         * For SRX Only
         */
        appqoe?: outputs.org.GatewaytemplateServicePolicyAppqoe;
        ewfs?: outputs.org.GatewaytemplateServicePolicyEwf[];
        idp?: outputs.org.GatewaytemplateServicePolicyIdp;
        /**
         * access within the same VRF
         */
        localRouting?: boolean;
        /**
         * Required when `servicepolicyId` is not defined, optional otherwise (override the servicepolicy name)
         */
        name?: string;
        /**
         * By default, we derive all paths available and use them. Optionally, you can customize by using `pathPreference`
         */
        pathPreference?: string;
        /**
         * Used to link servicepolicy defined at org level and overwrite some attributes
         */
        servicepolicyId?: string;
        /**
         * Required when `servicepolicyId` is not defined. List of Applications / Destinations
         */
        services: string[];
        /**
         * For SRX-only
         */
        sslProxy?: outputs.org.GatewaytemplateServicePolicySslProxy;
        /**
         * Required when `servicepolicyId` is not defined. List of Networks / Users
         */
        tenants: string[];
    }
    interface GatewaytemplateServicePolicyAntivirus {
        /**
         * org-level AV Profile can be used, this takes precedence over 'profile'
         */
        avprofileId?: string;
        enabled: boolean;
        /**
         * Default / noftp / httponly / or keys from av_profiles
         */
        profile?: string;
    }
    interface GatewaytemplateServicePolicyAppqoe {
        enabled: boolean;
    }
    interface GatewaytemplateServicePolicyEwf {
        alertOnly?: boolean;
        blockMessage?: string;
        enabled: boolean;
        /**
         * enum: `critical`, `standard`, `strict`
         */
        profile: string;
    }
    interface GatewaytemplateServicePolicyIdp {
        alertOnly?: boolean;
        enabled: boolean;
        /**
         * org_level IDP Profile can be used, this takes precedence over `profile`
         */
        idpprofileId?: string;
        /**
         * enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles
         */
        profile: string;
    }
    interface GatewaytemplateServicePolicySslProxy {
        /**
         * enum: `medium`, `strong`, `weak`
         */
        ciphersCategory: string;
        enabled: boolean;
    }
    interface GatewaytemplateTunnelConfigs {
        autoProvision?: outputs.org.GatewaytemplateTunnelConfigsAutoProvision;
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ikeLifetime?: number;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `aggressive`, `main`
         */
        ikeMode: string;
        /**
         * If `provider`==`custom-ipsec`
         */
        ikeProposals?: outputs.org.GatewaytemplateTunnelConfigsIkeProposal[];
        /**
         * Only if `provider`==`custom-ipsec`. Must be between 180 and 86400
         */
        ipsecLifetime?: number;
        /**
         * Only if  `provider`==`custom-ipsec`
         */
        ipsecProposals?: outputs.org.GatewaytemplateTunnelConfigsIpsecProposal[];
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        localId?: string;
        /**
         * Required if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`. enum: `active-active`, `active-standby`
         */
        mode: string;
        /**
         * If `provider`==`custom-ipsec`, networks reachable via this tunnel
         */
        networks: string[];
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        primary?: outputs.org.GatewaytemplateTunnelConfigsPrimary;
        /**
         * Only if `provider`==`custom-ipsec`
         */
        probe?: outputs.org.GatewaytemplateTunnelConfigsProbe;
        /**
         * Only if `provider`==`custom-ipsec`. enum: `gre`, `ipsec`
         */
        protocol?: string;
        /**
         * Only if `auto_provision.enabled`==`false`. enum: `custom-ipsec`, `custom-gre`, `jse-ipsec`, `zscaler-gre`, `zscaler-ipsec`
         */
        provider?: string;
        /**
         * Required if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        psk?: string;
        /**
         * Only if `provider`==`zscaler-ipsec`, `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        secondary?: outputs.org.GatewaytemplateTunnelConfigsSecondary;
        /**
         * Only if `provider`==`custom-gre` or `provider`==`custom-ipsec`. enum: `1`, `2`
         */
        version: string;
    }
    interface GatewaytemplateTunnelConfigsAutoProvision {
        enable?: boolean;
        /**
         * API override for POP selection
         */
        latlng?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionLatlng;
        primary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionPrimary;
        /**
         * enum: `jse-ipsec`, `zscaler-ipsec`
         */
        provider: string;
        /**
         * API override for POP selection
         */
        region?: string;
        secondary?: outputs.org.GatewaytemplateTunnelConfigsAutoProvisionSecondary;
    }
    interface GatewaytemplateTunnelConfigsAutoProvisionLatlng {
        lat: number;
        lng: number;
    }
    interface GatewaytemplateTunnelConfigsAutoProvisionPrimary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface GatewaytemplateTunnelConfigsAutoProvisionSecondary {
        probeIps?: string[];
        /**
         * Optional, only needed if `varsOnly`==`false`
         */
        wanNames?: string[];
    }
    interface GatewaytemplateTunnelConfigsIkeProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface GatewaytemplateTunnelConfigsIpsecProposal {
        /**
         * enum: `md5`, `sha1`, `sha2`
         */
        authAlgo?: string;
        /**
         * Only if `provider`==`custom-ipsec`. enum:
         *   * 1
         *   * 2 (1024-bit)
         *   * 5
         *   * 14 (default, 2048-bit)
         *   * 15 (3072-bit)
         *   * 16 (4096-bit)
         *   * 19 (256-bit ECP)
         *   * 20 (384-bit ECP)
         *   * 21 (521-bit ECP)
         *   * 24 (2048-bit ECP)
         */
        dhGroup: string;
        /**
         * enum: `3des`, `aes128`, `aes256`, `aesGcm128`, `aesGcm256`
         */
        encAlgo: string;
    }
    interface GatewaytemplateTunnelConfigsPrimary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface GatewaytemplateTunnelConfigsProbe {
        /**
         * How often to trigger the probe
         */
        interval?: number;
        /**
         * Number of consecutive misses before declaring the tunnel down
         */
        threshold?: number;
        /**
         * Time within which to complete the connectivity check
         */
        timeout?: number;
        /**
         * enum: `http`, `icmp`
         */
        type: string;
    }
    interface GatewaytemplateTunnelConfigsSecondary {
        hosts: string[];
        /**
         * Only if `provider`==`zscaler-gre`, `provider`==`jse-ipsec`, `provider`==`custom-ipsec` or `provider`==`custom-gre`
         */
        internalIps?: string[];
        probeIps?: string[];
        /**
         * Only if  `provider`==`jse-ipsec` or `provider`==`custom-ipsec`
         */
        remoteIds?: string[];
        wanNames: string[];
    }
    interface GatewaytemplateTunnelProviderOptions {
        /**
         * For jse-ipsec, this allows provisioning of adequate resource on JSE. Make sure adequate licenses are added
         */
        jse?: outputs.org.GatewaytemplateTunnelProviderOptionsJse;
        /**
         * For zscaler-ipsec and zscaler-gre
         */
        zscaler?: outputs.org.GatewaytemplateTunnelProviderOptionsZscaler;
    }
    interface GatewaytemplateTunnelProviderOptionsJse {
        numUsers?: number;
        /**
         * JSE Organization name
         */
        orgName?: string;
    }
    interface GatewaytemplateTunnelProviderOptionsZscaler {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to enforce user authentication
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * `sub-locations` can be used for specific uses cases to define different configuration based on the user network
         */
        subLocations?: outputs.org.GatewaytemplateTunnelProviderOptionsZscalerSubLocation[];
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
        /**
         * Location uses proxy chaining to forward traffic
         */
        xffForwardEnabled?: boolean;
    }
    interface GatewaytemplateTunnelProviderOptionsZscalerSubLocation {
        aupBlockInternetUntilAccepted?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display Acceptable Use Policy (AUP)
         */
        aupEnabled?: boolean;
        /**
         * Proxy HTTPs traffic, requiring Zscaler cert to be installed in browser
         */
        aupForceSslInspection?: boolean;
        /**
         * Required if `aupEnabled`==`true`. Days before AUP is requested again
         */
        aupTimeoutInDays?: number;
        /**
         * Enable this option to authenticate users
         */
        authRequired?: boolean;
        /**
         * Can only be `true` when `authRequired`==`false`, display caution notification for non-authenticated users
         */
        cautionEnabled?: boolean;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        dnBandwidth?: number;
        /**
         * Required if `surrogate_IP`==`true`, idle Time to Disassociation
         */
        idleTimeInMinutes?: number;
        /**
         * Network name
         */
        name?: string;
        /**
         * If `true`, enable the firewall control option
         */
        ofwEnabled?: boolean;
        /**
         * Can only be `true` when `authRequired`==`true`. Map a user to a private IP address so it applies the user's policies, instead of the location's policies
         */
        surrogateIp?: boolean;
        /**
         * Can only be `true` when `surrogate_IP`==`true`, enforce surrogate IP for known browsers
         */
        surrogateIpEnforcedForKnownBrowsers?: boolean;
        /**
         * Required if `surrogate_IP_enforced_for_known_browsers`==`true`, must be lower or equal than `idleTimeInMinutes`, refresh Time for re-validation of Surrogacy
         */
        surrogateRefreshTimeInMinutes?: number;
        /**
         * Download bandwidth cap of the link, in Mbps. Disabled if not set
         */
        upBandwidth?: number;
    }
    interface GatewaytemplateVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface GatewaytemplateVrfInstances {
        networks?: string[];
    }
    interface GetAlarmtemplatesOrgAlarmtemplate {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Delivery object to configure the alarm delivery
         */
        delivery: outputs.org.GetAlarmtemplatesOrgAlarmtemplateDelivery;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * Some string to name the alarm template
         */
        name: string;
        orgId: string;
        /**
         * Alarm Rules object to configure the individual alarm keys/types. Property key is the alarm name.
         */
        rules: {
            [key: string]: outputs.org.GetAlarmtemplatesOrgAlarmtemplateRules;
        };
    }
    interface GetAlarmtemplatesOrgAlarmtemplateDelivery {
        /**
         * List of additional email string to deliver the alarms via emails
         */
        additionalEmails: string[];
        /**
         * Whether to enable the alarm delivery via emails or not
         */
        enabled: boolean;
        /**
         * Whether to deliver the alarms via emails to Org admins or not
         */
        toOrgAdmins: boolean;
        /**
         * Whether to deliver the alarms via emails to Site admins or not
         */
        toSiteAdmins: boolean;
    }
    interface GetAlarmtemplatesOrgAlarmtemplateRules {
        /**
         * Delivery object to configure the alarm delivery
         */
        delivery: outputs.org.GetAlarmtemplatesOrgAlarmtemplateRulesDelivery;
        enabled: boolean;
    }
    interface GetAlarmtemplatesOrgAlarmtemplateRulesDelivery {
        /**
         * List of additional email string to deliver the alarms via emails
         */
        additionalEmails: string[];
        /**
         * Whether to enable the alarm delivery via emails or not
         */
        enabled: boolean;
        /**
         * Whether to deliver the alarms via emails to Org admins or not
         */
        toOrgAdmins: boolean;
        /**
         * Whether to deliver the alarms via emails to Site admins or not
         */
        toSiteAdmins: boolean;
    }
    interface GetAvprofilesOrgAvprofile {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * enum: `block`, `permit`
         */
        fallbackAction: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * In KB
         */
        maxFilesize: number;
        mimeWhitelists: string[];
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * List of protocols to monitor. enum: `ftp`, `http`, `imap`, `pop3`, `smtp`
         */
        protocols: string[];
        urlWhitelists: string[];
    }
    interface GetDeviceprofilesApDeviceprofile {
        createdTime: number;
        id: string;
        modifiedTime: number;
        name: string;
        orgId: string;
    }
    interface GetDeviceprofilesGatewayDeviceprofile {
        createdTime: number;
        id: string;
        modifiedTime: number;
        name: string;
        orgId: string;
    }
    interface GetEvpnTopologiesOrgEvpnTopology {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * EVPN Options
         */
        evpnOptions: outputs.org.GetEvpnTopologiesOrgEvpnTopologyEvpnOptions;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * Property key is the pod number
         */
        podNames: {
            [key: string]: string;
        };
    }
    interface GetEvpnTopologiesOrgEvpnTopologyEvpnOptions {
        /**
         * Optional, for dhcp*relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server*id-overrides
         */
        autoLoopbackSubnet: string;
        /**
         * Optional, for dhcp*relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server*id-overrides
         */
        autoLoopbackSubnet6: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet6: string;
        /**
         * Optional, for ERB or CLOS, you can either use esilag to upstream routers or to also be the virtual-gateway. When `routedAt` != `core`, whether to do virtual-gateway at core as well
         */
        coreAsBorder: boolean;
        overlay: outputs.org.GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsOverlay;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-01-01 as the virtual-gateway-address's v4*mac. If enabled, 00-00-5e-00-0X-YY will be used (where XX=vlan*id/256, YY=vlan_id%256)
         */
        perVlanVgaV4Mac: boolean;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-02-01 as the virtual-gateway-address's v6*mac. If enabled, 00-00-5e-00-1X-YY will be used (where XX=vlan*id/256, YY=vlan_id%256)
         */
        perVlanVgaV6Mac: boolean;
        /**
         * optional, where virtual-gateway should reside. enum: `core`, `distribution`, `edge`
         */
        routedAt: string;
        underlay: outputs.org.GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsUnderlay;
        /**
         * Optional, for EX9200 only to segregate virtual-switches
         */
        vsInstances: {
            [key: string]: outputs.org.GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsVsInstances;
        };
    }
    interface GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsOverlay {
        /**
         * Overlay BGP Local AS Number
         */
        as: number;
    }
    interface GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsUnderlay {
        /**
         * Underlay BGP Base AS Number
         */
        asBase: number;
        routedIdPrefix: string;
        /**
         * Underlay subnet, by default, `10.255.240.0/20`, or `fd31:5700::/64` for ipv6
         */
        subnet: string;
        /**
         * If v6 is desired for underlay
         */
        useIpv6: boolean;
    }
    interface GetEvpnTopologiesOrgEvpnTopologyEvpnOptionsVsInstances {
        networks: string[];
    }
    interface GetGatewaytemplatesOrgGatewaytemplate {
        createdTime: number;
        id: string;
        modifiedTime: number;
        name: string;
        orgId: string;
    }
    interface GetIdpprofilesOrgIdpprofile {
        /**
         * enum: `critical`, `standard`, `strict`
         */
        baseProfile: string;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        overwrites: outputs.org.GetIdpprofilesOrgIdpprofileOverwrite[];
    }
    interface GetIdpprofilesOrgIdpprofileOverwrite {
        /**
         * enum:
         *   * alert (default)
         *   * drop: silently dropping packets
         *   * close: notify client/server to close connection
         */
        action: string;
        matching: outputs.org.GetIdpprofilesOrgIdpprofileOverwriteMatching;
        name: string;
    }
    interface GetIdpprofilesOrgIdpprofileOverwriteMatching {
        attackNames: string[];
        dstSubnets: string[];
        severities: string[];
    }
    interface GetInventoryOrgInventory {
        /**
         * Only if `type`==`switch` or `type`==`gateway`, whether the switch/gateway is adopted
         */
        adopted: boolean;
        /**
         * Device claim code
         */
        claimCode: string;
        /**
         * Whether the device is connected
         */
        connected: boolean;
        /**
         * Deviceprofile id if assigned, null if not assigned
         */
        deviceprofileId: string;
        /**
         * Hostname reported by the device
         */
        hostname: string;
        /**
         * Device hardware revision number
         */
        hwRev: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        jsi: boolean;
        /**
         * Device MAC address
         */
        mac: string;
        /**
         * Device model
         */
        model: string;
        /**
         * Device name if configured
         */
        name: string;
        orgId: string;
        /**
         * Device serial
         */
        serial: string;
        /**
         * Site ID where the device is assigned to
         */
        siteId: string;
        /**
         * Device stock keeping unit
         */
        sku: string;
        /**
         * enum: `ap`, `gateway`, `switch`
         */
        type: string;
        /**
         * If `type`==`switch` and device part of a Virtual Chassis, MAC Address of the Virtual Chassis. if `type`==`gateway` and device part of a Cluster, MAC Address of the Cluster
         */
        vcMac: string;
    }
    interface GetNacEndpointsOrgUsermac {
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        labels: string[];
        /**
         * Only non-local-admin MAC is accepted
         */
        mac: string;
        name: string;
        notes: string;
        radiusGroup: string;
        vlan: string;
    }
    interface GetNacrulesOrgNacrule {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Enabled or not
         */
        enabled: boolean;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        /**
         * Order of the rule, lower value implies higher priority
         */
        order: number;
        orgId: string;
    }
    interface GetNactagsOrgNactag {
        /**
         * Can be set to true to allow the override by usermac result
         */
        allowUsermacOverride: boolean;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * If `type`==`egressVlanNames`, list of egress vlans to return
         */
        egressVlanNames: string[];
        gbpTag: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * if `type`==`match`. enum: `certCn`, `certIssuer`, `certSan`, `certSerial`, `certSub`, `certTemplate`, `clientMac`, `idpRole`, `ingressVlan`, `mdmStatus`, `nasIp`, `radiusGroup`, `realm`, `ssid`, `userName`, `usermacLabel`
         */
        match: string;
        /**
         * This field is applicable only when `type`==`match`
         *   * `false`: means it is sufficient to match any of the values (i.e., match-any behavior)
         *   * `true`: means all values should be matched (i.e., match-all behavior)
         *
         *
         * Currently it makes sense to set this field to `true` only if the `match`==`idpRole` or `match`==`usermacLabel`
         */
        matchAll: boolean;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * If `type`==`radiusAttrs`, user can specify a list of one or more standard attributes in the field "radiusAttrs".
         * It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
         * Note that it is allowed to have more than one radiusAttrs in the result of a given rule.
         */
        radiusAttrs: string[];
        /**
         * If `type`==`radiusGroup`
         */
        radiusGroup: string;
        /**
         * If `type`==`radiusVendorAttrs`, user can specify a list of one or more vendor-specific attributes in the field "radiusVendorAttrs".
         * It is the responsibility of the user to provide a syntactically correct string, otherwise it may not work as expected.
         * Note that it is allowed to have more than one radiusVendorAttrs in the result of a given rule.
         */
        radiusVendorAttrs: string[];
        /**
         * If `type`==`session_timeout, in seconds
         */
        sessionTimeout: number;
        /**
         * enum: `egressVlanNames`, `gbpTag`, `match`, `radiusAttrs`, `radiusGroup`, `radiusVendorAttrs`, `sessionTimeout`, `usernameAttr`, `vlan`
         */
        type: string;
        /**
         * enum: `automatic`, `cn`, `dns`, `email`, `upn`
         */
        usernameAttr: string;
        /**
         * If `type`==`match`
         */
        values: string[];
        /**
         * If `type`==`vlan`
         */
        vlan: string;
    }
    interface GetNetworksOrgNetwork {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Whether to disallow Mist Devices in the network
         */
        disallowMistServices: boolean;
        gateway: string;
        gateway6: string;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        internalAccess: outputs.org.GetNetworksOrgNetworkInternalAccess;
        /**
         * Whether this network has direct internet access
         */
        internetAccess: outputs.org.GetNetworksOrgNetworkInternetAccess;
        /**
         * Whether to allow clients in the network to talk to each other
         */
        isolation: boolean;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * Whether to enable multicast support (only PIM-sparse mode is supported)
         */
        multicast: outputs.org.GetNetworksOrgNetworkMulticast;
        name: string;
        orgId: string;
        /**
         * For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
         */
        routedForNetworks: string[];
        subnet: string;
        subnet6: string;
        /**
         * Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}")
         */
        tenants: {
            [key: string]: outputs.org.GetNetworksOrgNetworkTenants;
        };
        vlanId: string;
        /**
         * Property key is the VPN name. Whether this network can be accessed from vpn
         */
        vpnAccess: {
            [key: string]: outputs.org.GetNetworksOrgNetworkVpnAccess;
        };
    }
    interface GetNetworksOrgNetworkInternalAccess {
        enabled: boolean;
    }
    interface GetNetworksOrgNetworkInternetAccess {
        createSimpleServicePolicy: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat: {
            [key: string]: outputs.org.GetNetworksOrgNetworkInternetAccessDestinationNat;
        };
        enabled: boolean;
        /**
         * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
         */
        restricted: boolean;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.org.GetNetworksOrgNetworkInternetAccessStaticNat;
        };
    }
    interface GetNetworksOrgNetworkInternetAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
         */
        port: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
         */
        wanName: string;
    }
    interface GetNetworksOrgNetworkInternetAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
         */
        wanName: string;
    }
    interface GetNetworksOrgNetworkMulticast {
        /**
         * If the network will only be the source of the multicast traffic, IGMP can be disabled
         */
        disableIgmp: boolean;
        enabled: boolean;
        /**
         * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
         */
        groups: {
            [key: string]: outputs.org.GetNetworksOrgNetworkMulticastGroups;
        };
    }
    interface GetNetworksOrgNetworkMulticastGroups {
        /**
         * RP (rendezvous point) IP Address
         */
        rpIp: string;
    }
    interface GetNetworksOrgNetworkTenants {
        addresses: string[];
    }
    interface GetNetworksOrgNetworkVpnAccess {
        /**
         * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
         */
        advertisedSubnet: string;
        /**
         * Whether to allow ping from vpn into this routed network
         */
        allowPing: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat: {
            [key: string]: outputs.org.GetNetworksOrgNetworkVpnAccessDestinationNat;
        };
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
         */
        natPool: string;
        /**
         * toward LAN-side BGP peers
         */
        noReadvertiseToLanBgp: boolean;
        /**
         * toward LAN-side OSPF peers
         */
        noReadvertiseToLanOspf: boolean;
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        noReadvertiseToOverlay: boolean;
        /**
         * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
         */
        otherVrfs: string[];
        /**
         * Whether this network is routable
         */
        routed: boolean;
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
         */
        sourceNat: outputs.org.GetNetworksOrgNetworkVpnAccessSourceNat;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.org.GetNetworksOrgNetworkVpnAccessStaticNat;
        };
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        summarizedSubnet: string;
        /**
         * toward LAN-side BGP peers
         */
        summarizedSubnetToLanBgp: string;
        /**
         * toward LAN-side OSPF peers
         */
        summarizedSubnetToLanOspf: string;
    }
    interface GetNetworksOrgNetworkVpnAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        port: string;
    }
    interface GetNetworksOrgNetworkVpnAccessSourceNat {
        externalIp: string;
    }
    interface GetNetworksOrgNetworkVpnAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
    }
    interface GetNetworktemplatesOrgNetworktemplate {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
    }
    interface GetPsksOrgPsk {
        /**
         * sso id for psk created from psk portal
         */
        adminSsoId: string;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * email to send psk expiring notifications to
         */
        email: string;
        /**
         * Expire time for this PSK key (epoch time in seconds). Default `null` (as no expiration)
         */
        expireTime: number;
        /**
         * Number of days before psk is expired. Used as to when to start sending reminder notification when the psk is about to expire
         */
        expiryNotificationTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * If `usage`==`single`, the mac that this PSK ties to, empty if `auto-binding`
         */
        mac: string;
        /**
         * If `usage`==`macs`, this list contains N number of client mac addresses or mac patterns(1122*) or both. This list is capped at 5000
         */
        macs: string[];
        /**
         * For Org PSK Only. Max concurrent users for this PSK key. Default is 0 (unlimited)
         */
        maxUsage: number;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        note: string;
        /**
         * If set to true, reminder notification will be sent when psk is about to expire
         */
        notifyExpiry: boolean;
        /**
         * If set to true, notification will be sent when psk is created or edited
         */
        notifyOnCreateOrEdit: boolean;
        /**
         * previous passphrase of the PSK if it has been rotated
         */
        oldPassphrase: string;
        orgId: string;
        /**
         * passphrase of the PSK (8-63 character or 64 in hex)
         */
        passphrase: string;
        role: string;
        /**
         * SSID this PSK should be applicable to
         */
        ssid: string;
        /**
         * enum: `macs`, `multi`, `single`
         */
        usage: string;
        vlanId: string;
    }
    interface GetRftemplatesOrgRftemplate {
        /**
         * Optional, country code to use. If specified, this gets applied to all sites using the RF Template
         */
        countryCode: string;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * The name of the RF template
         */
        name: string;
        orgId: string;
    }
    interface GetServicepoliciesOrgServicepolicy {
        /**
         * For SRX Only
         */
        aamw: outputs.org.GetServicepoliciesOrgServicepolicyAamw;
        /**
         * enum: `allow`, `deny`
         */
        action: string;
        /**
         * For SRX-only
         */
        antivirus: outputs.org.GetServicepoliciesOrgServicepolicyAntivirus;
        /**
         * For SRX Only
         */
        appqoe: outputs.org.GetServicepoliciesOrgServicepolicyAppqoe;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        ewfs: outputs.org.GetServicepoliciesOrgServicepolicyEwf[];
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        idp: outputs.org.GetServicepoliciesOrgServicepolicyIdp;
        /**
         * access within the same VRF
         */
        localRouting: boolean;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * By default, we derive all paths available and use them, optionally, you can customize by using `pathPreference`
         */
        pathPreference: string;
        services: string[];
        /**
         * For SRX-only
         */
        sslProxy: outputs.org.GetServicepoliciesOrgServicepolicySslProxy;
        tenants: string[];
    }
    interface GetServicepoliciesOrgServicepolicyAamw {
        /**
         * org-level Advanced Advance Anti Malware Profile (SkyAtp) Profile can be used, this takes precedence over 'profile'
         */
        aamwprofileId: string;
        enabled: boolean;
        /**
         * enum: `docsonly`, `executables`, `standard`
         */
        profile: string;
    }
    interface GetServicepoliciesOrgServicepolicyAntivirus {
        /**
         * org-level AV Profile can be used, this takes precedence over 'profile'
         */
        avprofileId: string;
        enabled: boolean;
        /**
         * Default / noftp / httponly / or keys from av_profiles
         */
        profile: string;
    }
    interface GetServicepoliciesOrgServicepolicyAppqoe {
        enabled: boolean;
    }
    interface GetServicepoliciesOrgServicepolicyEwf {
        alertOnly: boolean;
        blockMessage: string;
        enabled: boolean;
        /**
         * enum: `critical`, `standard`, `strict`
         */
        profile: string;
    }
    interface GetServicepoliciesOrgServicepolicyIdp {
        alertOnly: boolean;
        enabled: boolean;
        /**
         * org_level IDP Profile can be used, this takes precedence over `profile`
         */
        idpprofileId: string;
        /**
         * enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles
         */
        profile: string;
    }
    interface GetServicepoliciesOrgServicepolicySslProxy {
        /**
         * enum: `medium`, `strong`, `weak`
         */
        ciphersCategory: string;
        enabled: boolean;
    }
    interface GetServicesOrgService {
        /**
         * If `type`==`custom`, ip subnets (e.g. 10.0.0.0/8)
         */
        addresses: string[];
        /**
         * When `type`==`appCategories`, list of application categories are available through List App Category Definitions
         */
        appCategories: string[];
        /**
         * When `type`==`appCategories`, list of application categories are available through List App Sub Category Definitions
         */
        appSubcategories: string[];
        /**
         * When `type`==`apps`, list of applications are available through:
         *   * List Applications
         *   * List Gateway Applications
         *   * /insight/top_app_by-bytes?wired=true
         */
        apps: string[];
        /**
         * 0 means unlimited
         */
        clientLimitDown: number;
        /**
         * 0 means unlimited
         */
        clientLimitUp: number;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        description: string;
        dscp: string;
        /**
         * enum: `nonRevertable`, `none`, `revertable`
         */
        failoverPolicy: string;
        /**
         * If `type`==`custom`, web filtering
         */
        hostnames: string[];
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        maxJitter: string;
        maxLatency: string;
        maxLoss: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * 0 means unlimited
         */
        serviceLimitDown: number;
        /**
         * 0 means unlimited
         */
        serviceLimitUp: number;
        /**
         * Whether to enable measure SLE
         */
        sleEnabled: boolean;
        /**
         * When `type`==`custom`, optional, if it doesn't exist, http and https is assumed
         */
        specs: outputs.org.GetServicesOrgServiceSpec[];
        ssrRelaxedTcpStateEnforcement: boolean;
        /**
         * when `trafficType`==`custom`. enum: `bestEffort`, `high`, `low`, `medium`
         */
        trafficClass: string;
        /**
         * values from List Traffic Types
         */
        trafficType: string;
        /**
         * enum: `appCategories`, `apps`, `custom`, `urls`
         */
        type: string;
        /**
         * When `type`==`urls`, no need for spec as URL can encode the ports being used
         */
        urls: string[];
    }
    interface GetServicesOrgServiceSpec {
        /**
         * Port number, port range, or variable
         */
        portRange: string;
        /**
         * `https`/ `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254
         */
        protocol: string;
    }
    interface GetSitegroupsOrgSitegroup {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        siteIds: string[];
    }
    interface GetSsoRolesOrgSsoRole {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        privileges: outputs.org.GetSsoRolesOrgSsoRolePrivilege[];
    }
    interface GetSsoRolesOrgSsoRolePrivilege {
        /**
         * access permissions. enum: `admin`, `helpdesk`, `installer`, `read`, `write`
         */
        role: string;
        /**
         * enum: `org`, `site`, `sitegroup`
         */
        scope: string;
        /**
         * If `scope`==`site`
         */
        siteId: string;
        /**
         * If `scope`==`sitegroup`
         */
        sitegroupId: string;
        /**
         * Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
         * You can define custom roles by adding the `views` attribute along with `role` when assigning privileges.
         * Below are the list of supported UI views. Note that this is UI only feature.
         *
         *   | UI View | Required Role | Description |
         *   | --- | --- | --- |
         *   | `reporting` | `read` | full access to all analytics tools |
         *   | `marketing` | `read` | can view analytics and location maps |
         *   | `superObserver` | `read` | can view all the organization except the subscription page |
         *   | `location` | `write` | can view and manage location maps, can view analytics |
         *   | `security` | `write` | can view and manage site labels, policies and security |
         *   | `switchAdmin` | `helpdesk` | can view and manage Switch ports, can view wired clients |
         *   | `mxedgeAdmin` | `admin` | can view and manage Mist edges and Mist tunnels |
         *   | `lobbyAdmin` | `admin` | full access to Org and Site Pre-shared keys |
         */
        views: string[];
    }
    interface GetVpnsOrgVpn {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
        /**
         * Only if `type`==`hubSpoke`
         */
        pathSelection: outputs.org.GetVpnsOrgVpnPathSelection;
        /**
         * For `type`==`hubSpoke`, Property key is the VPN name. For `type`==`mesh`, Property key is the Interface name
         */
        paths: {
            [key: string]: outputs.org.GetVpnsOrgVpnPaths;
        };
        /**
         * enum: `hubSpoke`, `mesh`
         */
        type: string;
    }
    interface GetVpnsOrgVpnPathSelection {
        /**
         * enum: `disabled`, `simple`, `manual`
         */
        strategy: string;
    }
    interface GetVpnsOrgVpnPaths {
        /**
         * enum: `broadband`, `lte`
         */
        bfdProfile: string;
        /**
         * If `type`==`mesh` and for SSR only, whether toi use tunnel mode
         */
        bfdUseTunnelMode: boolean;
        /**
         * If different from the wan port
         */
        ip: string;
        /**
         * If `type`==`mesh`, Property key is the Peer Interface name
         */
        peerPaths: {
            [key: string]: outputs.org.GetVpnsOrgVpnPathsPeerPaths;
        };
        pod: number;
        trafficShaping: outputs.org.GetVpnsOrgVpnPathsTrafficShaping;
    }
    interface GetVpnsOrgVpnPathsPeerPaths {
        preference: number;
    }
    interface GetVpnsOrgVpnPathsTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort adding up to 100
         */
        classPercentages: number[];
        enabled: boolean;
        maxTxKbps: number;
    }
    interface GetWebhooksOrgWebhook {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Whether webhook is enabled
         */
        enabled: boolean;
        /**
         * If `type`=`http-post`, additional custom HTTP headers to add. The headers name and value must be string, total bytes of headers name and value must be less than 1000
         */
        headers: {
            [key: string]: string;
        };
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * Name of the webhook
         */
        name: string;
        /**
         * Required when `oauth2GrantType`==`clientCredentials`
         */
        oauth2ClientId: string;
        /**
         * Required when `oauth2GrantType`==`clientCredentials`
         */
        oauth2ClientSecret: string;
        /**
         * required when `type`==`oauth2`. enum: `clientCredentials`, `password`
         */
        oauth2GrantType: string;
        /**
         * Required when `oauth2GrantType`==`password`
         */
        oauth2Password: string;
        /**
         * Required when `type`==`oauth2`, if provided, will be used in the token request
         */
        oauth2Scopes: string[];
        /**
         * Required when `type`==`oauth2`
         */
        oauth2TokenUrl: string;
        /**
         * Required when `oauth2GrantType`==`password`
         */
        oauth2Username: string;
        orgId: string;
        /**
         * Only if `type`=`http-post`
         */
        secret: string;
        /**
         * Some solutions may not be able to parse multiple events from a single message (e.g. IBM Qradar, DSM). When set to `true`, only a single event will be sent per message. this feature is only available on certain topics (see List Webhook Topics)
         */
        singleEventPerMessage: boolean;
        /**
         * Required if `type`=`splunk`. If splunkToken is not defined for a type Splunk webhook, it will not send, regardless if the webhook receiver is configured to accept it.
         */
        splunkToken: string;
        /**
         * List of supported webhook topics available with the API Call List Webhook Topics
         */
        topics: string[];
        /**
         * enum: `aws-sns`, `google-pubsub`, `http-post`, `oauth2`, `splunk`
         */
        type: string;
        url: string;
        /**
         * When url uses HTTPS, whether to verify the certificate
         */
        verifyCert: boolean;
    }
    interface GetWlansOrgWlan {
        /**
         * Enable coa-immediate-update and address-change-immediate-update on the access profile.
         */
        acctImmediateUpdate: boolean;
        /**
         * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
         */
        acctInterimInterval: number;
        /**
         * List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
         */
        acctServers: outputs.org.GetWlansOrgWlanAcctServer[];
        /**
         * Airwatch wlan settings
         */
        airwatch: outputs.org.GetWlansOrgWlanAirwatch;
        /**
         * Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
         */
        allowIpv6Ndp: boolean;
        /**
         * Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
         */
        allowMdns: boolean;
        /**
         * Only applicable when `limitBcast`==`true`, which allows SSDP
         */
        allowSsdp: boolean;
        /**
         * List of device ids
         */
        apIds: string[];
        /**
         * Bandwidth limiting for apps (applies to up/down)
         */
        appLimit: outputs.org.GetWlansOrgWlanAppLimit;
        /**
         * APp qos wlan settings
         */
        appQos: outputs.org.GetWlansOrgWlanAppQos;
        /**
         * enum: `aps`, `site`, `wxtags`
         */
        applyTo: string;
        /**
         * Whether to enable smart arp filter
         */
        arpFilter: boolean;
        /**
         * Authentication wlan settings
         */
        auth: outputs.org.GetWlansOrgWlanAuth;
        /**
         * When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
         */
        authServerSelection: string;
        /**
         * List of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one is treated as primary
         */
        authServers: outputs.org.GetWlansOrgWlanAuthServer[];
        /**
         * Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
         */
        authServersNasId: string;
        /**
         * Optional, NAS-IP-ADDRESS to use
         */
        authServersNasIp: string;
        /**
         * Radius auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’  are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
         */
        authServersRetries: number;
        /**
         * Radius auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’  and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
         */
        authServersTimeout: number;
        /**
         * Whether to enable band_steering, this works only when band==both
         */
        bandSteer: boolean;
        /**
         * Force dualBand capable client to connect to 5G
         */
        bandSteerForceBand5: boolean;
        /**
         * List of radios that the wlan should apply to.
         */
        bands: string[];
        /**
         * Whether to block the clients in the blacklist (up to first 256 macs)
         */
        blockBlacklistClients: boolean;
        /**
         * Bonjour gateway wlan settings
         */
        bonjour: outputs.org.GetWlansOrgWlanBonjour;
        /**
         * Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
         */
        ciscoCwa: outputs.org.GetWlansOrgWlanCiscoCwa;
        clientLimitDown: string;
        /**
         * If downlink limiting per-client is enabled
         */
        clientLimitDownEnabled: boolean;
        clientLimitUp: string;
        /**
         * If uplink limiting per-client is enabled
         */
        clientLimitUpEnabled: boolean;
        /**
         * List of COA (change of authorization) servers, optional
         */
        coaServers: outputs.org.GetWlansOrgWlanCoaServer[];
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Some old WLAN drivers may not be compatible
         */
        disable11ax: boolean;
        /**
         * To disable Wi-Fi 7 EHT IEs
         */
        disable11be: boolean;
        /**
         * To disable ht or vht rates
         */
        disableHtVhtRates: boolean;
        /**
         * Whether to disable U-APSD
         */
        disableUapsd: boolean;
        /**
         * Disable sending v2 roam notification messages
         */
        disableV1RoamNotify: boolean;
        /**
         * Disable sending v2 roam notification messages
         */
        disableV2RoamNotify: boolean;
        /**
         * When any of the following is true, this WLAN will be disabled
         *    * cannot get IP
         *    * cannot obtain default gateway
         *    * cannot reach default gateway
         */
        disableWhenGatewayUnreachable: boolean;
        disableWhenMxtunnelDown: boolean;
        /**
         * Whether to disable WMM
         */
        disableWmm: boolean;
        /**
         * For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
         */
        dnsServerRewrite: outputs.org.GetWlansOrgWlanDnsServerRewrite;
        dtim: number;
        /**
         * For dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
         *   * PSK will come from RADIUS server
         *   * AP sends client MAC as username and password (i.e. `enableMacAuth` is assumed)
         *   * AP sends BSSID:SSID as Caller-Station-ID
         *   * `authServers` is required
         *   * PSK will come from cloud WLC if source is cloudPsks
         *   * defaultPsk will be used if cloud WLC is not available
         *   * `multiPskOnly` and `psk` is ignored
         *   * `pairwise` can only be wpa2-ccmp (for now, wpa3 support on the roadmap)
         */
        dynamicPsk: outputs.org.GetWlansOrgWlanDynamicPsk;
        /**
         * For 802.1x
         */
        dynamicVlan: outputs.org.GetWlansOrgWlanDynamicVlan;
        /**
         * Enable AP-AP keycaching via multicast
         */
        enableLocalKeycaching: boolean;
        /**
         * By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
         */
        enableWirelessBridging: boolean;
        /**
         * If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
         */
        enableWirelessBridgingDhcpTracking: boolean;
        /**
         * If this wlan is enabled
         */
        enabled: boolean;
        /**
         * If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
         */
        fastDot1xTimers: boolean;
        /**
         * Whether to hide SSID in beacon
         */
        hideSsid: boolean;
        /**
         * Include hostname inside IE in AP beacons / probe responses
         */
        hostnameIe: boolean;
        /**
         * Hostspot 2.0 wlan settings
         */
        hotspot20: outputs.org.GetWlansOrgWlanHotspot20;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        injectDhcpOption82: outputs.org.GetWlansOrgWlanInjectDhcpOption82;
        /**
         * where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
         */
        interface: string;
        /**
         * Whether to stop clients to talk to each other
         */
        isolation: boolean;
        /**
         * If isolation is enabled, whether to deny clients to talk to L2 on the LAN
         */
        l2Isolation: boolean;
        /**
         * Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
         */
        legacyOverds: boolean;
        /**
         * Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
         */
        limitBcast: boolean;
        /**
         * Limit probe response base on some heuristic rules
         */
        limitProbeResponse: boolean;
        /**
         * Max idle time in seconds
         */
        maxIdletime: number;
        /**
         * Maximum number of client connected to the SSID. `0` means unlimited
         */
        maxNumClients: number;
        mistNac: outputs.org.GetWlansOrgWlanMistNac;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        mspId: string;
        /**
         * When `interface`=`mxtunnel`, id of the Mist Tunnel
         */
        mxtunnelIds: string[];
        /**
         * When `interface`=`siteMxedge`, name of the mxtunnel that in mxtunnels under Site Setting
         */
        mxtunnelNames: string[];
        /**
         * Whether to only allow client to use DNS that we’ve learned from DHCP response
         */
        noStaticDns: boolean;
        /**
         * Whether to only allow client that we’ve learned from DHCP exchange to talk
         */
        noStaticIp: boolean;
        orgId: string;
        /**
         * Portal wlan settings
         */
        portal: outputs.org.GetWlansOrgWlanPortal;
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        portalAllowedHostnames: string[];
        /**
         * List of CIDRs
         */
        portalAllowedSubnets: string[];
        /**
         * APi secret (auto-generated) that can be used to sign guest authorization requests
         */
        portalApiSecret: string;
        /**
         * List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
         */
        portalDeniedHostnames: string[];
        /**
         * Url of portal background image
         */
        portalImage: string;
        portalSsoUrl: string;
        qos: outputs.org.GetWlansOrgWlanQos;
        /**
         * RadSec settings
         */
        radsec: outputs.org.GetWlansOrgWlanRadsec;
        /**
         * Property key is the RF band. enum: `24`, `5`, `6`
         */
        rateset: {
            [key: string]: outputs.org.GetWlansOrgWlanRateset;
        };
        /**
         * When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
         */
        reconnectClientsWhenRoamingMxcluster: boolean;
        /**
         * enum: `11r`, `OKC`, `NONE`
         */
        roamMode: string;
        /**
         * WLAN operating schedule, default is disabled
         */
        schedule: outputs.org.GetWlansOrgWlanSchedule;
        /**
         * Whether to exclude this WLAN from SLE metrics
         */
        sleExcluded: boolean;
        /**
         * Name of the SSID
         */
        ssid: string;
        templateId: string;
        /**
         * If `auth.type`==`eap` or `auth.type`==`psk`, should only be set for legacy client, such as pre-2004, 802.11b devices
         */
        useEapolV1: boolean;
        /**
         * If vlan tagging is enabled
         */
        vlanEnabled: boolean;
        vlanId: string;
        /**
         * if `vlanEnabled`==`true` and `vlanPooling`==`true`. List of VLAN IDs (comma separated) to be used in the VLAN Pool
         */
        vlanIds: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
         */
        vlanPooling: boolean;
        wlanLimitDown: string;
        /**
         * If downlink limiting for whole wlan is enabled
         */
        wlanLimitDownEnabled: boolean;
        wlanLimitUp: string;
        /**
         * If uplink limiting for whole wlan is enabled
         */
        wlanLimitUpEnabled: boolean;
        /**
         * List of wxtag_ids
         */
        wxtagIds: string[];
        /**
         * When `interface`=`wxtunnel`, id of the WXLAN Tunnel
         */
        wxtunnelId: string;
        /**
         * When `interface`=`wxtunnel`, remote tunnel identifier
         */
        wxtunnelRemoteId: string;
    }
    interface GetWlansOrgWlanAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat: string;
        keywrapKek: string;
        keywrapMack: string;
        port: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface GetWlansOrgWlanAirwatch {
        /**
         * API Key
         */
        apiKey: string;
        /**
         * Console URL
         */
        consoleUrl: string;
        enabled: boolean;
        /**
         * Password
         */
        password: string;
        /**
         * Username
         */
        username: string;
    }
    interface GetWlansOrgWlanAppLimit {
        /**
         * Map from app key to bandwidth in kbps.
         * Property key is the app key, defined in Get Application List
         */
        apps: {
            [key: string]: number;
        };
        enabled: boolean;
        /**
         * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
         */
        wxtagIds: {
            [key: string]: number;
        };
    }
    interface GetWlansOrgWlanAppQos {
        apps: {
            [key: string]: outputs.org.GetWlansOrgWlanAppQosApps;
        };
        enabled: boolean;
        others: outputs.org.GetWlansOrgWlanAppQosOther[];
    }
    interface GetWlansOrgWlanAppQosApps {
        dscp: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        dstSubnet: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        srcSubnet: string;
    }
    interface GetWlansOrgWlanAppQosOther {
        dscp: string;
        dstSubnet: string;
        portRanges: string;
        protocol: string;
        srcSubnet: string;
    }
    interface GetWlansOrgWlanAuth {
        /**
         * SAE anti-clogging token threshold
         */
        anticlogThreshold: number;
        /**
         * Whether to trigger EAP reauth when the session ends
         */
        eapReauth: boolean;
        /**
         * Whether to enable MAC Auth, uses the same auth_servers
         */
        enableMacAuth: boolean;
        /**
         * When `type`==`wep`
         */
        keyIdx: number;
        /**
         * When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
         */
        keys: string[];
        /**
         * When `type`==`psk`, whether to only use multi_psk
         */
        multiPskOnly: boolean;
        /**
         * if `type`==`open`. enum: `disabled`, `enabled` (means transition mode), `required`
         */
        owe: string;
        /**
         * When `type`=`psk` or `type`=`eap`, one or more of `wpa1-ccmp`, `wpa1-tkip`, `wpa2-ccmp`, `wpa2-tkip`, `wpa3`
         */
        pairwises: string[];
        /**
         * When `multiPskOnly`==`true`, whether private wlan is enabled
         */
        privateWlan: boolean;
        /**
         * When `type`==`psk`, 8-64 characters, or 64 hex characters
         */
        psk: string;
        /**
         * enum: `eap`, `eap192`, `open`, `psk`, `psk-tkip`, `psk-wpa2-tkip`, `wep`
         */
        type: string;
        /**
         * Enable WEP as secondary auth
         */
        wepAsSecondaryAuth: boolean;
    }
    interface GetWlansOrgWlanAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat: string;
        keywrapKek: string;
        keywrapMack: string;
        port: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface GetWlansOrgWlanBonjour {
        /**
         * additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
         */
        additionalVlanIds: string[];
        /**
         * Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
         */
        enabled: boolean;
        /**
         * What services are allowed.
         * Property key is the service name
         */
        services: {
            [key: string]: outputs.org.GetWlansOrgWlanBonjourServices;
        };
    }
    interface GetWlansOrgWlanBonjourServices {
        /**
         * Whether to prevent wireless clients to discover bonjour devices on the same WLAN
         */
        disableLocal: boolean;
        /**
         * Optional, if the service is further restricted for certain RADIUS groups
         */
        radiusGroups: string[];
        /**
         * how bonjour services should be discovered for the same WLAN. enum: `sameAp`, `sameMap`, `sameSite`
         */
        scope: string;
    }
    interface GetWlansOrgWlanCiscoCwa {
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        allowedHostnames: string[];
        /**
         * List of CIDRs
         */
        allowedSubnets: string[];
        /**
         * List of blocked CIDRs
         */
        blockedSubnets: string[];
        enabled: boolean;
    }
    interface GetWlansOrgWlanCoaServer {
        /**
         * Whether to disable Event-Timestamp Check
         */
        disableEventTimestampCheck: boolean;
        enabled: boolean;
        ip: string;
        port: string;
        secret: string;
    }
    interface GetWlansOrgWlanDnsServerRewrite {
        enabled: boolean;
        /**
         * Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
         */
        radiusGroups: {
            [key: string]: string;
        };
    }
    interface GetWlansOrgWlanDynamicPsk {
        /**
         * Default PSK to use if cloud WLC is not available, 8-63 characters
         */
        defaultPsk: string;
        defaultVlanId: string;
        enabled: boolean;
        /**
         * When 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
         */
        forceLookup: boolean;
        /**
         * enum: `cloudPsks`, `radius`
         */
        source: string;
    }
    interface GetWlansOrgWlanDynamicVlan {
        /**
         * Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
         */
        defaultVlanIds: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Whether to enable dynamic vlan
         */
        enabled: boolean;
        /**
         * VLAN_ids to be locally bridged
         */
        localVlanIds: string[];
        /**
         * standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: `airespace-interface-name`, `standard`
         */
        type: string;
        /**
         * Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
         *   * if `dynamic_vlan.type`==`standard`, property key is the Vlan ID and property value is \"\"
         *   * if `dynamic_vlan.type`==`airespace-interface-name`, property key is the Vlan ID and property value is the Airespace Interface Name
         */
        vlans: {
            [key: string]: string;
        };
    }
    interface GetWlansOrgWlanHotspot20 {
        domainNames: string[];
        /**
         * Whether to enable hotspot 2.0 config
         */
        enabled: boolean;
        naiRealms: string[];
        /**
         * List of operators to support
         */
        operators: string[];
        rcois: string[];
        /**
         * Venue name, default is site name
         */
        venueName: string;
    }
    interface GetWlansOrgWlanInjectDhcpOption82 {
        /**
         * Information to set in the `circuitId` field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. `{{SSID}}:{{AP_MAC}}`):
         *   * {{AP_MAC}}
         *   * {{AP_MAC_DASHED}}
         *   * {{AP_MODEL}}
         *   * {{AP_NAME}}
         *   * {{SITE_NAME}}
         *   * {{SSID}}
         */
        circuitId: string;
        /**
         * Whether to inject option 82 when forwarding DHCP packets
         */
        enabled: boolean;
    }
    interface GetWlansOrgWlanMistNac {
        /**
         * When enabled:
         *   * `authServers` is ignored
         *   * `acctServers` is ignored
         *   * `auth_servers_*` are ignored
         *   * `coaServers` is ignored
         *   * `radsec` is ignored
         *   * `coaEnabled` is assumed
         */
        enabled: boolean;
    }
    interface GetWlansOrgWlanPortal {
        /**
         * Optional if `amazonEnabled`==`true`. Whether to allow guest to connect to other Guest WLANs (with different `WLAN.ssid`) of same org without reauthentication (disable randomMac for seamless roaming)
         */
        allowWlanIdRoam: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        amazonClientId: string;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
         */
        amazonClientSecret: string;
        /**
         * Optional if `amazonEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        amazonEmailDomains: string[];
        /**
         * Whether amazon is enabled as a login method
         */
        amazonEnabled: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
         */
        amazonExpire: number;
        /**
         * authentication scheme. enum: `amazon`, `azure`, `email`, `external`, `facebook`, `google`, `microsoft`, `multi`, `none`, `password`, `sms`, `sponsor`, `sso`
         */
        auth: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client id
         */
        azureClientId: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client secret
         */
        azureClientSecret: string;
        /**
         * Whether Azure Active Directory is enabled as a login method
         */
        azureEnabled: boolean;
        /**
         * Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
         */
        azureExpire: number;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory tenant id.
         */
        azureTenantId: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetPassword: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetSid: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetUserId: string;
        /**
         * Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
         */
        bypassWhenCloudDown: boolean;
        /**
         * Required if `smsProvider`==`clickatell`
         */
        clickatellApiKey: string;
        /**
         * Whether to allow guest to roam between WLANs (with same `WLAN.ssid`, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
         */
        crossSite: boolean;
        /**
         * Whether email (access code verification) is enabled as a login method
         */
        emailEnabled: boolean;
        /**
         * Whether guest portal is enabled
         */
        enabled: boolean;
        /**
         * How long to remain authorized, in minutes
         */
        expire: number;
        /**
         * Required if `wlanPortalAuth`==`external`. External portal URL (e.g. https://host/url) where we can append our query parameters to
         */
        externalPortalUrl: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        facebookClientId: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
         */
        facebookClientSecret: string;
        /**
         * Optional if `facebookEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        facebookEmailDomains: string[];
        /**
         * Whether facebook is enabled as a login method
         */
        facebookEnabled: boolean;
        /**
         * Optional if `facebookEnabled`==`true`. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
         */
        facebookExpire: number;
        /**
         * Whether to forward the user to another URL after authorized
         */
        forward: boolean;
        /**
         * URL to forward the user to
         */
        forwardUrl: string;
        /**
         * Google OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        googleClientId: string;
        /**
         * Optional if `googleEnabled`==`true`. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
         */
        googleClientSecret: string;
        /**
         * Optional if `googleEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        googleEmailDomains: string[];
        /**
         * Whether Google is enabled as login method
         */
        googleEnabled: boolean;
        /**
         * Optional if `googleEnabled`==`true`. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
         */
        googleExpire: number;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupPassword: string;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupUserid: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        microsoftClientId: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
         */
        microsoftClientSecret: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        microsoftEmailDomains: string[];
        /**
         * Whether microsoft 365 is enabled as a login method
         */
        microsoftEnabled: boolean;
        /**
         * Optional if `microsoftEnabled`==`true`. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
         */
        microsoftExpire: number;
        /**
         * Whether password is enabled
         */
        passphraseEnabled: boolean;
        /**
         * Optional if `passphraseEnabled`==`true`. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses `expire`
         */
        passphraseExpire: number;
        /**
         * Required if `passphraseEnabled`==`true`.
         */
        password: string;
        /**
         * Whether to show list of sponsor emails mentioned in `sponsors` object as a dropdown. If both `sponsorNotifyAll` and `predefinedSponsorsEnabled` are false, behaviour is acc to `sponsorEmailDomains`
         */
        predefinedSponsorsEnabled: boolean;
        /**
         * Whether to hide sponsor’s email from list of sponsors
         */
        predefinedSponsorsHideEmail: boolean;
        privacy: boolean;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelPassword: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelServiceId: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelUsername: string;
        /**
         * Whether sms is enabled as a login method
         */
        smsEnabled: boolean;
        /**
         * Optional if `smsEnabled`==`true`. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
         */
        smsExpire: number;
        /**
         * Optional if `smsEnabled`==`true`. SMS Message format
         */
        smsMessageFormat: string;
        /**
         * Optioanl if `smsEnabled`==`true`. enum: `broadnet`, `clickatell`, `gupshup`, `manual`, `puzzel`, `telstra`, `twilio`
         */
        smsProvider: string;
        /**
         * Optional if `sponsorEnabled`==`true`. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
         */
        sponsorAutoApprove: boolean;
        /**
         * List of domain allowed for sponsor email. Required if `sponsorEnabled` is `true` and `sponsors` is empty.
         */
        sponsorEmailDomains: string[];
        /**
         * Whether sponsor is enabled
         */
        sponsorEnabled: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
         */
        sponsorExpire: number;
        sponsorLinkValidityDuration: string;
        /**
         * Optional if `sponsorEnabled`==`true`. whether to notify all sponsors that are mentioned in `sponsors` object. Both `sponsorNotifyAll` and `predefinedSponsorsEnabled` should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
         */
        sponsorNotifyAll: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. If enabled, guest will get email about sponsor's action (approve/deny)
         */
        sponsorStatusNotify: boolean;
        /**
         * object of allowed sponsors email with name. Required if `sponsorEnabled`
         *             is `true` and `sponsorEmailDomains` is empty.
         *
         *             Property key is the sponsor email, Property value is the sponsor name
         */
        sponsors: {
            [key: string]: string;
        };
        /**
         * Optional if `wlanPortalAuth`==`sso`, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
         */
        ssoDefaultRole: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`
         */
        ssoForcedRole: string;
        /**
         * Required if `wlanPortalAuth`==`sso`. IDP Cert (used to verify the signed response)
         */
        ssoIdpCert: string;
        /**
         * Optioanl if `wlanPortalAuth`==`sso`, Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`
         */
        ssoIdpSignAlgo: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP Single-Sign-On URL
         */
        ssoIdpSsoUrl: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP issuer URL
         */
        ssoIssuer: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`. enum: `email`, `unspecified`
         */
        ssoNameidFormat: string;
        /**
         * Required if `smsProvider`==`telstra`, Client ID provided by Telstra
         */
        telstraClientId: string;
        /**
         * Required if `smsProvider`==`telstra`, Client secret provided by Telstra
         */
        telstraClientSecret: string;
        /**
         * Required if `smsProvider`==`twilio`, Auth token account with twilio account
         */
        twilioAuthToken: string;
        /**
         * Required if `smsProvider`==`twilio`, Twilio phone number associated with the account. See example for accepted format.
         */
        twilioPhoneNumber: string;
        /**
         * Required if `smsProvider`==`twilio`, Account SID provided by Twilio
         */
        twilioSid: string;
    }
    interface GetWlansOrgWlanQos {
        /**
         * enum: `background`, `bestEffort`, `video`, `voice`
         */
        class: string;
        /**
         * Whether to overwrite QoS
         */
        overwrite: boolean;
    }
    interface GetWlansOrgWlanRadsec {
        coaEnabled: boolean;
        enabled: boolean;
        idleTimeout: string;
        /**
         * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
         */
        mxclusterIds: string[];
        /**
         * Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
         */
        proxyHosts: string[];
        /**
         * Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
         */
        serverName: string;
        /**
         * List of RadSec Servers. Only if not Mist Edge.
         */
        servers: outputs.org.GetWlansOrgWlanRadsecServer[];
        /**
         * use mxedge(s) as RadSec Proxy
         */
        useMxedge: boolean;
        /**
         * To use Site mxedges when this WLAN does not use mxtunnel
         */
        useSiteMxedge: boolean;
    }
    interface GetWlansOrgWlanRadsecServer {
        host: string;
        port: number;
    }
    interface GetWlansOrgWlanRateset {
        /**
         * If `template`==`custom`. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
         */
        eht: string;
        /**
         * If `template`==`custom`. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
         */
        he: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
         */
        ht: string;
        /**
         * If `template`==`custom`. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If `template`==`custom` is configured and legacy does not define at least one basic rate, it will use `no-legacy` default values
         */
        legacies: string[];
        /**
         * Minimum RSSI for client to connect, 0 means not enforcing
         */
        minRssi: number;
        /**
         * Data Rates template to apply. enum:
         *   * `no-legacy`: no 11b
         *   * `compatible`: all, like before, default setting that Broadcom/Atheros used
         *   * `legacy-only`: disable 802.11n and 802.11ac
         *   * `high-density`: no 11b, no low rates
         *   * `custom`: user defined
         */
        template: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
         */
        vht: string;
    }
    interface GetWlansOrgWlanSchedule {
        enabled: boolean;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours: outputs.org.GetWlansOrgWlanScheduleHours;
    }
    interface GetWlansOrgWlanScheduleHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed: string;
    }
    interface GetWlantemplatesOrgWlantemplate {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        orgId: string;
    }
    interface GetWxtagsOrgWxtag {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        lastIps: string[];
        /**
         * If `type`==`client`, Client MAC Address
         */
        mac: string;
        /**
         * required if `type`==`match`. enum: `apId`, `app`, `assetMac`, `clientMac`, `hostname`, `ipRangeSubnet`, `port`, `pskName`, `pskRole`, `radiusAttr`, `radiusClass`, `radiusGroup`, `radiusUsername`, `sdkclientUuid`, `wlanId`
         */
        match: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * The name
         */
        name: string;
        /**
         * required if `type`==`match`, type of tag (inclusive/exclusive). enum: `in`, `notIn`
         */
        op: string;
        orgId: string;
        resourceMac: string;
        services: string[];
        siteId: string;
        /**
         * If `type`==`spec`
         */
        specs: outputs.org.GetWxtagsOrgWxtagSpec[];
        subnet: string;
        /**
         * enum: `client`, `match`, `resource`, `spec`, `subnet`, `vlan`
         */
        type: string;
        /**
         * Required if `type`==`match` and
         *   * `match`==`apId`: list of AP IDs
         *   * `match`==`app`: list of Application Names
         *   * `match`==`assetMac`: list of Asset MAC Addresses
         *   * `match`==`clientMac`: list of Client MAC Addresses
         *   * `match`==`hostname`: list of Resources Hostnames
         *   * `match`==`ipRangeSubnet`: list of IP Addresses and/or CIDRs
         *   * `match`==`pskName`: list of PSK Names
         *   * `match`==`pskRole`: list of PSK Roles
         *   * `match`==`port`: list of Ports or Port Ranges
         *   * `match`==`radiusAttr`: list of RADIUS Attributes. The values are [ "6=1", "26=10.2.3.4" ], this support other RADIUS attributes where we know the type
         *   * `match`==`radiusClass`: list of RADIUS Classes. This matches the ATTR-Class(25)
         *   * `match`==`radiusGroup`: list of RADIUS Groups. This is a smart tag that matches RADIUS-Filter-ID, Airespace-ACL-Name (VendorID=14179, VendorType=6) / Aruba-User-Role (VendorID=14823, VendorType=1)
         *   * `match`==`radiusUsername`: list of RADIUS Usernames. This matches the ATTR-User-Name(1)
         *   * `match`==`sdkclientUuid`: list of SDK UUIDs
         *   * `match`==`wlanId`: list of WLAN IDs
         *
         * **Notes**:
         * Variables are not allowed
         */
        values: string[];
        vlanId: string;
    }
    interface GetWxtagsOrgWxtagSpec {
        /**
         * Matched destination port, "0" means any
         */
        portRange: string;
        /**
         * tcp / udp / icmp / gre / any / ":protocol_number", `protocolNumber` is between 1-254
         */
        protocol: string;
        /**
         * Matched destination subnets and/or IP Addresses
         */
        subnets: string[];
    }
    interface IdpprofileOverwrite {
        /**
         * enum:
         *   * alert (default)
         *   * drop: silently dropping packets
         *   * close: notify client/server to close connection
         */
        action: string;
        matching?: outputs.org.IdpprofileOverwriteMatching;
        name: string;
    }
    interface IdpprofileOverwriteMatching {
        attackNames?: string[];
        dstSubnets?: string[];
        severities?: string[];
    }
    interface InventoryInventory {
        /**
         * device claim code
         */
        claimCode: string;
        /**
         * deviceprofile id if assigned, null if not assigned
         */
        deviceprofileId: string;
        /**
         * hostname reported by the device
         */
        hostname: string;
        /**
         * device id
         */
        id: string;
        /**
         * device MAC address
         */
        mac: string;
        /**
         * device model
         */
        model: string;
        orgId: string;
        /**
         * device serial
         */
        serial: string;
        /**
         * Site ID. Used to assign device to a Site
         */
        siteId?: string;
        /**
         * enum: `ap`, `gateway`, `switch`
         */
        type: string;
        /**
         * Unclaim the device from the Mist Organization when removed from the provider inventory. Default is `false`
         */
        unclaimWhenDestroyed: boolean;
        /**
         * if `type`==`switch` and device part of a Virtual Chassis, MAC Address of the Virtual Chassis. if `type`==`gateway` and device part of a Cluster, MAC Address of the Cluster
         */
        vcMac: string;
    }
    interface NacruleMatching {
        /**
         * enum: `cert`, `device-auth`, `eap-teap`, `eap-tls`, `eap-ttls`, `idp`, `mab`, `peap-tls`, `psk`
         */
        authType?: string;
        /**
         * List of client device families to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed family values
         */
        families: string[];
        /**
         * List of client device models to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed model values
         */
        mfgs: string[];
        /**
         * List of client device manufacturers to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed mfg values
         */
        models: string[];
        nactags: string[];
        /**
         * List of client device os types to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed osType values
         */
        osTypes: string[];
        portTypes: string[];
        /**
         * List of site ids to match
         */
        siteIds: string[];
        /**
         * List of sitegroup ids to match
         */
        sitegroupIds: string[];
        /**
         * List of vendors to match
         */
        vendors: string[];
    }
    interface NacruleNotMatching {
        /**
         * enum: `cert`, `device-auth`, `eap-teap`, `eap-tls`, `eap-ttls`, `idp`, `mab`, `peap-tls`, `psk`
         */
        authType?: string;
        /**
         * List of client device families to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed family values
         */
        families: string[];
        /**
         * List of client device models to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed model values
         */
        mfgs: string[];
        /**
         * List of client device manufacturers to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed mfg values
         */
        models: string[];
        nactags: string[];
        /**
         * List of client device os types to match. Refer to [List Fingerprint Types]]($e/Constants%20Definitions/listFingerprintTypes) for allowed osType values
         */
        osTypes: string[];
        portTypes: string[];
        /**
         * List of site ids to match
         */
        siteIds: string[];
        /**
         * List of sitegroup ids to match
         */
        sitegroupIds: string[];
        /**
         * List of vendors to match
         */
        vendors: string[];
    }
    interface NetworkInternalAccess {
        enabled?: boolean;
    }
    interface NetworkInternetAccess {
        createSimpleServicePolicy: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.NetworkInternetAccessDestinationNat;
        };
        enabled?: boolean;
        /**
         * By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
         */
        restricted: boolean;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat?: {
            [key: string]: outputs.org.NetworkInternetAccessStaticNat;
        };
    }
    interface NetworkInternetAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        /**
         * The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
         */
        port?: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
         */
        wanName?: string;
    }
    interface NetworkInternetAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
        /**
         * SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
         */
        wanName?: string;
    }
    interface NetworkMulticast {
        /**
         * If the network will only be the source of the multicast traffic, IGMP can be disabled
         */
        disableIgmp: boolean;
        enabled: boolean;
        /**
         * Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32")
         */
        groups?: {
            [key: string]: outputs.org.NetworkMulticastGroups;
        };
    }
    interface NetworkMulticastGroups {
        /**
         * RP (rendezvous point) IP Address
         */
        rpIp?: string;
    }
    interface NetworkTenants {
        addresses?: string[];
    }
    interface NetworkVpnAccess {
        /**
         * If `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side
         */
        advertisedSubnet?: string;
        /**
         * Whether to allow ping from vpn into this routed network
         */
        allowPing?: boolean;
        /**
         * Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internalIp` or `port` must be defined
         */
        destinationNat?: {
            [key: string]: outputs.org.NetworkVpnAccessDestinationNat;
        };
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub
         */
        natPool?: string;
        /**
         * toward LAN-side BGP peers
         */
        noReadvertiseToLanBgp: boolean;
        /**
         * toward LAN-side OSPF peers
         */
        noReadvertiseToLanOspf: boolean;
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        noReadvertiseToOverlay?: boolean;
        /**
         * By default, the routes are only readvertised toward the same vrf on spoke. To allow it to be leaked to other vrfs
         */
        otherVrfs: string[];
        /**
         * Whether this network is routable
         */
        routed?: boolean;
        /**
         * If `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub
         */
        sourceNat: outputs.org.NetworkVpnAccessSourceNat;
        /**
         * Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}")
         */
        staticNat: {
            [key: string]: outputs.org.NetworkVpnAccessStaticNat;
        };
        /**
         * toward overlay, how HUB should deal with routes it received from Spokes
         */
        summarizedSubnet?: string;
        /**
         * toward LAN-side BGP peers
         */
        summarizedSubnetToLanBgp?: string;
        /**
         * toward LAN-side OSPF peers
         */
        summarizedSubnetToLanOspf?: string;
    }
    interface NetworkVpnAccessDestinationNat {
        /**
         * The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
         */
        internalIp?: string;
        name?: string;
        port?: string;
    }
    interface NetworkVpnAccessSourceNat {
        externalIp?: string;
    }
    interface NetworkVpnAccessStaticNat {
        /**
         * The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
         */
        internalIp: string;
        name: string;
    }
    interface NetworktemplateAclPolicy {
        /**
         * ACL Policy Actions:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        actions?: outputs.org.NetworktemplateAclPolicyAction[];
        name?: string;
        /**
         * ACL Policy Source Tags:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        srcTags?: string[];
    }
    interface NetworktemplateAclPolicyAction {
        /**
         * enum: `allow`, `deny`
         */
        action?: string;
        dstTag: string;
    }
    interface NetworktemplateAclTags {
        /**
         * Required if
         *   - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
         *   - `type`==`gbpResource`
         *   - `type`==`staticGbp` (applying gbp tag against matching conditions)
         */
        gbpTag?: number;
        /**
         * Required if
         * - `type`==`mac`
         * - `type`==`staticGbp` if from matching mac
         */
        macs: string[];
        /**
         * If:
         *   * `type`==`mac` (optional. default is `any`)
         *   * `type`==`subnet` (optional. default is `any`)
         *   * `type`==`network`
         *   * `type`==`resource` (optional. default is `any`)
         *   * `type`==`staticGbp` if from matching network (vlan)
         */
        network?: string;
        /**
         * Required if:
         *   * `type`==`radiusGroup`
         *   * `type`==`staticGbp`
         * if from matching radius_group
         */
        radiusGroup?: string;
        /**
         * If `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
         */
        specs?: outputs.org.NetworktemplateAclTagsSpec[];
        /**
         * If
         * - `type`==`subnet`
         * - `type`==`resource` (optional. default is `any`)
         * - `type`==`staticGbp` if from matching subnet
         */
        subnets: string[];
        /**
         * enum:
         *   * `any`: matching anything not identified
         *   * `dynamicGbp`: from the gbpTag received from RADIUS
         *   * `gbpResource`: can only be used in `dstTags`
         *   * `mac`
         *   * `network`
         *   * `radiusGroup`
         *   * `resource`: can only be used in `dstTags`
         *   * `staticGbp`: applying gbp tag against matching conditions
         *   * `subnet`'
         */
        type: string;
    }
    interface NetworktemplateAclTagsSpec {
        /**
         * Matched dst port, "0" means any
         */
        portRange: string;
        /**
         * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
         */
        protocol: string;
    }
    interface NetworktemplateDhcpSnooping {
        allNetworks?: boolean;
        /**
         * Enable for dynamic ARP inspection check
         */
        enableArpSpoofCheck?: boolean;
        /**
         * Enable for check for forging source IP address
         */
        enableIpSourceGuard?: boolean;
        enabled?: boolean;
        /**
         * If `allNetworks`==`false`, list of network with DHCP snooping enabled
         */
        networks?: string[];
    }
    interface NetworktemplateExtraRoutes {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.org.NetworktemplateExtraRoutesNextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface NetworktemplateExtraRoutes6 {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.org.NetworktemplateExtraRoutes6NextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface NetworktemplateExtraRoutes6NextQualified {
        metric?: number;
        preference?: number;
    }
    interface NetworktemplateExtraRoutesNextQualified {
        metric?: number;
        preference?: number;
    }
    interface NetworktemplateMistNac {
        enabled?: boolean;
        network?: string;
    }
    interface NetworktemplateNetworks {
        /**
         * Only required for EVPN-VXLAN networks, IPv4 Virtual Gateway
         */
        gateway?: string;
        /**
         * Only required for EVPN-VXLAN networks, IPv6 Virtual Gateway
         */
        gateway6?: string;
        /**
         * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
         */
        isolation?: boolean;
        isolationVlanId?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet6?: string;
        vlanId: string;
    }
    interface NetworktemplateOspfAreas {
        includeLoopback: boolean;
        networks: {
            [key: string]: outputs.org.NetworktemplateOspfAreasNetworks;
        };
        /**
         * OSPF type. enum: `default`, `nssa`, `stub`
         */
        type: string;
    }
    interface NetworktemplateOspfAreasNetworks {
        /**
         * Required if `authType`==`md5`. Property key is the key number
         */
        authKeys: {
            [key: string]: string;
        };
        /**
         * Required if `authType`==`password`, the password, max length is 8
         */
        authPassword?: string;
        /**
         * auth type. enum: `md5`, `none`, `password`
         */
        authType: string;
        bfdMinimumInterval?: number;
        deadInterval?: number;
        exportPolicy?: string;
        helloInterval?: number;
        importPolicy?: string;
        /**
         * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
         */
        interfaceType: string;
        metric?: number;
        /**
         * By default, we'll re-advertise all learned OSPF routes toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * Whether to send OSPF-Hello
         */
        passive: boolean;
    }
    interface NetworktemplatePortMirroring {
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputNetworksIngresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsEgresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsIngresses: string[];
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputNetwork?: string;
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputPortId?: string;
    }
    interface NetworktemplatePortUsages {
        /**
         * Only if `mode`==`trunk` whether to trunk all network/vlans
         */
        allNetworks: boolean;
        /**
         * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is an access or trunk port.
         */
        allowDhcpd?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        allowMultipleSupplicants?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` bypass auth for known clients if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDown?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` bypass auth for all (including unknown clients) if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDownForUnknownClient?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        description: string;
        /**
         * Only if `mode`!=`dynamic` if speed and duplex are specified, whether to disable autonegotiation
         */
        disableAutoneg: boolean;
        /**
         * Only if `mode`!=`dynamic` whether the port is disabled
         */
        disabled: boolean;
        /**
         * Only if `mode`!=`dynamic` link connection mode. enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x`, if dynamic vlan is used, specify the possible networks/vlans RADIUS can return
         */
        dynamicVlanNetworks: string[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` whether to enable MAC Auth
         */
        enableMacAuth?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        enableQos: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` which network to put the device into if the device cannot do dot1x. default is null (i.e. not allowed)
         */
        guestNetwork?: string;
        /**
         * `interSwitchLink` is used together with `isolation` under networks. NOTE: `interSwitchLink` works only between Juniper device. This has to be applied to both ports connected together
         */
        interIsolationNetworkLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
         */
        interSwitchLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
         */
        macAuthOnly?: boolean;
        /**
         * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
         */
        macAuthPreferred?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
         */
        macAuthProtocol?: string;
        /**
         * Only if `mode`!=`dynamic` max number of mac addresses, default is 0 for unlimited, otherwise range is 1 to 16383 (upper bound constrained by platform)
         */
        macLimit: string;
        /**
         * `mode`==`dynamic` must only be used if the port usage name is `dynamic`. enum: `access`, `dynamic`, `inet`, `trunk`
         */
        mode?: string;
        /**
         * Only if `mode`!=`dynamic` media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation. Value between 256 and 9216, default value is 1514.
         */
        mtu?: string;
        /**
         * Only if `mode`==`trunk`, the list of network/vlans
         */
        networks: string[];
        /**
         * Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
         */
        persistMac: boolean;
        /**
         * Only if `mode`!=`dynamic` whether PoE capabilities are disabled for a port
         */
        poeDisabled: boolean;
        /**
         * Only if `mode`!=`dynamic` if dot1x is desired, set to dot1x. enum: `dot1x`
         */
        portAuth?: string;
        /**
         * Only if `mode`!=`dynamic` native network/vlan for untagged traffic
         */
        portNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range between 10 and 65535 (default: 3600)
         */
        reauthInterval?: string;
        /**
         * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
         */
        resetDefaultWhen?: string;
        /**
         * Only if `mode`==`dynamic`
         */
        rules?: outputs.org.NetworktemplatePortUsagesRule[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
         */
        serverFailNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
         */
        serverRejectNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed: string;
        /**
         * Switch storm control. Only if `mode`!=`dynamic`
         */
        stormControl?: outputs.org.NetworktemplatePortUsagesStormControl;
        /**
         * Only if `mode`!=`dynamic` when enabled, the port is not expected to receive BPDU frames
         */
        stpEdge: boolean;
        stpNoRootPort?: boolean;
        stpP2p?: boolean;
        /**
         * Optional for Campus Fabric Core-Distribution ESI-LAG profile. Helper used by the UI to select this port profile as the ESI-Lag between Distribution and Access switches
         */
        uiEvpntopoId?: string;
        /**
         * If this is connected to a vstp network
         */
        useVstp?: boolean;
        /**
         * Only if `mode`!=`dynamic` network/vlan for voip traffic, must also set port_network. to authenticate device, set port_auth
         */
        voipNetwork?: string;
    }
    interface NetworktemplatePortUsagesRule {
        equals?: string;
        /**
         * Use `equalsAny` to match any item in a list
         */
        equalsAnies?: string[];
        /**
         * "[0:3]":"abcdef" > "abc"
         * "split(.)[1]": "a.b.c" > "b"
         * "split(-)[1][0:3]: "a1234-b5678-c90" > "b56"
         */
        expression?: string;
        /**
         * enum: `linkPeermac`, `lldpChassisId`, `lldpHardwareRevision`, `lldpManufacturerName`, `lldpOui`, `lldpSerialNumber`, `lldpSystemName`, `radiusDynamicfilter`, `radiusUsermac`, `radiusUsername`
         */
        src: string;
        /**
         * `portUsage` name
         */
        usage?: string;
    }
    interface NetworktemplatePortUsagesStormControl {
        /**
         * Whether to disable storm control on broadcast traffic
         */
        noBroadcast?: boolean;
        /**
         * Whether to disable storm control on multicast traffic
         */
        noMulticast?: boolean;
        /**
         * Whether to disable storm control on registered multicast traffic
         */
        noRegisteredMulticast?: boolean;
        /**
         * Whether to disable storm control on unknown unicast traffic
         */
        noUnknownUnicast?: boolean;
        /**
         * Bandwidth-percentage, configures the storm control level as a percentage of the available bandwidth
         */
        percentage?: number;
    }
    interface NetworktemplateRadiusConfig {
        acctImmediateUpdate?: boolean;
        /**
         * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
         */
        acctInterimInterval: number;
        acctServers?: outputs.org.NetworktemplateRadiusConfigAcctServer[];
        /**
         * enum: `ordered`, `unordered`
         */
        authServerSelection: string;
        authServers?: outputs.org.NetworktemplateRadiusConfigAuthServer[];
        /**
         * Radius auth session retries
         */
        authServersRetries: number;
        /**
         * Radius auth session timeout
         */
        authServersTimeout: number;
        coaEnabled: boolean;
        coaPort: string;
        fastDot1xTimers: boolean;
        /**
         * Use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
         */
        network?: string;
        /**
         * Use `network`or `sourceIp`
         */
        sourceIp?: string;
    }
    interface NetworktemplateRadiusConfigAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface NetworktemplateRadiusConfigAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator?: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface NetworktemplateRemoteSyslog {
        archive?: outputs.org.NetworktemplateRemoteSyslogArchive;
        console?: outputs.org.NetworktemplateRemoteSyslogConsole;
        enabled: boolean;
        files?: outputs.org.NetworktemplateRemoteSyslogFile[];
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        network?: string;
        sendToAllServers?: boolean;
        servers?: outputs.org.NetworktemplateRemoteSyslogServer[];
        /**
         * enum: `millisecond`, `year`, `year millisecond`
         */
        timeFormat?: string;
        users?: outputs.org.NetworktemplateRemoteSyslogUser[];
    }
    interface NetworktemplateRemoteSyslogArchive {
        files?: string;
        size?: string;
    }
    interface NetworktemplateRemoteSyslogConsole {
        contents?: outputs.org.NetworktemplateRemoteSyslogConsoleContent[];
    }
    interface NetworktemplateRemoteSyslogConsoleContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogFile {
        archive?: outputs.org.NetworktemplateRemoteSyslogFileArchive;
        contents?: outputs.org.NetworktemplateRemoteSyslogFileContent[];
        explicitPriority?: boolean;
        file?: string;
        match?: string;
        structuredData?: boolean;
    }
    interface NetworktemplateRemoteSyslogFileArchive {
        files?: string;
        size?: string;
    }
    interface NetworktemplateRemoteSyslogFileContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogServer {
        contents?: outputs.org.NetworktemplateRemoteSyslogServerContent[];
        explicitPriority?: boolean;
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        host?: string;
        match?: string;
        port?: string;
        /**
         * enum: `tcp`, `udp`
         */
        protocol: string;
        routingInstance?: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        sourceAddress?: string;
        structuredData?: boolean;
        tag?: string;
    }
    interface NetworktemplateRemoteSyslogServerContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogUser {
        contents?: outputs.org.NetworktemplateRemoteSyslogUserContent[];
        match?: string;
        user?: string;
    }
    interface NetworktemplateRemoteSyslogUserContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateSnmpConfig {
        clientLists?: outputs.org.NetworktemplateSnmpConfigClientList[];
        contact?: string;
        description?: string;
        enabled: boolean;
        engineId?: string;
        location?: string;
        name?: string;
        network?: string;
        trapGroups?: outputs.org.NetworktemplateSnmpConfigTrapGroup[];
        v2cConfigs?: outputs.org.NetworktemplateSnmpConfigV2cConfig[];
        v3Config?: outputs.org.NetworktemplateSnmpConfigV3Config;
        views?: outputs.org.NetworktemplateSnmpConfigView[];
    }
    interface NetworktemplateSnmpConfigClientList {
        clientListName?: string;
        clients?: string[];
    }
    interface NetworktemplateSnmpConfigTrapGroup {
        categories?: string[];
        /**
         * Categories list can refer to https://www.juniper.net/documentation/software/topics/task/configuration/snmp_trap-groups-configuring-junos-nm.html
         */
        groupName?: string;
        targets?: string[];
        /**
         * enum: `all`, `v1`, `v2`
         */
        version: string;
    }
    interface NetworktemplateSnmpConfigV2cConfig {
        authorization?: string;
        /**
         * Client_list_name here should refer to clientList above
         */
        clientListName?: string;
        communityName?: string;
        /**
         * View name here should be defined in views above
         */
        view?: string;
    }
    interface NetworktemplateSnmpConfigV3Config {
        notifies?: outputs.org.NetworktemplateSnmpConfigV3ConfigNotify[];
        notifyFilters?: outputs.org.NetworktemplateSnmpConfigV3ConfigNotifyFilter[];
        targetAddresses?: outputs.org.NetworktemplateSnmpConfigV3ConfigTargetAddress[];
        targetParameters?: outputs.org.NetworktemplateSnmpConfigV3ConfigTargetParameter[];
        usms?: outputs.org.NetworktemplateSnmpConfigV3ConfigUsm[];
        vacm?: outputs.org.NetworktemplateSnmpConfigV3ConfigVacm;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotify {
        name: string;
        tag: string;
        /**
         * enum: `inform`, `trap`
         */
        type: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotifyFilter {
        contents?: outputs.org.NetworktemplateSnmpConfigV3ConfigNotifyFilterContent[];
        profileName?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotifyFilterContent {
        include?: boolean;
        oid: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigTargetAddress {
        address: string;
        addressMask: string;
        port: string;
        /**
         * Refer to notify tag, can be multiple with blank
         */
        tagList?: string;
        targetAddressName: string;
        /**
         * Refer to notify target parameters name
         */
        targetParameters?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigTargetParameter {
        /**
         * enum: `v1`, `v2c`, `v3`
         */
        messageProcessingModel: string;
        name: string;
        /**
         * Refer to profile-name in notify_filter
         */
        notifyFilter?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * Refer to securityName in usm
         */
        securityName?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigUsm {
        /**
         * enum: `localEngine`, `remoteEngine`
         */
        engineType: string;
        /**
         * Required only if `engineType`==`remoteEngine`
         */
        remoteEngineId?: string;
        users?: outputs.org.NetworktemplateSnmpConfigV3ConfigUsmUser[];
    }
    interface NetworktemplateSnmpConfigV3ConfigUsmUser {
        /**
         * Not required if `authenticationType`==`authentication-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
         */
        authenticationPassword?: string;
        /**
         * sha224, sha256, sha384, sha512 are supported in 21.1 and newer release. enum: `authentication-md5`, `authentication-none`, `authentication-sha`, `authentication-sha224`, `authentication-sha256`, `authentication-sha384`, `authentication-sha512`
         */
        authenticationType?: string;
        /**
         * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
         */
        encryptionPassword?: string;
        /**
         * enum: `privacy-3des`, `privacy-aes128`, `privacy-des`, `privacy-none`
         */
        encryptionType?: string;
        name?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacm {
        accesses?: outputs.org.NetworktemplateSnmpConfigV3ConfigVacmAccess[];
        securityToGroup?: outputs.org.NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroup;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmAccess {
        groupName?: string;
        prefixLists?: outputs.org.NetworktemplateSnmpConfigV3ConfigVacmAccessPrefixList[];
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmAccessPrefixList {
        /**
         * Only required if `type`==`contextPrefix`
         */
        contextPrefix?: string;
        /**
         * Refer to view name
         */
        notifyView?: string;
        /**
         * Refer to view name
         */
        readView?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `any`, `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * enum: `contextPrefix`, `defaultContextPrefix`
         */
        type?: string;
        /**
         * Refer to view name
         */
        writeView?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroup {
        contents?: outputs.org.NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroupContent[];
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroupContent {
        /**
         * Refer to groupName under access
         */
        group?: string;
        securityName?: string;
    }
    interface NetworktemplateSnmpConfigView {
        /**
         * If the root oid configured is included
         */
        include?: boolean;
        oid?: string;
        viewName?: string;
    }
    interface NetworktemplateSwitchMatching {
        enable?: boolean;
        /**
         * list of rules to define custom switch configuration based on different criteria. Each list must have at least one of `matchModel`, `matchName` or `matchRole` must be defined
         */
        rules?: outputs.org.NetworktemplateSwitchMatchingRule[];
    }
    interface NetworktemplateSwitchMatchingRule {
        /**
         * additional CLI commands to append to the generated Junos config. **Note**: no check is done
         */
        additionalConfigCmds: string[];
        /**
         * In-Band Management interface configuration
         */
        ipConfig?: outputs.org.NetworktemplateSwitchMatchingRuleIpConfig;
        /**
         * string the switch model must start with to use this rule. It is possible to combine with the `matchName` and `matchRole` attributes
         */
        matchModel: string;
        /**
         * string the switch name must start with to use this rule. Use the `matchNameOffset` to indicate the first character of the switch name to compare to. It is possible to combine with the `matchModel` and `matchRole` attributes
         */
        matchName: string;
        /**
         * first character of the switch name to compare to the `matchName` value
         */
        matchNameOffset: number;
        /**
         * string the switch role must start with to use this rule. It is possible to combine with the `matchName` and `matchModel` attributes
         */
        matchRole?: string;
        /**
         * property key define the type of matching, value is the string to match. e.g: `match_name[0:3]`, `match_name[2:6]`, `matchModel`,  `match_model[0-6]`
         *
         * @deprecated The `matchType` attribute has been deprecated in version v0.2.8 of the Juniper-Mist Provider. It has been replaced with the `matchName`, `matchModel` and `matchRole`attribuites and may be removed in future versions.
Please update your configurations.
         */
        matchType: string;
        /**
         * @deprecated The `matchValue` attribute has been deprecated in version v0.2.8 of the Juniper-Mist Provider. It has been replaced with the `matchName`, `matchModel` and `matchRole`attribuites and may be removed in future versions.
Please update your configurations.
         */
        matchValue: string;
        /**
         * Rule name. WARNING: the name `default` is reserved and can only be used for the last rule in the list
         */
        name?: string;
        /**
         * Out-of-Band Management interface configuration
         */
        oobIpConfig?: outputs.org.NetworktemplateSwitchMatchingRuleOobIpConfig;
        /**
         * Property key is the port name or range (e.g. "ge-0/0/0-10")
         */
        portConfig?: {
            [key: string]: outputs.org.NetworktemplateSwitchMatchingRulePortConfig;
        };
        /**
         * Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 mirroring ports is allowed
         */
        portMirroring?: {
            [key: string]: outputs.org.NetworktemplateSwitchMatchingRulePortMirroring;
        };
    }
    interface NetworktemplateSwitchMatchingRuleIpConfig {
        /**
         * VLAN Name for the management interface
         */
        network?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface NetworktemplateSwitchMatchingRuleOobIpConfig {
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
    }
    interface NetworktemplateSwitchMatchingRulePortConfig {
        /**
         * To disable LACP support for the AE interface
         */
        aeDisableLacp?: boolean;
        /**
         * Users could force to use the designated AE name
         */
        aeIdx?: number;
        /**
         * To use fast timeout
         */
        aeLacpSlow?: boolean;
        aggregated?: boolean;
        /**
         * To generate port up/down alarm
         */
        critical: boolean;
        description?: string;
        /**
         * If `speed` and `duplex` are specified, whether to disable autonegotiation
         */
        disableAutoneg?: boolean;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex?: string;
        /**
         * Enable dynamic usage for this port. Set to `dynamic` to enable.
         */
        dynamicUsage?: string;
        esilag?: boolean;
        /**
         * Media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation
         */
        mtu?: number;
        /**
         * Prevent helpdesk to override the port config
         */
        noLocalOverwrite: boolean;
        poeDisabled?: boolean;
        /**
         * enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed?: string;
        /**
         * Port usage name. If EVPN is used, use `evpnUplink`or `evpnDownlink`
         */
        usage: string;
    }
    interface NetworktemplateSwitchMatchingRulePortMirroring {
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputNetworksIngresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsEgresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsIngresses: string[];
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputNetwork?: string;
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputPortId?: string;
    }
    interface NetworktemplateSwitchMgmt {
        /**
         * AP_affinity_threshold apAffinityThreshold can be added as a field under site/setting. By default, this value is set to 12. If the field is set in both site/setting and org/setting, the value from site/setting will be used.
         */
        apAffinityThreshold?: number;
        /**
         * Set Banners for switches. Allows markup formatting
         */
        cliBanner?: string;
        /**
         * Sets timeout for switches
         */
        cliIdleTimeout?: number;
        /**
         * Rollback timer for commit confirmed
         */
        configRevertTimer: number;
        /**
         * Enable to provide the FQDN with DHCP option 81
         */
        dhcpOptionFqdn?: boolean;
        disableOobDownAlarm?: boolean;
        fipsEnabled?: boolean;
        /**
         * Property key is the user name. For Local user authentication
         */
        localAccounts?: {
            [key: string]: outputs.org.NetworktemplateSwitchMgmtLocalAccounts;
        };
        /**
         * IP Address or FQDN of the Mist Edge used to proxy the switch management traffic to the Mist Cloud
         */
        mxedgeProxyHost?: string;
        /**
         * Mist Edge port used to proxy the switch management traffic to the Mist Cloud. Value in range 1-65535
         */
        mxedgeProxyPort?: string;
        /**
         * Restrict inbound-traffic to host
         * when enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default, if dhcpd is enabled, we'll make sure it works
         */
        protectRe?: outputs.org.NetworktemplateSwitchMgmtProtectRe;
        rootPassword?: string;
        tacacs?: outputs.org.NetworktemplateSwitchMgmtTacacs;
        /**
         * To use mxedge as proxy
         */
        useMxedgeProxy?: boolean;
    }
    interface NetworktemplateSwitchMgmtLocalAccounts {
        password?: string;
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        role: string;
    }
    interface NetworktemplateSwitchMgmtProtectRe {
        /**
         * optionally, services we'll allow. enum: `icmp`, `ssh`
         */
        allowedServices: string[];
        customs: outputs.org.NetworktemplateSwitchMgmtProtectReCustom[];
        /**
         * When enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default
         *      if dhcpd is enabled, we'll make sure it works
         */
        enabled: boolean;
        /**
         * host/subnets we'll allow traffic to/from
         */
        trustedHosts: string[];
    }
    interface NetworktemplateSwitchMgmtProtectReCustom {
        /**
         * matched dst port, "0" means any. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        portRange: string;
        /**
         * enum: `any`, `icmp`, `tcp`, `udp`. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        protocol: string;
        subnets: string[];
    }
    interface NetworktemplateSwitchMgmtTacacs {
        acctServers?: outputs.org.NetworktemplateSwitchMgmtTacacsAcctServer[];
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        defaultRole?: string;
        enabled?: boolean;
        /**
         * Which network the TACACS server resides
         */
        network?: string;
        tacplusServers?: outputs.org.NetworktemplateSwitchMgmtTacacsTacplusServer[];
    }
    interface NetworktemplateSwitchMgmtTacacsAcctServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface NetworktemplateSwitchMgmtTacacsTacplusServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface NetworktemplateVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface NetworktemplateVrfInstances {
        evpnAutoLoopbackSubnet?: string;
        evpnAutoLoopbackSubnet6?: string;
        /**
         * Property key is the destination CIDR (e.g. "10.0.0.0/8")
         */
        extraRoutes?: {
            [key: string]: outputs.org.NetworktemplateVrfInstancesExtraRoutes;
        };
        /**
         * Property key is the destination CIDR (e.g. "2a02:1234:420a:10c9::/64")
         */
        extraRoutes6?: {
            [key: string]: outputs.org.NetworktemplateVrfInstancesExtraRoutes6;
        };
        networks?: string[];
    }
    interface NetworktemplateVrfInstancesExtraRoutes {
        /**
         * Next-hop address
         */
        via: string;
    }
    interface NetworktemplateVrfInstancesExtraRoutes6 {
        /**
         * Next-hop address
         */
        via?: string;
    }
    interface RftemplateBand24 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 2.4GHz band. enum: `20`, `40`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * tx power of the radio, null or 0 means auto, when power*min=power*max=power=0 to indicate power=0
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateBand5 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateBand5On24Radio {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateBand6 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 6GHz band. enum: `20`, `40`, `80`, `160`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
        /**
         * For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed
         */
        standardPower?: boolean;
    }
    interface RftemplateModelSpecific {
        antGain24: number;
        antGain5: number;
        antGain6: number;
        /**
         * Radio Band AP settings
         */
        band24?: outputs.org.RftemplateModelSpecificBand24;
        /**
         * enum: `24`, `5`, `6`, `auto`
         */
        band24Usage?: string;
        /**
         * Radio Band AP settings
         */
        band5?: outputs.org.RftemplateModelSpecificBand5;
        /**
         * Radio Band AP settings
         */
        band5On24Radio?: outputs.org.RftemplateModelSpecificBand5On24Radio;
        /**
         * Radio Band AP settings
         */
        band6?: outputs.org.RftemplateModelSpecificBand6;
    }
    interface RftemplateModelSpecificBand24 {
        allowRrmDisable: boolean;
        antGain?: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 2.4GHz band. enum: `20`, `40`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * tx power of the radio, null or 0 means auto, when power*min=power*max=power=0 to indicate power=0
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateModelSpecificBand5 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateModelSpecificBand5On24Radio {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode: string;
        /**
         * channel width for the 5GHz band. enum: `20`, `40`, `80`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels?: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
    }
    interface RftemplateModelSpecificBand6 {
        allowRrmDisable: boolean;
        antGain: number;
        /**
         * enum: `1x1`, `2x2`, `3x3`, `4x4`, `default`
         */
        antennaMode?: string;
        /**
         * channel width for the 6GHz band. enum: `20`, `40`, `80`, `160`
         */
        bandwidth: number;
        /**
         * For RFTemplates. List of channels, null or empty array means auto
         */
        channels: number[];
        /**
         * Whether to disable the radio
         */
        disabled: boolean;
        /**
         * Tx power of the radio. For Devices, 0 means auto. -1 / -2 / -3 / …: treated as 0 / -1 / -2 / …
         */
        power?: number;
        /**
         * When power=0, max tx power to use, HW-specific values will be used if not set
         */
        powerMax: number;
        /**
         * When power=0, min tx power to use, HW-specific values will be used if not set
         */
        powerMin: number;
        /**
         * enum: `auto`, `long`, `short`
         */
        preamble: string;
        /**
         * For 6GHz Only, standard-power operation, AFC (Automatic Frequency Coordination) will be performed, and we'll fall back to Low Power Indoor if AFC failed
         */
        standardPower?: boolean;
    }
    interface ServiceSpec {
        /**
         * Port number, port range, or variable
         */
        portRange?: string;
        /**
         * `https`/ `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254
         */
        protocol: string;
    }
    interface ServicepolicyAamw {
        /**
         * org-level Advanced Advance Anti Malware Profile (SkyAtp) Profile can be used, this takes precedence over 'profile'
         */
        aamwprofileId?: string;
        enabled: boolean;
        /**
         * enum: `docsonly`, `executables`, `standard`
         */
        profile?: string;
    }
    interface ServicepolicyAntivirus {
        /**
         * org-level AV Profile can be used, this takes precedence over 'profile'
         */
        avprofileId?: string;
        enabled: boolean;
        /**
         * Default / noftp / httponly / or keys from av_profiles
         */
        profile?: string;
    }
    interface ServicepolicyAppqoe {
        enabled: boolean;
    }
    interface ServicepolicyEwf {
        alertOnly?: boolean;
        blockMessage?: string;
        enabled: boolean;
        /**
         * enum: `critical`, `standard`, `strict`
         */
        profile?: string;
    }
    interface ServicepolicyIdp {
        alertOnly?: boolean;
        enabled: boolean;
        /**
         * org_level IDP Profile can be used, this takes precedence over `profile`
         */
        idpprofileId?: string;
        /**
         * enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles
         */
        profile?: string;
    }
    interface ServicepolicySslProxy {
        /**
         * enum: `medium`, `strong`, `weak`
         */
        ciphersCategory: string;
        enabled: boolean;
    }
    interface SettingApiPolicy {
        /**
         * By default, API hides password/secrets when the user doesn't have write access
         *   * `true`: API will hide passwords/secrets for all users
         *   * `false`: API will hide passwords/secrets for read-only users
         */
        noReveal?: boolean;
    }
    interface SettingCelona {
        apiKey: string;
        apiPrefix: string;
    }
    interface SettingCloudshark {
        apitoken: string;
        /**
         * If using CS Enterprise
         */
        url: string;
    }
    interface SettingCradlepoint {
        cpApiId: string;
        cpApiKey: string;
        ecmApiId: string;
        ecmApiKey: string;
        enableLldp: boolean;
    }
    interface SettingDeviceCert {
        cert: string;
        key: string;
    }
    interface SettingInstaller {
        allowAllDevices?: boolean;
        allowAllSites?: boolean;
        extraSiteIds: string[];
        gracePeriod?: number;
    }
    interface SettingJcloud {
        /**
         * JCloud Org Token
         */
        orgApitoken: string;
        /**
         * JCloud Org Token Name
         */
        orgApitokenName: string;
        /**
         * JCloud Org ID
         */
        orgId: string;
    }
    interface SettingJcloudRa {
        /**
         * JCloud Routing Assurance Org Token
         */
        orgApitoken?: string;
        /**
         * JCloud Routing Assurance Org Token Name
         */
        orgApitokenName?: string;
        /**
         * JCloud Routing Assurance Org ID
         */
        orgId?: string;
    }
    interface SettingJuniper {
        accounts: outputs.org.SettingJuniperAccount[];
    }
    interface SettingJuniperAccount {
        linkedBy: string;
        name: string;
    }
    interface SettingJunosShellAccess {
        /**
         * enum: `admin`, `viewer`, `none`
         */
        admin: string;
        /**
         * enum: `admin`, `viewer`, `none`
         */
        helpdesk: string;
        /**
         * enum: `admin`, `viewer`, `none`
         */
        read: string;
        /**
         * enum: `admin`, `viewer`, `none`
         */
        write: string;
    }
    interface SettingMgmt {
        /**
         * List of Mist Tunnels
         */
        mxtunnelIds: string[];
        /**
         * Whether to use Mist Tunnel for mgmt connectivity, this takes precedence over use_wxtunnel
         */
        useMxtunnel: boolean;
        /**
         * Whether to use wxtunnel for mgmt connectivity
         */
        useWxtunnel: boolean;
    }
    interface SettingMistNac {
        /**
         * List of PEM-encoded ca certs
         */
        cacerts: string[];
        /**
         * use this IDP when no explicit realm present in the incoming username/CN OR when no IDP is explicitly mapped to the incoming realm.
         */
        defaultIdpId?: string;
        /**
         * to disable RSAE_PSS_SHA256, RSAE_PSS_SHA384, RSAE_PSS_SHA512 from server side. see https://www.openssl.org/docs/man3.0/man1/openssl-ciphers.html
         */
        disableRsaeAlgorithms?: boolean;
        /**
         * eap ssl security level, see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html#DEFAULT-CALLBACK-BEHAVIOUR
         */
        eapSslSecurityLevel?: number;
        /**
         * By default, NAC POD failover considers all NAC pods available around the globe, i.e. EU, US, or APAC based, failover happens based on geo IP of the originating site. For strict GDPR compliance NAC POD failover would only happen between the PODs located within the EU environment, and no authentication would take place outside of EU. This is an org setting that is applicable to WLANs, switch templates, mxedge clusters that have mistNac enabled
         */
        euOnly: boolean;
        /**
         * allow customer to choose the EAP-TLS client certificate's field to use for IDP Machine Groups lookup. enum: `automatic`, `cn`, `dns`
         */
        idpMachineCertLookupField?: string;
        /**
         * allow customer to choose the EAP-TLS client certificate's field. To use for IDP User Groups lookup. enum: `automatic`, `cn`, `email`, `upn`
         */
        idpUserCertLookupField?: string;
        idps: outputs.org.SettingMistNacIdp[];
        /**
         * radius server cert to be presented in EAP TLS
         */
        serverCert?: outputs.org.SettingMistNacServerCert;
        /**
         * by default, NAS devices(switches/aps) and proxies(mxedge) are configured to reach mist-nac via IPv4. enum: `v4`, `v6`
         */
        useIpVersion?: string;
        /**
         * By default, NAS devices (switches/aps) and proxies(mxedge) are configured to use port TCP2083(RadSec) to reach mist-nac. Set `useSslPort`==`true` to override that port with TCP43 (ssl), This is an org level setting that is applicable to wlans, switch_templates, and mxedgeClusters that have mist-nac enabled
         */
        useSslPort?: boolean;
    }
    interface SettingMistNacIdp {
        /**
         * When the IDP of mxedgeProxy type, exclude the following realms from proxying in addition to other valid home realms in this org
         */
        excludeRealms: string[];
        /**
         * ID of the `mistNacidp`
         */
        id: string;
        /**
         * Which realm should trigger this IDP. User Realm is extracted from:
         *   * Username-AVP (`mist.com` from john@mist.com)
         *   * Cert CN
         */
        userRealms: string[];
    }
    interface SettingMistNacServerCert {
        cert?: string;
        key?: string;
        /**
         * private key password (optional)
         */
        password?: string;
    }
    interface SettingMxedgeMgmt {
        configAutoRevert?: boolean;
        fipsEnabled: boolean;
        mistPassword?: string;
        /**
         * enum: `dhcp`, `disabled`, `static`
         */
        oobIpType?: string;
        /**
         * enum: `autoconf`, `dhcp`, `disabled`, `static`
         */
        oobIpType6?: string;
        rootPassword?: string;
    }
    interface SettingOpticPortConfig {
        /**
         * Enable channelization
         */
        channelized: boolean;
        /**
         * Interface speed (e.g. `25g`, `50g`), use the chassis speed by default
         */
        speed?: string;
    }
    interface SettingPasswordPolicy {
        /**
         * Whether the policy is enabled
         */
        enabled: boolean;
        /**
         * password expiry in days
         */
        expiryInDays?: number;
        /**
         * Required password length
         */
        minLength: number;
        /**
         * Whether to require special character
         */
        requiresSpecialChar: boolean;
        /**
         * Whether to require two-factor auth
         */
        requiresTwoFactorAuth: boolean;
    }
    interface SettingPcap {
        bucket?: string;
        /**
         * Max_len of non-management packets to capture
         */
        maxPktLen: number;
    }
    interface SettingSecurity {
        /**
         * Whether to disable local SSH (by default, local SSH is enabled with allowMist in Org is enabled
         */
        disableLocalSsh?: boolean;
        /**
         * password required to zeroize devices (FIPS) on site level
         */
        fipsZeroizePassword?: string;
        /**
         * Whether to allow certain SSH keys to SSH into the AP (see Site:Setting)
         */
        limitSshAccess: boolean;
    }
    interface SettingSwitchMgmt {
        /**
         * If the field is set in both site/setting and org/setting, the value from site/setting will be used.
         */
        apAffinityThreshold: number;
        /**
         * If `false`, only the configuration generated by Mist is cleaned up during the configuration process. If `true`, all the existing configuration will be removed.
         */
        removeExistingConfigs: boolean;
    }
    interface SettingSyntheticTest {
        disabled: boolean;
        vlans?: outputs.org.SettingSyntheticTestVlan[];
        wanSpeedtest?: outputs.org.SettingSyntheticTestWanSpeedtest;
    }
    interface SettingSyntheticTestVlan {
        customTestUrls: string[];
        /**
         * For some vlans where we don't want this to run
         */
        disabled: boolean;
        vlanIds: string[];
    }
    interface SettingSyntheticTestWanSpeedtest {
        enabled?: boolean;
        /**
         * `any` / HH:MM (24-hour format)
         */
        timeOfDay: string;
    }
    interface SettingVpnOptions {
        asBase?: number;
        /**
         * requiring /12 or bigger to support 16 private IPs for 65535 gateways
         */
        stSubnet: string;
    }
    interface SettingWanPma {
        enabled: boolean;
    }
    interface SettingWiredPma {
        enabled: boolean;
    }
    interface SettingWirelessPma {
        enabled: boolean;
    }
    interface SsoRolePrivilege {
        /**
         * access permissions. enum: `admin`, `helpdesk`, `installer`, `read`, `write`
         */
        role: string;
        /**
         * enum: `org`, `site`, `sitegroup`
         */
        scope: string;
        /**
         * Required if `scope`==`site`
         */
        siteId?: string;
        /**
         * Required if `scope`==`sitegroup`
         */
        sitegroupId?: string;
        /**
         * Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users. Custom roles restrict Org users to specific UI views. This is useful for limiting UI access of Org users.
         * You can define custom roles by adding the `views` attribute along with `role` when assigning privileges.
         * Below are the list of supported UI views. Note that this is UI only feature.
         *
         *   | UI View | Required Role | Description |
         *   | --- | --- | --- |
         *   | `reporting` | `read` | full access to all analytics tools |
         *   | `marketing` | `read` | can view analytics and location maps |
         *   | `superObserver` | `read` | can view all the organization except the subscription page |
         *   | `location` | `write` | can view and manage location maps, can view analytics |
         *   | `security` | `write` | can view and manage site labels, policies and security |
         *   | `switchAdmin` | `helpdesk` | can view and manage Switch ports, can view wired clients |
         *   | `mxedgeAdmin` | `admin` | can view and manage Mist edges and Mist tunnels |
         *   | `lobbyAdmin` | `admin` | full access to Org and Site Pre-shared keys |
         */
        views: string[];
    }
    interface VpnPathSelection {
        /**
         * enum: `disabled`, `simple`, `manual`
         */
        strategy: string;
    }
    interface VpnPaths {
        /**
         * enum: `broadband`, `lte`
         */
        bfdProfile?: string;
        /**
         * If `type`==`mesh` and for SSR only, whether to use tunnel mode
         */
        bfdUseTunnelMode?: boolean;
        /**
         * If different from the wan port
         */
        ip?: string;
        /**
         * If `type`==`mesh`, Property key is the Peer Interface name
         */
        peerPaths?: {
            [key: string]: outputs.org.VpnPathsPeerPaths;
        };
        pod?: number;
        trafficShaping?: outputs.org.VpnPathsTrafficShaping;
    }
    interface VpnPathsPeerPaths {
        preference?: number;
    }
    interface VpnPathsTrafficShaping {
        /**
         * percentages for different class of traffic: high / medium / low / best-effort adding up to 100
         */
        classPercentages?: number[];
        enabled?: boolean;
        maxTxKbps?: number;
    }
    interface WlanAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface WlanAirwatch {
        /**
         * API Key
         */
        apiKey: string;
        /**
         * Console URL
         */
        consoleUrl: string;
        enabled: boolean;
        /**
         * Password
         */
        password: string;
        /**
         * Username
         */
        username: string;
    }
    interface WlanAppLimit {
        /**
         * Map from app key to bandwidth in kbps.
         * Property key is the app key, defined in Get Application List
         */
        apps: {
            [key: string]: number;
        };
        enabled: boolean;
        /**
         * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
         */
        wxtagIds: {
            [key: string]: number;
        };
    }
    interface WlanAppQos {
        apps?: {
            [key: string]: outputs.org.WlanAppQosApps;
        };
        enabled: boolean;
        others?: outputs.org.WlanAppQosOther[];
    }
    interface WlanAppQosApps {
        /**
         * DSCP value range between 0 and 63
         */
        dscp?: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        dstSubnet?: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        srcSubnet?: string;
    }
    interface WlanAppQosOther {
        dscp?: string;
        dstSubnet?: string;
        portRanges?: string;
        protocol?: string;
        srcSubnet?: string;
    }
    interface WlanAuth {
        /**
         * SAE anti-clogging token threshold
         */
        anticlogThreshold?: number;
        /**
         * Whether to trigger EAP reauth when the session ends
         */
        eapReauth: boolean;
        /**
         * Whether to enable MAC Auth, uses the same auth_servers
         */
        enableMacAuth: boolean;
        /**
         * When `type`==`wep`
         */
        keyIdx: number;
        /**
         * When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
         */
        keys: string[];
        /**
         * When `type`==`psk`, whether to only use multi_psk
         */
        multiPskOnly: boolean;
        /**
         * if `type`==`open`. enum: `disabled`, `enabled` (means transition mode), `required`
         */
        owe?: string;
        /**
         * When `type`=`psk` or `type`=`eap`, one or more of `wpa1-ccmp`, `wpa1-tkip`, `wpa2-ccmp`, `wpa2-tkip`, `wpa3`
         */
        pairwises?: string[];
        /**
         * When `multiPskOnly`==`true`, whether private wlan is enabled
         */
        privateWlan: boolean;
        /**
         * When `type`==`psk`, 8-64 characters, or 64 hex characters
         */
        psk: string;
        /**
         * enum: `eap`, `eap192`, `open`, `psk`, `psk-tkip`, `psk-wpa2-tkip`, `wep`
         */
        type: string;
        /**
         * Enable WEP as secondary auth
         */
        wepAsSecondaryAuth?: boolean;
    }
    interface WlanAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface WlanBonjour {
        /**
         * additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
         */
        additionalVlanIds?: string[];
        /**
         * Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
         */
        enabled?: boolean;
        /**
         * What services are allowed.
         * Property key is the service name
         */
        services?: {
            [key: string]: outputs.org.WlanBonjourServices;
        };
    }
    interface WlanBonjourServices {
        /**
         * Whether to prevent wireless clients to discover bonjour devices on the same WLAN
         */
        disableLocal: boolean;
        /**
         * Optional, if the service is further restricted for certain RADIUS groups
         */
        radiusGroups?: string[];
        /**
         * how bonjour services should be discovered for the same WLAN. enum: `sameAp`, `sameMap`, `sameSite`
         */
        scope: string;
    }
    interface WlanCiscoCwa {
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        allowedHostnames: string[];
        /**
         * List of CIDRs
         */
        allowedSubnets: string[];
        /**
         * List of blocked CIDRs
         */
        blockedSubnets: string[];
        enabled: boolean;
    }
    interface WlanCoaServer {
        /**
         * Whether to disable Event-Timestamp Check
         */
        disableEventTimestampCheck: boolean;
        enabled: boolean;
        ip: string;
        port?: string;
        secret: string;
    }
    interface WlanDnsServerRewrite {
        enabled: boolean;
        /**
         * Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
         */
        radiusGroups?: {
            [key: string]: string;
        };
    }
    interface WlanDynamicPsk {
        /**
         * Default PSK to use if cloud WLC is not available, 8-63 characters
         */
        defaultPsk?: string;
        defaultVlanId?: string;
        enabled: boolean;
        /**
         * When 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
         */
        forceLookup: boolean;
        /**
         * enum: `cloudPsks`, `radius`
         */
        source: string;
    }
    interface WlanDynamicVlan {
        /**
         * Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
         */
        defaultVlanIds?: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Whether to enable dynamic vlan
         */
        enabled: boolean;
        /**
         * VLAN_ids to be locally bridged
         */
        localVlanIds: string[];
        /**
         * standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: `airespace-interface-name`, `standard`
         */
        type: string;
        /**
         * Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
         *   * if `dynamic_vlan.type`==`standard`, property key is the Vlan ID and property value is \"\"
         *   * if `dynamic_vlan.type`==`airespace-interface-name`, property key is the Vlan ID and property value is the Airespace Interface Name
         */
        vlans?: {
            [key: string]: string;
        };
    }
    interface WlanHotspot20 {
        domainNames?: string[];
        /**
         * Whether to enable hotspot 2.0 config
         */
        enabled?: boolean;
        naiRealms?: string[];
        /**
         * List of operators to support
         */
        operators?: string[];
        rcois?: string[];
        /**
         * Venue name, default is site name
         */
        venueName?: string;
    }
    interface WlanInjectDhcpOption82 {
        /**
         * Information to set in the `circuitId` field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. `{{SSID}}:{{AP_MAC}}`):
         *   * {{AP_MAC}}
         *   * {{AP_MAC_DASHED}}
         *   * {{AP_MODEL}}
         *   * {{AP_NAME}}
         *   * {{SITE_NAME}}
         *   * {{SSID}}
         */
        circuitId?: string;
        /**
         * Whether to inject option 82 when forwarding DHCP packets
         */
        enabled: boolean;
    }
    interface WlanMistNac {
        /**
         * When enabled:
         *   * `authServers` is ignored
         *   * `acctServers` is ignored
         *   * `auth_servers_*` are ignored
         *   * `coaServers` is ignored
         *   * `radsec` is ignored
         *   * `coaEnabled` is assumed
         */
        enabled: boolean;
    }
    interface WlanPortal {
        /**
         * Optional if `amazonEnabled`==`true`. Whether to allow guest to connect to other Guest WLANs (with different `WLAN.ssid`) of same org without reauthentication (disable randomMac for seamless roaming)
         */
        allowWlanIdRoam?: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        amazonClientId: string;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
         */
        amazonClientSecret: string;
        /**
         * Optional if `amazonEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        amazonEmailDomains: string[];
        /**
         * Whether amazon is enabled as a login method
         */
        amazonEnabled: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
         */
        amazonExpire?: number;
        /**
         * authentication scheme. enum: `amazon`, `azure`, `email`, `external`, `facebook`, `google`, `microsoft`, `multi`, `none`, `password`, `sms`, `sponsor`, `sso`
         */
        auth: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client id
         */
        azureClientId: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client secret
         */
        azureClientSecret: string;
        /**
         * Whether Azure Active Directory is enabled as a login method
         */
        azureEnabled: boolean;
        /**
         * Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
         */
        azureExpire?: number;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory tenant id.
         */
        azureTenantId: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetPassword: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetSid?: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetUserId?: string;
        /**
         * Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
         */
        bypassWhenCloudDown: boolean;
        /**
         * Required if `smsProvider`==`clickatell`
         */
        clickatellApiKey?: string;
        /**
         * Whether to allow guest to roam between WLANs (with same `WLAN.ssid`, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
         */
        crossSite?: boolean;
        /**
         * Whether email (access code verification) is enabled as a login method
         */
        emailEnabled: boolean;
        /**
         * Whether guest portal is enabled
         */
        enabled: boolean;
        /**
         * How long to remain authorized, in minutes
         */
        expire: number;
        /**
         * Required if `wlanPortalAuth`==`external`. External portal URL (e.g. https://host/url) where we can append our query parameters to
         */
        externalPortalUrl: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        facebookClientId: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
         */
        facebookClientSecret: string;
        /**
         * Optional if `facebookEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        facebookEmailDomains: string[];
        /**
         * Whether facebook is enabled as a login method
         */
        facebookEnabled: boolean;
        /**
         * Optional if `facebookEnabled`==`true`. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
         */
        facebookExpire?: number;
        /**
         * Whether to forward the user to another URL after authorized
         */
        forward: boolean;
        /**
         * URL to forward the user to
         */
        forwardUrl: string;
        /**
         * Google OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        googleClientId: string;
        /**
         * Optional if `googleEnabled`==`true`. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
         */
        googleClientSecret: string;
        /**
         * Optional if `googleEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        googleEmailDomains: string[];
        /**
         * Whether Google is enabled as login method
         */
        googleEnabled: boolean;
        /**
         * Optional if `googleEnabled`==`true`. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
         */
        googleExpire?: number;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupPassword?: string;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupUserid?: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        microsoftClientId: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
         */
        microsoftClientSecret: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        microsoftEmailDomains: string[];
        /**
         * Whether microsoft 365 is enabled as a login method
         */
        microsoftEnabled: boolean;
        /**
         * Optional if `microsoftEnabled`==`true`. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
         */
        microsoftExpire?: number;
        /**
         * Whether password is enabled
         */
        passphraseEnabled: boolean;
        /**
         * Optional if `passphraseEnabled`==`true`. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses `expire`
         */
        passphraseExpire?: number;
        /**
         * Required if `passphraseEnabled`==`true`.
         */
        password: string;
        /**
         * Whether to show list of sponsor emails mentioned in `sponsors` object as a dropdown. If both `sponsorNotifyAll` and `predefinedSponsorsEnabled` are false, behaviour is acc to `sponsorEmailDomains`
         */
        predefinedSponsorsEnabled: boolean;
        /**
         * Whether to hide sponsor’s email from list of sponsors
         */
        predefinedSponsorsHideEmail: boolean;
        privacy: boolean;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelPassword?: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelServiceId?: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelUsername?: string;
        /**
         * Whether sms is enabled as a login method
         */
        smsEnabled: boolean;
        /**
         * Optional if `smsEnabled`==`true`. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
         */
        smsExpire?: number;
        /**
         * Optional if `smsEnabled`==`true`. SMS Message format
         */
        smsMessageFormat: string;
        /**
         * Optioanl if `smsEnabled`==`true`. enum: `broadnet`, `clickatell`, `gupshup`, `manual`, `puzzel`, `telstra`, `twilio`
         */
        smsProvider: string;
        /**
         * Optional if `sponsorEnabled`==`true`. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
         */
        sponsorAutoApprove?: boolean;
        /**
         * List of domain allowed for sponsor email. Required if `sponsorEnabled` is `true` and `sponsors` is empty.
         */
        sponsorEmailDomains: string[];
        /**
         * Whether sponsor is enabled
         */
        sponsorEnabled: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
         */
        sponsorExpire?: number;
        /**
         * Optional if `sponsorEnabled`==`true`. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
         */
        sponsorLinkValidityDuration: string;
        /**
         * Optional if `sponsorEnabled`==`true`. whether to notify all sponsors that are mentioned in `sponsors` object. Both `sponsorNotifyAll` and `predefinedSponsorsEnabled` should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
         */
        sponsorNotifyAll: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. If enabled, guest will get email about sponsor's action (approve/deny)
         */
        sponsorStatusNotify: boolean;
        /**
         * object of allowed sponsors email with name. Required if `sponsorEnabled`
         *             is `true` and `sponsorEmailDomains` is empty.
         *
         *             Property key is the sponsor email, Property value is the sponsor name
         */
        sponsors: {
            [key: string]: string;
        };
        /**
         * Optional if `wlanPortalAuth`==`sso`, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
         */
        ssoDefaultRole: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`
         */
        ssoForcedRole: string;
        /**
         * Required if `wlanPortalAuth`==`sso`. IDP Cert (used to verify the signed response)
         */
        ssoIdpCert: string;
        /**
         * Optioanl if `wlanPortalAuth`==`sso`, Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`
         */
        ssoIdpSignAlgo: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP Single-Sign-On URL
         */
        ssoIdpSsoUrl: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP issuer URL
         */
        ssoIssuer: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`. enum: `email`, `unspecified`
         */
        ssoNameidFormat: string;
        /**
         * Required if `smsProvider`==`telstra`, Client ID provided by Telstra
         */
        telstraClientId?: string;
        /**
         * Required if `smsProvider`==`telstra`, Client secret provided by Telstra
         */
        telstraClientSecret?: string;
        /**
         * Required if `smsProvider`==`twilio`, Auth token account with twilio account
         */
        twilioAuthToken?: string;
        /**
         * Required if `smsProvider`==`twilio`, Twilio phone number associated with the account. See example for accepted format.
         */
        twilioPhoneNumber?: string;
        /**
         * Required if `smsProvider`==`twilio`, Account SID provided by Twilio
         */
        twilioSid?: string;
    }
    interface WlanPortalTemplatePortalTemplate {
        accessCodeAlternateEmail: string;
        /**
         * defines alignment on portal. enum: `center`, `left`, `right`
         */
        alignment: string;
        /**
         * Label for Amazon auth button
         */
        authButtonAmazon: string;
        /**
         * Label for Azure auth button
         */
        authButtonAzure: string;
        /**
         * Label for Email auth button
         */
        authButtonEmail: string;
        /**
         * Label for Facebook auth button
         */
        authButtonFacebook: string;
        /**
         * Label for Google auth button
         */
        authButtonGoogle: string;
        /**
         * Label for Microsoft auth button
         */
        authButtonMicrosoft: string;
        /**
         * Label for passphrase auth button
         */
        authButtonPassphrase: string;
        /**
         * Label for SMS auth button
         */
        authButtonSms: string;
        /**
         * Label for Sponsor auth button
         */
        authButtonSponsor: string;
        authLabel: string;
        /**
         * Label of the link to go back to /logon
         */
        backLink?: string;
        /**
         * Portal main color
         */
        color: string;
        colorDark: string;
        colorLight: string;
        /**
         * Whether company field is required
         */
        company: boolean;
        /**
         * Error message when company not provided
         */
        companyError: string;
        /**
         * Label of company field
         */
        companyLabel: string;
        /**
         * Whether email field is required
         */
        email: boolean;
        /**
         * Error message when a user has valid social login but doesn't match specified email domains.
         */
        emailAccessDomainError: string;
        /**
         * Label for cancel confirmation code submission using email auth
         */
        emailCancel: string;
        emailCodeCancel: string;
        emailCodeError: string;
        emailCodeFieldLabel: string;
        emailCodeMessage: string;
        emailCodeSubmit: string;
        emailCodeTitle: string;
        /**
         * Error message when email not provided
         */
        emailError: string;
        emailFieldLabel: string;
        /**
         * Label of email field
         */
        emailLabel: string;
        emailMessage: string;
        /**
         * Label for confirmation code submit button using email auth
         */
        emailSubmit: string;
        /**
         * Title for the Email registration
         */
        emailTitle: string;
        /**
         * Whether to ask field1
         */
        field1: boolean;
        /**
         * Error message when field1 not provided
         */
        field1error: string;
        /**
         * Label of field1
         */
        field1label: string;
        /**
         * Whether field1 is required field
         */
        field1required?: boolean;
        /**
         * Whether to ask field2
         */
        field2: boolean;
        /**
         * Error message when field2 not provided
         */
        field2error: string;
        /**
         * Label of field2
         */
        field2label: string;
        /**
         * Whether field2 is required field
         */
        field2required?: boolean;
        /**
         * Whether to ask field3
         */
        field3: boolean;
        /**
         * Error message when field3 not provided
         */
        field3error: string;
        /**
         * Label of field3
         */
        field3label: string;
        /**
         * Whether field3 is required field
         */
        field3required?: boolean;
        /**
         * Whether to ask field4
         */
        field4: boolean;
        /**
         * Error message when field4 not provided
         */
        field4error: string;
        /**
         * Label of field4
         */
        field4label: string;
        /**
         * Whether field4 is required field
         */
        field4required?: boolean;
        /**
         * Can be used to localize the portal based on the User Agent. Allowed property key values are:
         *   `ar`, `ca-ES`, `cs-CZ`, `da-DK`, `de-DE`, `el-GR`, `en-GB`, `en-US`, `es-ES`, `fi-FI`, `fr-FR`,
         *   `he-IL`, `hi-IN`, `hr-HR`, `hu-HU`, `id-ID`, `it-IT`, `ja-J^`, `ko-KT`, `ms-MY`, `nb-NO`, `nl-NL`,
         *   `pl-PL`, `pt-BR`, `pt-PT`, `ro-RO`, `ru-RU`, `sk-SK`, `sv-SE`, `th-TH`, `tr-TR`, `uk-UA`, `vi-VN`,
         *   `zh-Hans`, `zh-Hant`
         */
        locales?: {
            [key: string]: outputs.org.WlanPortalTemplatePortalTemplateLocales;
        };
        /**
         * path to the background image file. File must be a `png` image less than 100kB and image dimension must be less 500px x 200px (width x height).
         */
        logo: string;
        /**
         * label of the link to go to /marketing_policy
         */
        marketingPolicyLink: string;
        /**
         * Whether marketing policy optin is enabled
         */
        marketingPolicyOptIn: boolean;
        /**
         * label for marketing optin
         */
        marketingPolicyOptInLabel: string;
        /**
         * marketing policy text
         */
        marketingPolicyOptInText: string;
        message: string;
        multiAuth: boolean;
        /**
         * Whether name field is required
         */
        name: boolean;
        /**
         * Error message when name not provided
         */
        nameError: string;
        /**
         * Label of name field
         */
        nameLabel: string;
        /**
         * Default value for the `Do not store` checkbox
         */
        optOutDefault: boolean;
        /**
         * Whether to display Do Not Store My Personal Information
         */
        optout: boolean;
        /**
         * Label for Do Not Store My Personal Information
         */
        optoutLabel: string;
        pageTitle: string;
        /**
         * Label for the Passphrase cancel button
         */
        passphraseCancel: string;
        /**
         * Error message when invalid passphrase is provided
         */
        passphraseError: string;
        /**
         * Passphrase
         */
        passphraseLabel: string;
        passphraseMessage: string;
        /**
         * Label for the Passphrase submit button
         */
        passphraseSubmit: string;
        /**
         * Title for passphrase details page
         */
        passphraseTitle: string;
        /**
         * Whether to show \"Powered by Mist\"
         */
        poweredBy: boolean;
        /**
         * Whether to require the Privacy Term acceptance
         */
        privacy: boolean;
        /**
         * Prefix of the label of the link to go to Privacy Policy
         */
        privacyPolicyAcceptLabel: string;
        /**
         * Error message when Privacy Policy not accepted
         */
        privacyPolicyError: string;
        /**
         * Label of the link to go to Privacy Policy
         */
        privacyPolicyLink: string;
        /**
         * Text of the Privacy Policy
         */
        privacyPolicyText: string;
        /**
         * Label to denote required field
         */
        requiredFieldLabel: string;
        responsiveLayout: boolean;
        /**
         * Label of the button to signin
         */
        signInLabel: string;
        smsCarrierDefault: string;
        smsCarrierError: string;
        /**
         * Label for mobile carrier drop-down list
         */
        smsCarrierFieldLabel: string;
        /**
         * Label for cancel confirmation code submission
         */
        smsCodeCancel: string;
        /**
         * Error message when confirmation code is invalid
         */
        smsCodeError: string;
        smsCodeFieldLabel: string;
        smsCodeMessage: string;
        /**
         * Label for confirmation code submit button
         */
        smsCodeSubmit: string;
        smsCodeTitle: string;
        smsCountryFieldLabel: string;
        smsCountryFormat: string;
        /**
         * Label for checkbox to specify that the user has access code
         */
        smsHaveAccessCode: string;
        smsIsTwilio: boolean;
        /**
         * Format of access code sms message. {{code}} and {{duration}} are placeholders and should be retained as is.
         */
        smsMessageFormat?: string;
        /**
         * Label for canceling mobile details for SMS auth
         */
        smsNumberCancel: string;
        smsNumberError: string;
        /**
         * Label for field to provide mobile number
         */
        smsNumberFieldLabel: string;
        smsNumberFormat: string;
        smsNumberMessage: string;
        /**
         * Label for submit button for code generation
         */
        smsNumberSubmit: string;
        /**
         * Title for phone number details
         */
        smsNumberTitle: string;
        smsUsernameFormat: string;
        /**
         * How long confirmation code should be considered valid (in minutes)
         */
        smsValidityDuration?: number;
        sponsorBackLink: string;
        sponsorCancel: string;
        /**
         * Label for Sponsor Email
         */
        sponsorEmail: string;
        sponsorEmailError: string;
        /**
         * HTML template to replace/override default sponsor email template
         * Sponsor Email Template supports following template variables:
         *   * `approveUrl`: Renders URL to approve the request; optionally &minutes=N query param can be appended to change the Authorization period of the guest, where N is a valid integer denoting number of minutes a guest remains authorized
         *   * `denyUrl`: Renders URL to reject the request
         *   * `guestEmail`: Renders Email ID of the guest
         *   * `guestName`: Renders Name of the guest
         *   * `field1`: Renders value of the Custom Field 1
         *   * `field2`: Renders value of the Custom Field 2
         *   * `sponsorLinkValidityDuration`: Renders validity time of the request (i.e. Approve/Deny URL)
         *   * `authExpireMinutes`: Renders Wlan-level configured Guest Authorization Expiration time period (in minutes), If not configured then default (1 day in minutes)
         */
        sponsorEmailTemplate: string;
        sponsorInfoApproved: string;
        sponsorInfoDenied: string;
        sponsorInfoPending: string;
        /**
         * Label for Sponsor Name
         */
        sponsorName: string;
        sponsorNameError: string;
        sponsorNotePending: string;
        /**
         * Submit button label request Wifi Access and notify sponsor about guest request
         */
        sponsorRequestAccess: string;
        /**
         * Text to display if sponsor approves request
         */
        sponsorStatusApproved: string;
        /**
         * Text to display when sponsor denies request
         */
        sponsorStatusDenied: string;
        /**
         * Text to display if request is still pending
         */
        sponsorStatusPending: string;
        /**
         * Submit button label to notify sponsor about guest request
         */
        sponsorSubmit: string;
        sponsorsError: string;
        sponsorsFieldLabel: string;
        tos: boolean;
        /**
         * Prefix of the label of the link to go to tos
         */
        tosAcceptLabel: string;
        /**
         * Error message when tos not accepted
         */
        tosError: string;
        /**
         * Label of the link to go to tos
         */
        tosLink: string;
        /**
         * Text of the Terms of Service
         */
        tosText: string;
    }
    interface WlanPortalTemplatePortalTemplateLocales {
        /**
         * Label for Amazon auth button
         */
        authButtonAmazon?: string;
        /**
         * Label for Azure auth button
         */
        authButtonAzure?: string;
        /**
         * Label for Email auth button
         */
        authButtonEmail?: string;
        /**
         * Label for Facebook auth button
         */
        authButtonFacebook?: string;
        /**
         * Label for Google auth button
         */
        authButtonGoogle?: string;
        /**
         * Label for Microsoft auth button
         */
        authButtonMicrosoft?: string;
        /**
         * Label for passphrase auth button
         */
        authButtonPassphrase?: string;
        /**
         * Label for SMS auth button
         */
        authButtonSms?: string;
        /**
         * Label for Sponsor auth button
         */
        authButtonSponsor?: string;
        authLabel?: string;
        /**
         * Label of the link to go back to /logon
         */
        backLink?: string;
        /**
         * Error message when company not provided
         */
        companyError?: string;
        /**
         * Label of company field
         */
        companyLabel?: string;
        /**
         * Error message when a user has valid social login but doesn't match specified email domains.
         */
        emailAccessDomainError?: string;
        /**
         * Label for cancel confirmation code submission using email auth
         */
        emailCancel?: string;
        emailCodeCancel?: string;
        emailCodeError?: string;
        emailCodeFieldLabel?: string;
        emailCodeMessage?: string;
        emailCodeSubmit?: string;
        emailCodeTitle?: string;
        /**
         * Error message when email not provided
         */
        emailError?: string;
        emailFieldLabel?: string;
        /**
         * Label of email field
         */
        emailLabel?: string;
        emailMessage?: string;
        /**
         * Label for confirmation code submit button using email auth
         */
        emailSubmit?: string;
        /**
         * Title for the Email registration
         */
        emailTitle?: string;
        /**
         * Error message when field1 not provided
         */
        field1error?: string;
        /**
         * Label of field1
         */
        field1label?: string;
        /**
         * Error message when field2 not provided
         */
        field2error?: string;
        /**
         * Label of field2
         */
        field2label?: string;
        /**
         * Error message when field3 not provided
         */
        field3error?: string;
        /**
         * Label of field3
         */
        field3label?: string;
        /**
         * Error message when field4 not provided
         */
        field4error?: string;
        /**
         * Label of field4
         */
        field4label?: string;
        /**
         * label of the link to go to /marketing_policy
         */
        marketingPolicyLink?: string;
        /**
         * Whether marketing policy optin is enabled
         */
        marketingPolicyOptIn?: boolean;
        /**
         * label for marketing optin
         */
        marketingPolicyOptInLabel?: string;
        /**
         * marketing policy text
         */
        marketingPolicyOptInText?: string;
        message?: string;
        /**
         * Error message when name not provided
         */
        nameError?: string;
        /**
         * Label of name field
         */
        nameLabel?: string;
        /**
         * Label for Do Not Store My Personal Information
         */
        optoutLabel?: string;
        pageTitle?: string;
        /**
         * Label for the Passphrase cancel button
         */
        passphraseCancel?: string;
        /**
         * Error message when invalid passphrase is provided
         */
        passphraseError?: string;
        /**
         * Passphrase
         */
        passphraseLabel?: string;
        passphraseMessage?: string;
        /**
         * Label for the Passphrase submit button
         */
        passphraseSubmit?: string;
        /**
         * Title for passphrase details page
         */
        passphraseTitle?: string;
        /**
         * Prefix of the label of the link to go to Privacy Policy
         */
        privacyPolicyAcceptLabel?: string;
        /**
         * Error message when Privacy Policy not accepted
         */
        privacyPolicyError?: string;
        /**
         * Label of the link to go to Privacy Policy
         */
        privacyPolicyLink?: string;
        /**
         * Text of the Privacy Policy
         */
        privacyPolicyText?: string;
        /**
         * Label to denote required field
         */
        requiredFieldLabel?: string;
        /**
         * Label of the button to signin
         */
        signInLabel?: string;
        smsCarrierDefault?: string;
        smsCarrierError?: string;
        /**
         * Label for mobile carrier drop-down list
         */
        smsCarrierFieldLabel?: string;
        /**
         * Label for cancel confirmation code submission
         */
        smsCodeCancel?: string;
        /**
         * Error message when confirmation code is invalid
         */
        smsCodeError?: string;
        smsCodeFieldLabel?: string;
        smsCodeMessage?: string;
        /**
         * Label for confirmation code submit button
         */
        smsCodeSubmit?: string;
        smsCodeTitle?: string;
        smsCountryFieldLabel?: string;
        smsCountryFormat?: string;
        /**
         * Label for checkbox to specify that the user has access code
         */
        smsHaveAccessCode?: string;
        /**
         * Format of access code sms message. {{code}} and {{duration}} are placeholders and should be retained as is.
         */
        smsMessageFormat?: string;
        /**
         * Label for canceling mobile details for SMS auth
         */
        smsNumberCancel?: string;
        smsNumberError?: string;
        /**
         * Label for field to provide mobile number
         */
        smsNumberFieldLabel?: string;
        smsNumberFormat?: string;
        smsNumberMessage?: string;
        /**
         * Label for submit button for code generation
         */
        smsNumberSubmit?: string;
        /**
         * Title for phone number details
         */
        smsNumberTitle?: string;
        smsUsernameFormat?: string;
        sponsorBackLink?: string;
        sponsorCancel?: string;
        /**
         * Label for Sponsor Email
         */
        sponsorEmail?: string;
        sponsorEmailError?: string;
        sponsorInfoApproved?: string;
        sponsorInfoDenied?: string;
        sponsorInfoPending?: string;
        /**
         * Label for Sponsor Name
         */
        sponsorName?: string;
        sponsorNameError?: string;
        sponsorNotePending?: string;
        /**
         * Submit button label request Wifi Access and notify sponsor about guest request
         */
        sponsorRequestAccess?: string;
        /**
         * Text to display if sponsor approves request
         */
        sponsorStatusApproved?: string;
        /**
         * Text to display when sponsor denies request
         */
        sponsorStatusDenied?: string;
        /**
         * Text to display if request is still pending
         */
        sponsorStatusPending?: string;
        /**
         * Submit button label to notify sponsor about guest request
         */
        sponsorSubmit?: string;
        sponsorsError?: string;
        sponsorsFieldLabel?: string;
        /**
         * Prefix of the label of the link to go to tos
         */
        tosAcceptLabel?: string;
        /**
         * Error message when tos not accepted
         */
        tosError?: string;
        /**
         * Label of the link to go to tos
         */
        tosLink?: string;
        /**
         * Text of the Terms of Service
         */
        tosText?: string;
    }
    interface WlanQos {
        /**
         * enum: `background`, `bestEffort`, `video`, `voice`
         */
        class: string;
        /**
         * Whether to overwrite QoS
         */
        overwrite: boolean;
    }
    interface WlanRadsec {
        coaEnabled?: boolean;
        enabled?: boolean;
        idleTimeout?: string;
        /**
         * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
         */
        mxclusterIds?: string[];
        /**
         * Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
         */
        proxyHosts?: string[];
        /**
         * Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
         */
        serverName: string;
        /**
         * List of RadSec Servers. Only if not Mist Edge.
         */
        servers?: outputs.org.WlanRadsecServer[];
        /**
         * use mxedge(s) as RadSec Proxy
         */
        useMxedge?: boolean;
        /**
         * To use Site mxedges when this WLAN does not use mxtunnel
         */
        useSiteMxedge?: boolean;
    }
    interface WlanRadsecServer {
        host?: string;
        port?: number;
    }
    interface WlanRateset {
        /**
         * If `template`==`custom`. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
         */
        eht?: string;
        /**
         * If `template`==`custom`. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
         */
        he?: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
         */
        ht?: string;
        /**
         * if `template`==`custom`. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If `template`==`custom` is configured and legacy does not define at least one basic rate, it will use `no-legacy` default values. enum: `1`, `11`, `11b`, `12`, `12b`, `18`, `18b`, `1b`, `2`, `24`, `24b`, `2b`, `36`, `36b`, `48`, `48b`, `5.5`, `5.5b`, `54`, `54b`, `6`, `6b`, `9`, `9b`
         */
        legacies?: string[];
        /**
         * Minimum RSSI for client to connect, 0 means not enforcing
         */
        minRssi: number;
        /**
         * Data Rates template to apply. enum:
         *   * `no-legacy`: no 11b
         *   * `compatible`: all, like before, default setting that Broadcom/Atheros used
         *   * `legacy-only`: disable 802.11n and 802.11ac
         *   * `high-density`: no 11b, no low rates
         *   * `custom`: user defined
         */
        template: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
         */
        vht?: string;
    }
    interface WlanSchedule {
        enabled: boolean;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours?: outputs.org.WlanScheduleHours;
    }
    interface WlanScheduleHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed?: string;
    }
    interface WlantemplateApplies {
        orgId?: string;
        /**
         * List of site ids
         */
        siteIds: string[];
        /**
         * List of sitegroup ids
         */
        sitegroupIds: string[];
    }
    interface WlantemplateExceptions {
        /**
         * List of site ids
         */
        siteIds: string[];
        /**
         * List of sitegroup ids
         */
        sitegroupIds: string[];
    }
    interface WxtagSpec {
        /**
         * Matched destination port, "0" means any
         */
        portRange: string;
        /**
         * tcp / udp / icmp / gre / any / ":protocol_number", `protocolNumber` is between 1-254
         */
        protocol: string;
        /**
         * Matched destination subnets and/or IP Addresses
         */
        subnets: string[];
    }
}
export declare namespace site {
    interface BaseLatlng {
        lat: number;
        lng: number;
    }
    interface EvpnTopologyEvpnOptions {
        /**
         * Optional, for dhcp_relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server_id-overrides
         */
        autoLoopbackSubnet: string;
        /**
         * Optional, for dhcp_relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server_id-overrides
         */
        autoLoopbackSubnet6: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet6?: string;
        /**
         * Optional, for ERB or CLOS, you can either use esilag to upstream routers or to also be the virtual-gateway. When `routedAt` != `core`, whether to do virtual-gateway at core as well
         */
        coreAsBorder: boolean;
        overlay?: outputs.site.EvpnTopologyEvpnOptionsOverlay;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-01-01 as the virtual-gateway-address's v4_mac. If enabled, 00-00-5e-00-0X-YY will be used (where XX=vlan_id/256, YY=vlan_id%256)
         */
        perVlanVgaV4Mac: boolean;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-02-01 as the virtual-gateway-address's v6_mac. If enabled, 00-00-5e-00-1X-YY will be used (where XX=vlan_id/256, YY=vlan_id%256)
         */
        perVlanVgaV6Mac: boolean;
        /**
         * optional, where virtual-gateway should reside. enum: `core`, `distribution`, `edge`
         */
        routedAt: string;
        underlay?: outputs.site.EvpnTopologyEvpnOptionsUnderlay;
        /**
         * Optional, for EX9200 only to segregate virtual-switches
         */
        vsInstances?: {
            [key: string]: outputs.site.EvpnTopologyEvpnOptionsVsInstances;
        };
    }
    interface EvpnTopologyEvpnOptionsOverlay {
        /**
         * Overlay BGP Local AS Number
         */
        as: number;
    }
    interface EvpnTopologyEvpnOptionsUnderlay {
        /**
         * Underlay BGP Base AS Number
         */
        asBase: number;
        routedIdPrefix?: string;
        /**
         * Underlay subnet, by default, `10.255.240.0/20`, or `fd31:5700::/64` for ipv6
         */
        subnet?: string;
        /**
         * If v6 is desired for underlay
         */
        useIpv6: boolean;
    }
    interface EvpnTopologyEvpnOptionsVsInstances {
        networks?: string[];
    }
    interface EvpnTopologySwitches {
        deviceprofileId: string;
        evpnId: number;
        mac: string;
        model: string;
        /**
         * Optionally, for distribution / access / esilag-access, they can be placed into different pods. e.g.
         *   * for CLOS, to group dist / access switches into pods
         *   * for ERB/CRB, to group dist / esilag-access into pods
         */
        pod: number;
        /**
         * By default, core switches are assumed to be connecting all pods.
         * if you want to limit the pods, you can specify pods.
         */
        pods: number[];
        /**
         * use `role`==`none` to remove a switch from the topology. enum: `access`, `collapsed-core`, `core`, `distribution`, `esilag-access`, `none`
         */
        role: string;
        routerId: string;
        siteId: string;
    }
    interface GetEvpnTopologiesSiteEvpnTopology {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * EVPN Options
         */
        evpnOptions: outputs.site.GetEvpnTopologiesSiteEvpnTopologyEvpnOptions;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        /**
         * Property key is the pod number
         */
        podNames: {
            [key: string]: string;
        };
        siteId: string;
    }
    interface GetEvpnTopologiesSiteEvpnTopologyEvpnOptions {
        /**
         * Optional, for dhcp*relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server*id-overrides
         */
        autoLoopbackSubnet: string;
        /**
         * Optional, for dhcp*relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server*id-overrides
         */
        autoLoopbackSubnet6: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet: string;
        /**
         * Optional, this generates routerId automatically, if specified, `routerIdPrefix` is ignored
         */
        autoRouterIdSubnet6: string;
        /**
         * Optional, for ERB or CLOS, you can either use esilag to upstream routers or to also be the virtual-gateway. When `routedAt` != `core`, whether to do virtual-gateway at core as well
         */
        coreAsBorder: boolean;
        overlay: outputs.site.GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsOverlay;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-01-01 as the virtual-gateway-address's v4*mac. If enabled, 00-00-5e-00-0X-YY will be used (where XX=vlan*id/256, YY=vlan_id%256)
         */
        perVlanVgaV4Mac: boolean;
        /**
         * Only for by Core-Distribution architecture when `evpn_options.routed_at`==`core`. By default, JUNOS uses 00-00-5e-00-02-01 as the virtual-gateway-address's v6*mac. If enabled, 00-00-5e-00-1X-YY will be used (where XX=vlan*id/256, YY=vlan_id%256)
         */
        perVlanVgaV6Mac: boolean;
        /**
         * optional, where virtual-gateway should reside. enum: `core`, `distribution`, `edge`
         */
        routedAt: string;
        underlay: outputs.site.GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsUnderlay;
        /**
         * Optional, for EX9200 only to segregate virtual-switches
         */
        vsInstances: {
            [key: string]: outputs.site.GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsVsInstances;
        };
    }
    interface GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsOverlay {
        /**
         * Overlay BGP Local AS Number
         */
        as: number;
    }
    interface GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsUnderlay {
        /**
         * Underlay BGP Base AS Number
         */
        asBase: number;
        routedIdPrefix: string;
        /**
         * Underlay subnet, by default, `10.255.240.0/20`, or `fd31:5700::/64` for ipv6
         */
        subnet: string;
        /**
         * If v6 is desired for underlay
         */
        useIpv6: boolean;
    }
    interface GetEvpnTopologiesSiteEvpnTopologyEvpnOptionsVsInstances {
        networks: string[];
    }
    interface GetPsksSitePsk {
        /**
         * sso id for psk created from psk portal
         */
        adminSsoId: string;
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * email to send psk expiring notifications to
         */
        email: string;
        /**
         * Expire time for this PSK key (epoch time in seconds). Default `null` (as no expiration)
         */
        expireTime: number;
        /**
         * Number of days before psk is expired. Used as to when to start sending reminder notification when the psk is about to expire
         */
        expiryNotificationTime: number;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * If `usage`==`single`, the mac that this PSK ties to, empty if `auto-binding`
         */
        mac: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        name: string;
        note: string;
        /**
         * If set to true, reminder notification will be sent when psk is about to expire
         */
        notifyExpiry: boolean;
        /**
         * If set to true, notification will be sent when psk is created or edited
         */
        notifyOnCreateOrEdit: boolean;
        /**
         * previous passphrase of the PSK if it has been rotated
         */
        oldPassphrase: string;
        orgId: string;
        /**
         * passphrase of the PSK (8-63 character or 64 in hex)
         */
        passphrase: string;
        role: string;
        siteId: string;
        /**
         * SSID this PSK should be applicable to
         */
        ssid: string;
        /**
         * enum: `macs`, `multi`, `single`
         */
        usage: string;
        vlanId: string;
    }
    interface GetWebhooksSiteWebhook {
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Whether webhook is enabled
         */
        enabled: boolean;
        /**
         * If `type`=`http-post`, additional custom HTTP headers to add. The headers name and value must be string, total bytes of headers name and value must be less than 1000
         */
        headers: {
            [key: string]: string;
        };
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        /**
         * Name of the webhook
         */
        name: string;
        /**
         * Required when `oauth2GrantType`==`clientCredentials`
         */
        oauth2ClientId: string;
        /**
         * Required when `oauth2GrantType`==`clientCredentials`
         */
        oauth2ClientSecret: string;
        /**
         * required when `type`==`oauth2`. enum: `clientCredentials`, `password`
         */
        oauth2GrantType: string;
        /**
         * Required when `oauth2GrantType`==`password`
         */
        oauth2Password: string;
        /**
         * Required when `type`==`oauth2`, if provided, will be used in the token request
         */
        oauth2Scopes: string[];
        /**
         * Required when `type`==`oauth2`
         */
        oauth2TokenUrl: string;
        /**
         * Required when `oauth2GrantType`==`password`
         */
        oauth2Username: string;
        orgId: string;
        /**
         * Only if `type`=`http-post`
         */
        secret: string;
        /**
         * Some solutions may not be able to parse multiple events from a single message (e.g. IBM Qradar, DSM). When set to `true`, only a single event will be sent per message. this feature is only available on certain topics (see List Webhook Topics)
         */
        singleEventPerMessage: boolean;
        siteId: string;
        /**
         * Required if `type`=`splunk`. If splunkToken is not defined for a type Splunk webhook, it will not send, regardless if the webhook receiver is configured to accept it.
         */
        splunkToken: string;
        /**
         * List of supported webhook topics available with the API Call List Webhook Topics
         */
        topics: string[];
        /**
         * enum: `aws-sns`, `google-pubsub`, `http-post`, `oauth2`, `splunk`
         */
        type: string;
        url: string;
        /**
         * When url uses HTTPS, whether to verify the certificate
         */
        verifyCert: boolean;
    }
    interface GetWlansSiteWlan {
        /**
         * Enable coa-immediate-update and address-change-immediate-update on the access profile.
         */
        acctImmediateUpdate: boolean;
        /**
         * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
         */
        acctInterimInterval: number;
        /**
         * List of RADIUS accounting servers, optional, order matters where the first one is treated as primary
         */
        acctServers: outputs.site.GetWlansSiteWlanAcctServer[];
        /**
         * Airwatch wlan settings
         */
        airwatch: outputs.site.GetWlansSiteWlanAirwatch;
        /**
         * Only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through
         */
        allowIpv6Ndp: boolean;
        /**
         * Only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through
         */
        allowMdns: boolean;
        /**
         * Only applicable when `limitBcast`==`true`, which allows SSDP
         */
        allowSsdp: boolean;
        /**
         * List of device ids
         */
        apIds: string[];
        /**
         * Bandwidth limiting for apps (applies to up/down)
         */
        appLimit: outputs.site.GetWlansSiteWlanAppLimit;
        /**
         * APp qos wlan settings
         */
        appQos: outputs.site.GetWlansSiteWlanAppQos;
        /**
         * enum: `aps`, `site`, `wxtags`
         */
        applyTo: string;
        /**
         * Whether to enable smart arp filter
         */
        arpFilter: boolean;
        /**
         * Authentication wlan settings
         */
        auth: outputs.site.GetWlansSiteWlanAuth;
        /**
         * When ordered, AP will prefer and go back to the first server if possible. enum: `ordered`, `unordered`
         */
        authServerSelection: string;
        /**
         * List of RADIUS authentication servers, at least one is needed if `auth type`==`eap`, order matters where the first one is treated as primary
         */
        authServers: outputs.site.GetWlansSiteWlanAuthServer[];
        /**
         * Optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers
         */
        authServersNasId: string;
        /**
         * Optional, NAS-IP-ADDRESS to use
         */
        authServersNasIp: string;
        /**
         * Radius auth session retries. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘retries’  are set to value of auth_servers_retries. ‘max-requests’ is also set when setting authServersRetries and is set to default value to 3.
         */
        authServersRetries: number;
        /**
         * Radius auth session timeout. Following fast timers are set if "fastDot1xTimers" knob is enabled. ‘quite-period’  and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting authServersTimeout and is set to default value of 10.
         */
        authServersTimeout: number;
        /**
         * Whether to enable band_steering, this works only when band==both
         */
        bandSteer: boolean;
        /**
         * Force dualBand capable client to connect to 5G
         */
        bandSteerForceBand5: boolean;
        /**
         * List of radios that the wlan should apply to.
         */
        bands: string[];
        /**
         * Whether to block the clients in the blacklist (up to first 256 macs)
         */
        blockBlacklistClients: boolean;
        /**
         * Bonjour gateway wlan settings
         */
        bonjour: outputs.site.GetWlansSiteWlanBonjour;
        /**
         * Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
         */
        ciscoCwa: outputs.site.GetWlansSiteWlanCiscoCwa;
        clientLimitDown: string;
        /**
         * If downlink limiting per-client is enabled
         */
        clientLimitDownEnabled: boolean;
        clientLimitUp: string;
        /**
         * If uplink limiting per-client is enabled
         */
        clientLimitUpEnabled: boolean;
        /**
         * List of COA (change of authorization) servers, optional
         */
        coaServers: outputs.site.GetWlansSiteWlanCoaServer[];
        /**
         * When the object has been created, in epoch
         */
        createdTime: number;
        /**
         * Some old WLAN drivers may not be compatible
         */
        disable11ax: boolean;
        /**
         * To disable Wi-Fi 7 EHT IEs
         */
        disable11be: boolean;
        /**
         * To disable ht or vht rates
         */
        disableHtVhtRates: boolean;
        /**
         * Whether to disable U-APSD
         */
        disableUapsd: boolean;
        /**
         * Disable sending v2 roam notification messages
         */
        disableV1RoamNotify: boolean;
        /**
         * Disable sending v2 roam notification messages
         */
        disableV2RoamNotify: boolean;
        /**
         * When any of the following is true, this WLAN will be disabled
         *    * cannot get IP
         *    * cannot obtain default gateway
         *    * cannot reach default gateway
         */
        disableWhenGatewayUnreachable: boolean;
        disableWhenMxtunnelDown: boolean;
        /**
         * Whether to disable WMM
         */
        disableWmm: boolean;
        /**
         * For radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns)
         */
        dnsServerRewrite: outputs.site.GetWlansSiteWlanDnsServerRewrite;
        dtim: number;
        /**
         * For dynamic PSK where we get perUser PSK from Radius. dynamicPsk allows PSK to be selected at runtime depending on context (wlan/site/user/...) thus following configurations are assumed (currently)
         *   * PSK will come from RADIUS server
         *   * AP sends client MAC as username and password (i.e. `enableMacAuth` is assumed)
         *   * AP sends BSSID:SSID as Caller-Station-ID
         *   * `authServers` is required
         *   * PSK will come from cloud WLC if source is cloudPsks
         *   * defaultPsk will be used if cloud WLC is not available
         *   * `multiPskOnly` and `psk` is ignored
         *   * `pairwise` can only be wpa2-ccmp (for now, wpa3 support on the roadmap)
         */
        dynamicPsk: outputs.site.GetWlansSiteWlanDynamicPsk;
        /**
         * For 802.1x
         */
        dynamicVlan: outputs.site.GetWlansSiteWlanDynamicVlan;
        /**
         * Enable AP-AP keycaching via multicast
         */
        enableLocalKeycaching: boolean;
        /**
         * By default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wirelessBridging can be enabled
         */
        enableWirelessBridging: boolean;
        /**
         * If the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcpTracking will cut down DHCP response packets to be forwarded to wireless
         */
        enableWirelessBridgingDhcpTracking: boolean;
        /**
         * If this wlan is enabled
         */
        enabled: boolean;
        /**
         * If set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’ .
         */
        fastDot1xTimers: boolean;
        /**
         * Whether to hide SSID in beacon
         */
        hideSsid: boolean;
        /**
         * Include hostname inside IE in AP beacons / probe responses
         */
        hostnameIe: boolean;
        /**
         * Hostspot 2.0 wlan settings
         */
        hotspot20: outputs.site.GetWlansSiteWlanHotspot20;
        /**
         * Unique ID of the object instance in the Mist Organization
         */
        id: string;
        injectDhcpOption82: outputs.site.GetWlansSiteWlanInjectDhcpOption82;
        /**
         * where this WLAN will be connected to. enum: `all`, `eth0`, `eth1`, `eth2`, `eth3`, `mxtunnel`, `siteMxedge`, `wxtunnel`
         */
        interface: string;
        /**
         * Whether to stop clients to talk to each other
         */
        isolation: boolean;
        /**
         * If isolation is enabled, whether to deny clients to talk to L2 on the LAN
         */
        l2Isolation: boolean;
        /**
         * Legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices.
         */
        legacyOverds: boolean;
        /**
         * Whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through)
         */
        limitBcast: boolean;
        /**
         * Limit probe response base on some heuristic rules
         */
        limitProbeResponse: boolean;
        /**
         * Max idle time in seconds
         */
        maxIdletime: number;
        /**
         * Maximum number of client connected to the SSID. `0` means unlimited
         */
        maxNumClients: number;
        mistNac: outputs.site.GetWlansSiteWlanMistNac;
        /**
         * When the object has been modified for the last time, in epoch
         */
        modifiedTime: number;
        mspId: string;
        /**
         * When `interface`=`mxtunnel`, id of the Mist Tunnel
         */
        mxtunnelIds: string[];
        /**
         * When `interface`=`siteMxedge`, name of the mxtunnel that in mxtunnels under Site Setting
         */
        mxtunnelNames: string[];
        /**
         * Whether to only allow client to use DNS that we’ve learned from DHCP response
         */
        noStaticDns: boolean;
        /**
         * Whether to only allow client that we’ve learned from DHCP exchange to talk
         */
        noStaticIp: boolean;
        orgId: string;
        /**
         * Portal wlan settings
         */
        portal: outputs.site.GetWlansSiteWlanPortal;
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        portalAllowedHostnames: string[];
        /**
         * List of CIDRs
         */
        portalAllowedSubnets: string[];
        /**
         * APi secret (auto-generated) that can be used to sign guest authorization requests
         */
        portalApiSecret: string;
        /**
         * List of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames
         */
        portalDeniedHostnames: string[];
        /**
         * Url of portal background image
         */
        portalImage: string;
        portalSsoUrl: string;
        qos: outputs.site.GetWlansSiteWlanQos;
        /**
         * RadSec settings
         */
        radsec: outputs.site.GetWlansSiteWlanRadsec;
        /**
         * Property key is the RF band. enum: `24`, `5`, `6`
         */
        rateset: {
            [key: string]: outputs.site.GetWlansSiteWlanRateset;
        };
        /**
         * When different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
         */
        reconnectClientsWhenRoamingMxcluster: boolean;
        /**
         * enum: `11r`, `OKC`, `NONE`
         */
        roamMode: string;
        /**
         * WLAN operating schedule, default is disabled
         */
        schedule: outputs.site.GetWlansSiteWlanSchedule;
        siteId: string;
        /**
         * Whether to exclude this WLAN from SLE metrics
         */
        sleExcluded: boolean;
        /**
         * Name of the SSID
         */
        ssid: string;
        /**
         * If `auth.type`==`eap` or `auth.type`==`psk`, should only be set for legacy client, such as pre-2004, 802.11b devices
         */
        useEapolV1: boolean;
        /**
         * If vlan tagging is enabled
         */
        vlanEnabled: boolean;
        vlanId: string;
        /**
         * if `vlanEnabled`==`true` and `vlanPooling`==`true`. List of VLAN IDs (comma separated) to be used in the VLAN Pool
         */
        vlanIds: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
         */
        vlanPooling: boolean;
        wlanLimitDown: string;
        /**
         * If downlink limiting for whole wlan is enabled
         */
        wlanLimitDownEnabled: boolean;
        wlanLimitUp: string;
        /**
         * If uplink limiting for whole wlan is enabled
         */
        wlanLimitUpEnabled: boolean;
        /**
         * List of wxtag_ids
         */
        wxtagIds: string[];
        /**
         * When `interface`=`wxtunnel`, id of the WXLAN Tunnel
         */
        wxtunnelId: string;
        /**
         * When `interface`=`wxtunnel`, remote tunnel identifier
         */
        wxtunnelRemoteId: string;
    }
    interface GetWlansSiteWlanAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat: string;
        keywrapKek: string;
        keywrapMack: string;
        port: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface GetWlansSiteWlanAirwatch {
        /**
         * API Key
         */
        apiKey: string;
        /**
         * Console URL
         */
        consoleUrl: string;
        enabled: boolean;
        /**
         * Password
         */
        password: string;
        /**
         * Username
         */
        username: string;
    }
    interface GetWlansSiteWlanAppLimit {
        /**
         * Map from app key to bandwidth in kbps.
         * Property key is the app key, defined in Get Application List
         */
        apps: {
            [key: string]: number;
        };
        enabled: boolean;
        /**
         * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
         */
        wxtagIds: {
            [key: string]: number;
        };
    }
    interface GetWlansSiteWlanAppQos {
        apps: {
            [key: string]: outputs.site.GetWlansSiteWlanAppQosApps;
        };
        enabled: boolean;
        others: outputs.site.GetWlansSiteWlanAppQosOther[];
    }
    interface GetWlansSiteWlanAppQosApps {
        dscp: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        dstSubnet: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        srcSubnet: string;
    }
    interface GetWlansSiteWlanAppQosOther {
        dscp: string;
        dstSubnet: string;
        portRanges: string;
        protocol: string;
        srcSubnet: string;
    }
    interface GetWlansSiteWlanAuth {
        /**
         * SAE anti-clogging token threshold
         */
        anticlogThreshold: number;
        /**
         * Whether to trigger EAP reauth when the session ends
         */
        eapReauth: boolean;
        /**
         * Whether to enable MAC Auth, uses the same auth_servers
         */
        enableMacAuth: boolean;
        /**
         * When `type`==`wep`
         */
        keyIdx: number;
        /**
         * When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
         */
        keys: string[];
        /**
         * When `type`==`psk`, whether to only use multi_psk
         */
        multiPskOnly: boolean;
        /**
         * if `type`==`open`. enum: `disabled`, `enabled` (means transition mode), `required`
         */
        owe: string;
        /**
         * When `type`=`psk` or `type`=`eap`, one or more of `wpa1-ccmp`, `wpa1-tkip`, `wpa2-ccmp`, `wpa2-tkip`, `wpa3`
         */
        pairwises: string[];
        /**
         * When `multiPskOnly`==`true`, whether private wlan is enabled
         */
        privateWlan: boolean;
        /**
         * When `type`==`psk`, 8-64 characters, or 64 hex characters
         */
        psk: string;
        /**
         * enum: `eap`, `eap192`, `open`, `psk`, `psk-tkip`, `psk-wpa2-tkip`, `wep`
         */
        type: string;
        /**
         * Enable WEP as secondary auth
         */
        wepAsSecondaryAuth: boolean;
    }
    interface GetWlansSiteWlanAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat: string;
        keywrapKek: string;
        keywrapMack: string;
        port: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface GetWlansSiteWlanBonjour {
        /**
         * additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
         */
        additionalVlanIds: string[];
        /**
         * Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
         */
        enabled: boolean;
        /**
         * What services are allowed.
         * Property key is the service name
         */
        services: {
            [key: string]: outputs.site.GetWlansSiteWlanBonjourServices;
        };
    }
    interface GetWlansSiteWlanBonjourServices {
        /**
         * Whether to prevent wireless clients to discover bonjour devices on the same WLAN
         */
        disableLocal: boolean;
        /**
         * Optional, if the service is further restricted for certain RADIUS groups
         */
        radiusGroups: string[];
        /**
         * how bonjour services should be discovered for the same WLAN. enum: `sameAp`, `sameMap`, `sameSite`
         */
        scope: string;
    }
    interface GetWlansSiteWlanCiscoCwa {
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        allowedHostnames: string[];
        /**
         * List of CIDRs
         */
        allowedSubnets: string[];
        /**
         * List of blocked CIDRs
         */
        blockedSubnets: string[];
        enabled: boolean;
    }
    interface GetWlansSiteWlanCoaServer {
        /**
         * Whether to disable Event-Timestamp Check
         */
        disableEventTimestampCheck: boolean;
        enabled: boolean;
        ip: string;
        port: string;
        secret: string;
    }
    interface GetWlansSiteWlanDnsServerRewrite {
        enabled: boolean;
        /**
         * Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
         */
        radiusGroups: {
            [key: string]: string;
        };
    }
    interface GetWlansSiteWlanDynamicPsk {
        /**
         * Default PSK to use if cloud WLC is not available, 8-63 characters
         */
        defaultPsk: string;
        defaultVlanId: string;
        enabled: boolean;
        /**
         * When 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
         */
        forceLookup: boolean;
        /**
         * enum: `cloudPsks`, `radius`
         */
        source: string;
    }
    interface GetWlansSiteWlanDynamicVlan {
        /**
         * Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
         */
        defaultVlanIds: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Whether to enable dynamic vlan
         */
        enabled: boolean;
        /**
         * VLAN_ids to be locally bridged
         */
        localVlanIds: string[];
        /**
         * standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: `airespace-interface-name`, `standard`
         */
        type: string;
        /**
         * Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
         *   * if `dynamic_vlan.type`==`standard`, property key is the Vlan ID and property value is \"\"
         *   * if `dynamic_vlan.type`==`airespace-interface-name`, property key is the Vlan ID and property value is the Airespace Interface Name
         */
        vlans: {
            [key: string]: string;
        };
    }
    interface GetWlansSiteWlanHotspot20 {
        domainNames: string[];
        /**
         * Whether to enable hotspot 2.0 config
         */
        enabled: boolean;
        naiRealms: string[];
        /**
         * List of operators to support
         */
        operators: string[];
        rcois: string[];
        /**
         * Venue name, default is site name
         */
        venueName: string;
    }
    interface GetWlansSiteWlanInjectDhcpOption82 {
        /**
         * Information to set in the `circuitId` field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. `{{SSID}}:{{AP_MAC}}`):
         *   * {{AP_MAC}}
         *   * {{AP_MAC_DASHED}}
         *   * {{AP_MODEL}}
         *   * {{AP_NAME}}
         *   * {{SITE_NAME}}
         *   * {{SSID}}
         */
        circuitId: string;
        /**
         * Whether to inject option 82 when forwarding DHCP packets
         */
        enabled: boolean;
    }
    interface GetWlansSiteWlanMistNac {
        /**
         * When enabled:
         *   * `authServers` is ignored
         *   * `acctServers` is ignored
         *   * `auth_servers_*` are ignored
         *   * `coaServers` is ignored
         *   * `radsec` is ignored
         *   * `coaEnabled` is assumed
         */
        enabled: boolean;
    }
    interface GetWlansSiteWlanPortal {
        /**
         * Optional if `amazonEnabled`==`true`. Whether to allow guest to connect to other Guest WLANs (with different `WLAN.ssid`) of same org without reauthentication (disable randomMac for seamless roaming)
         */
        allowWlanIdRoam: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        amazonClientId: string;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
         */
        amazonClientSecret: string;
        /**
         * Optional if `amazonEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        amazonEmailDomains: string[];
        /**
         * Whether amazon is enabled as a login method
         */
        amazonEnabled: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
         */
        amazonExpire: number;
        /**
         * authentication scheme. enum: `amazon`, `azure`, `email`, `external`, `facebook`, `google`, `microsoft`, `multi`, `none`, `password`, `sms`, `sponsor`, `sso`
         */
        auth: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client id
         */
        azureClientId: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client secret
         */
        azureClientSecret: string;
        /**
         * Whether Azure Active Directory is enabled as a login method
         */
        azureEnabled: boolean;
        /**
         * Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
         */
        azureExpire: number;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory tenant id.
         */
        azureTenantId: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetPassword: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetSid: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetUserId: string;
        /**
         * Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
         */
        bypassWhenCloudDown: boolean;
        /**
         * Required if `smsProvider`==`clickatell`
         */
        clickatellApiKey: string;
        /**
         * Whether to allow guest to roam between WLANs (with same `WLAN.ssid`, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
         */
        crossSite: boolean;
        /**
         * Whether email (access code verification) is enabled as a login method
         */
        emailEnabled: boolean;
        /**
         * Whether guest portal is enabled
         */
        enabled: boolean;
        /**
         * How long to remain authorized, in minutes
         */
        expire: number;
        /**
         * Required if `wlanPortalAuth`==`external`. External portal URL (e.g. https://host/url) where we can append our query parameters to
         */
        externalPortalUrl: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        facebookClientId: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
         */
        facebookClientSecret: string;
        /**
         * Optional if `facebookEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        facebookEmailDomains: string[];
        /**
         * Whether facebook is enabled as a login method
         */
        facebookEnabled: boolean;
        /**
         * Optional if `facebookEnabled`==`true`. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
         */
        facebookExpire: number;
        /**
         * Whether to forward the user to another URL after authorized
         */
        forward: boolean;
        /**
         * URL to forward the user to
         */
        forwardUrl: string;
        /**
         * Google OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        googleClientId: string;
        /**
         * Optional if `googleEnabled`==`true`. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
         */
        googleClientSecret: string;
        /**
         * Optional if `googleEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        googleEmailDomains: string[];
        /**
         * Whether Google is enabled as login method
         */
        googleEnabled: boolean;
        /**
         * Optional if `googleEnabled`==`true`. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
         */
        googleExpire: number;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupPassword: string;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupUserid: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        microsoftClientId: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
         */
        microsoftClientSecret: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        microsoftEmailDomains: string[];
        /**
         * Whether microsoft 365 is enabled as a login method
         */
        microsoftEnabled: boolean;
        /**
         * Optional if `microsoftEnabled`==`true`. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
         */
        microsoftExpire: number;
        /**
         * Whether password is enabled
         */
        passphraseEnabled: boolean;
        /**
         * Optional if `passphraseEnabled`==`true`. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses `expire`
         */
        passphraseExpire: number;
        /**
         * Required if `passphraseEnabled`==`true`.
         */
        password: string;
        /**
         * Whether to show list of sponsor emails mentioned in `sponsors` object as a dropdown. If both `sponsorNotifyAll` and `predefinedSponsorsEnabled` are false, behaviour is acc to `sponsorEmailDomains`
         */
        predefinedSponsorsEnabled: boolean;
        /**
         * Whether to hide sponsor’s email from list of sponsors
         */
        predefinedSponsorsHideEmail: boolean;
        privacy: boolean;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelPassword: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelServiceId: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelUsername: string;
        /**
         * Whether sms is enabled as a login method
         */
        smsEnabled: boolean;
        /**
         * Optional if `smsEnabled`==`true`. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
         */
        smsExpire: number;
        /**
         * Optional if `smsEnabled`==`true`. SMS Message format
         */
        smsMessageFormat: string;
        /**
         * Optioanl if `smsEnabled`==`true`. enum: `broadnet`, `clickatell`, `gupshup`, `manual`, `puzzel`, `telstra`, `twilio`
         */
        smsProvider: string;
        /**
         * Optional if `sponsorEnabled`==`true`. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
         */
        sponsorAutoApprove: boolean;
        /**
         * List of domain allowed for sponsor email. Required if `sponsorEnabled` is `true` and `sponsors` is empty.
         */
        sponsorEmailDomains: string[];
        /**
         * Whether sponsor is enabled
         */
        sponsorEnabled: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
         */
        sponsorExpire: number;
        sponsorLinkValidityDuration: string;
        /**
         * Optional if `sponsorEnabled`==`true`. whether to notify all sponsors that are mentioned in `sponsors` object. Both `sponsorNotifyAll` and `predefinedSponsorsEnabled` should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
         */
        sponsorNotifyAll: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. If enabled, guest will get email about sponsor's action (approve/deny)
         */
        sponsorStatusNotify: boolean;
        /**
         * object of allowed sponsors email with name. Required if `sponsorEnabled`
         *             is `true` and `sponsorEmailDomains` is empty.
         *
         *             Property key is the sponsor email, Property value is the sponsor name
         */
        sponsors: {
            [key: string]: string;
        };
        /**
         * Optional if `wlanPortalAuth`==`sso`, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
         */
        ssoDefaultRole: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`
         */
        ssoForcedRole: string;
        /**
         * Required if `wlanPortalAuth`==`sso`. IDP Cert (used to verify the signed response)
         */
        ssoIdpCert: string;
        /**
         * Optioanl if `wlanPortalAuth`==`sso`, Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`
         */
        ssoIdpSignAlgo: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP Single-Sign-On URL
         */
        ssoIdpSsoUrl: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP issuer URL
         */
        ssoIssuer: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`. enum: `email`, `unspecified`
         */
        ssoNameidFormat: string;
        /**
         * Required if `smsProvider`==`telstra`, Client ID provided by Telstra
         */
        telstraClientId: string;
        /**
         * Required if `smsProvider`==`telstra`, Client secret provided by Telstra
         */
        telstraClientSecret: string;
        /**
         * Required if `smsProvider`==`twilio`, Auth token account with twilio account
         */
        twilioAuthToken: string;
        /**
         * Required if `smsProvider`==`twilio`, Twilio phone number associated with the account. See example for accepted format.
         */
        twilioPhoneNumber: string;
        /**
         * Required if `smsProvider`==`twilio`, Account SID provided by Twilio
         */
        twilioSid: string;
    }
    interface GetWlansSiteWlanQos {
        /**
         * enum: `background`, `bestEffort`, `video`, `voice`
         */
        class: string;
        /**
         * Whether to overwrite QoS
         */
        overwrite: boolean;
    }
    interface GetWlansSiteWlanRadsec {
        coaEnabled: boolean;
        enabled: boolean;
        idleTimeout: string;
        /**
         * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
         */
        mxclusterIds: string[];
        /**
         * Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
         */
        proxyHosts: string[];
        /**
         * Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
         */
        serverName: string;
        /**
         * List of RadSec Servers. Only if not Mist Edge.
         */
        servers: outputs.site.GetWlansSiteWlanRadsecServer[];
        /**
         * use mxedge(s) as RadSec Proxy
         */
        useMxedge: boolean;
        /**
         * To use Site mxedges when this WLAN does not use mxtunnel
         */
        useSiteMxedge: boolean;
    }
    interface GetWlansSiteWlanRadsecServer {
        host: string;
        port: number;
    }
    interface GetWlansSiteWlanRateset {
        /**
         * If `template`==`custom`. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
         */
        eht: string;
        /**
         * If `template`==`custom`. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
         */
        he: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
         */
        ht: string;
        /**
         * If `template`==`custom`. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If `template`==`custom` is configured and legacy does not define at least one basic rate, it will use `no-legacy` default values
         */
        legacies: string[];
        /**
         * Minimum RSSI for client to connect, 0 means not enforcing
         */
        minRssi: number;
        /**
         * Data Rates template to apply. enum:
         *   * `no-legacy`: no 11b
         *   * `compatible`: all, like before, default setting that Broadcom/Atheros used
         *   * `legacy-only`: disable 802.11n and 802.11ac
         *   * `high-density`: no 11b, no low rates
         *   * `custom`: user defined
         */
        template: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
         */
        vht: string;
    }
    interface GetWlansSiteWlanSchedule {
        enabled: boolean;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours: outputs.site.GetWlansSiteWlanScheduleHours;
    }
    interface GetWlansSiteWlanScheduleHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed: string;
    }
    interface NetworktemplateAclPolicy {
        /**
         * ACL Policy Actions:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        actions?: outputs.site.NetworktemplateAclPolicyAction[];
        name?: string;
        /**
         * ACL Policy Source Tags:
         *   - for GBP-based policy, all srcTags and dstTags have to be gbp-based
         *   - for ACL-based policy, `network` is required in either the source or destination so that we know where to attach the policy to
         */
        srcTags?: string[];
    }
    interface NetworktemplateAclPolicyAction {
        /**
         * enum: `allow`, `deny`
         */
        action?: string;
        dstTag: string;
    }
    interface NetworktemplateAclTags {
        /**
         * Required if
         *   - `type`==`dynamicGbp` (gbp_tag received from RADIUS)
         *   - `type`==`gbpResource`
         *   - `type`==`staticGbp` (applying gbp tag against matching conditions)
         */
        gbpTag?: number;
        /**
         * Required if
         * - `type`==`mac`
         * - `type`==`staticGbp` if from matching mac
         */
        macs: string[];
        /**
         * If:
         *   * `type`==`mac` (optional. default is `any`)
         *   * `type`==`subnet` (optional. default is `any`)
         *   * `type`==`network`
         *   * `type`==`resource` (optional. default is `any`)
         *   * `type`==`staticGbp` if from matching network (vlan)
         */
        network?: string;
        /**
         * Required if:
         *   * `type`==`radiusGroup`
         *   * `type`==`staticGbp`
         * if from matching radius_group
         */
        radiusGroup?: string;
        /**
         * If `type`==`resource` or `type`==`gbpResource`. Empty means unrestricted, i.e. any
         */
        specs?: outputs.site.NetworktemplateAclTagsSpec[];
        /**
         * If
         * - `type`==`subnet`
         * - `type`==`resource` (optional. default is `any`)
         * - `type`==`staticGbp` if from matching subnet
         */
        subnets: string[];
        /**
         * enum:
         *   * `any`: matching anything not identified
         *   * `dynamicGbp`: from the gbpTag received from RADIUS
         *   * `gbpResource`: can only be used in `dstTags`
         *   * `mac`
         *   * `network`
         *   * `radiusGroup`
         *   * `resource`: can only be used in `dstTags`
         *   * `staticGbp`: applying gbp tag against matching conditions
         *   * `subnet`'
         */
        type: string;
    }
    interface NetworktemplateAclTagsSpec {
        /**
         * Matched dst port, "0" means any
         */
        portRange: string;
        /**
         * `tcp` / `udp` / `icmp` / `icmp6` / `gre` / `any` / `:protocol_number`, `protocolNumber` is between 1-254, default is `any` `protocolNumber` is between 1-254
         */
        protocol: string;
    }
    interface NetworktemplateDhcpSnooping {
        allNetworks?: boolean;
        /**
         * Enable for dynamic ARP inspection check
         */
        enableArpSpoofCheck?: boolean;
        /**
         * Enable for check for forging source IP address
         */
        enableIpSourceGuard?: boolean;
        enabled?: boolean;
        /**
         * If `allNetworks`==`false`, list of network with DHCP snooping enabled
         */
        networks?: string[];
    }
    interface NetworktemplateExtraRoutes {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.site.NetworktemplateExtraRoutesNextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface NetworktemplateExtraRoutes6 {
        /**
         * This takes precedence
         */
        discard?: boolean;
        metric?: number;
        nextQualified?: {
            [key: string]: outputs.site.NetworktemplateExtraRoutes6NextQualified;
        };
        noResolve?: boolean;
        preference?: number;
        /**
         * Next-hop IP Address
         */
        via: string;
    }
    interface NetworktemplateExtraRoutes6NextQualified {
        metric?: number;
        preference?: number;
    }
    interface NetworktemplateExtraRoutesNextQualified {
        metric?: number;
        preference?: number;
    }
    interface NetworktemplateMistNac {
        enabled?: boolean;
        network?: string;
    }
    interface NetworktemplateNetworks {
        /**
         * Only required for EVPN-VXLAN networks, IPv4 Virtual Gateway
         */
        gateway?: string;
        /**
         * Only required for EVPN-VXLAN networks, IPv6 Virtual Gateway
         */
        gateway6?: string;
        /**
         * whether to stop clients to talk to each other, default is false (when enabled, a unique isolationVlanId is required). NOTE: this features requires uplink device to also a be Juniper device and `interSwitchLink` to be set
         */
        isolation?: boolean;
        isolationVlanId?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet?: string;
        /**
         * Optional for pure switching, required when L3 / routing features are used
         */
        subnet6?: string;
        vlanId: string;
    }
    interface NetworktemplateOspfAreas {
        includeLoopback: boolean;
        networks: {
            [key: string]: outputs.site.NetworktemplateOspfAreasNetworks;
        };
        /**
         * OSPF type. enum: `default`, `nssa`, `stub`
         */
        type: string;
    }
    interface NetworktemplateOspfAreasNetworks {
        /**
         * Required if `authType`==`md5`. Property key is the key number
         */
        authKeys: {
            [key: string]: string;
        };
        /**
         * Required if `authType`==`password`, the password, max length is 8
         */
        authPassword?: string;
        /**
         * auth type. enum: `md5`, `none`, `password`
         */
        authType: string;
        bfdMinimumInterval?: number;
        deadInterval?: number;
        exportPolicy?: string;
        helloInterval?: number;
        importPolicy?: string;
        /**
         * interface type (nbma = non-broadcast multi-access). enum: `broadcast`, `nbma`, `p2mp`, `p2p`
         */
        interfaceType: string;
        metric?: number;
        /**
         * By default, we'll re-advertise all learned OSPF routes toward overlay
         */
        noReadvertiseToOverlay: boolean;
        /**
         * Whether to send OSPF-Hello
         */
        passive: boolean;
    }
    interface NetworktemplatePortMirroring {
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputNetworksIngresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsEgresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsIngresses: string[];
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputNetwork?: string;
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputPortId?: string;
    }
    interface NetworktemplatePortUsages {
        /**
         * Only if `mode`==`trunk` whether to trunk all network/vlans
         */
        allNetworks: boolean;
        /**
         * Only if `mode`!=`dynamic`. If DHCP snooping is enabled, whether DHCP server is allowed on the interfaces with. All the interfaces from port configs using this port usage are effected. Please notice that allowDhcpd is a tri_state. When it is not defined, it means using the system's default setting which depends on whether the port is an access or trunk port.
         */
        allowDhcpd?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        allowMultipleSupplicants?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` bypass auth for known clients if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDown?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` bypass auth for all (including unknown clients) if set to true when RADIUS server is down
         */
        bypassAuthWhenServerDownForUnknownClient?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        description: string;
        /**
         * Only if `mode`!=`dynamic` if speed and duplex are specified, whether to disable autonegotiation
         */
        disableAutoneg: boolean;
        /**
         * Only if `mode`!=`dynamic` whether the port is disabled
         */
        disabled: boolean;
        /**
         * Only if `mode`!=`dynamic` link connection mode. enum: `auto`, `full`, `half`
         */
        duplex: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x`, if dynamic vlan is used, specify the possible networks/vlans RADIUS can return
         */
        dynamicVlanNetworks: string[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` whether to enable MAC Auth
         */
        enableMacAuth?: boolean;
        /**
         * Only if `mode`!=`dynamic`
         */
        enableQos: boolean;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` which network to put the device into if the device cannot do dot1x. default is null (i.e. not allowed)
         */
        guestNetwork?: string;
        /**
         * `interSwitchLink` is used together with `isolation` under networks. NOTE: `interSwitchLink` works only between Juniper device. This has to be applied to both ports connected together
         */
        interIsolationNetworkLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` interSwitchLink is used together with "isolation" under networks. NOTE: interSwitchLink works only between Juniper device. This has to be applied to both ports connected together
         */
        interSwitchLink?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth`==`true`
         */
        macAuthOnly?: boolean;
        /**
         * Only if `mode`!=`dynamic` + `enableMacAuth`==`true` + `macAuthOnly`==`false`, dot1x will be given priority then mac_auth. Enable this to prefer macAuth over dot1x.
         */
        macAuthPreferred?: boolean;
        /**
         * Only if `mode`!=`dynamic` and `enableMacAuth` ==`true`. This type is ignored if mistNac is enabled. enum: `eap-md5`, `eap-peap`, `pap`
         */
        macAuthProtocol?: string;
        /**
         * Only if `mode`!=`dynamic` max number of mac addresses, default is 0 for unlimited, otherwise range is 1 to 16383 (upper bound constrained by platform)
         */
        macLimit: string;
        /**
         * `mode`==`dynamic` must only be used if the port usage name is `dynamic`. enum: `access`, `dynamic`, `inet`, `trunk`
         */
        mode?: string;
        /**
         * Only if `mode`!=`dynamic` media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation. Value between 256 and 9216, default value is 1514.
         */
        mtu?: string;
        /**
         * Only if `mode`==`trunk`, the list of network/vlans
         */
        networks: string[];
        /**
         * Only if `mode`==`access` and `portAuth`!=`dot1x` whether the port should retain dynamically learned MAC addresses
         */
        persistMac: boolean;
        /**
         * Only if `mode`!=`dynamic` whether PoE capabilities are disabled for a port
         */
        poeDisabled: boolean;
        /**
         * Only if `mode`!=`dynamic` if dot1x is desired, set to dot1x. enum: `dot1x`
         */
        portAuth?: string;
        /**
         * Only if `mode`!=`dynamic` native network/vlan for untagged traffic
         */
        portNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`=`dot1x` reauthentication interval range between 10 and 65535 (default: 3600)
         */
        reauthInterval?: string;
        /**
         * Only if `mode`==`dynamic` Control when the DPC port should be changed to the default port usage. enum: `linkDown`, `none` (let the DPC port keep at the current port usage)
         */
        resetDefaultWhen?: string;
        /**
         * Only if `mode`==`dynamic`
         */
        rules?: outputs.site.NetworktemplatePortUsagesRule[];
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` sets server fail fallback vlan
         */
        serverFailNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` and `portAuth`==`dot1x` when radius server reject / fails
         */
        serverRejectNetwork?: string;
        /**
         * Only if `mode`!=`dynamic` speed, default is auto to automatically negotiate speed enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed: string;
        /**
         * Switch storm control. Only if `mode`!=`dynamic`
         */
        stormControl?: outputs.site.NetworktemplatePortUsagesStormControl;
        /**
         * Only if `mode`!=`dynamic` when enabled, the port is not expected to receive BPDU frames
         */
        stpEdge: boolean;
        stpNoRootPort?: boolean;
        stpP2p?: boolean;
        /**
         * Optional for Campus Fabric Core-Distribution ESI-LAG profile. Helper used by the UI to select this port profile as the ESI-Lag between Distribution and Access switches
         */
        uiEvpntopoId?: string;
        /**
         * If this is connected to a vstp network
         */
        useVstp?: boolean;
        /**
         * Only if `mode`!=`dynamic` network/vlan for voip traffic, must also set port_network. to authenticate device, set port_auth
         */
        voipNetwork?: string;
    }
    interface NetworktemplatePortUsagesRule {
        equals?: string;
        /**
         * Use `equalsAny` to match any item in a list
         */
        equalsAnies?: string[];
        /**
         * "[0:3]":"abcdef" > "abc"
         * "split(.)[1]": "a.b.c" > "b"
         * "split(-)[1][0:3]: "a1234-b5678-c90" > "b56"
         */
        expression?: string;
        /**
         * enum: `linkPeermac`, `lldpChassisId`, `lldpHardwareRevision`, `lldpManufacturerName`, `lldpOui`, `lldpSerialNumber`, `lldpSystemName`, `radiusDynamicfilter`, `radiusUsermac`, `radiusUsername`
         */
        src: string;
        /**
         * `portUsage` name
         */
        usage?: string;
    }
    interface NetworktemplatePortUsagesStormControl {
        /**
         * Whether to disable storm control on broadcast traffic
         */
        noBroadcast?: boolean;
        /**
         * Whether to disable storm control on multicast traffic
         */
        noMulticast?: boolean;
        /**
         * Whether to disable storm control on registered multicast traffic
         */
        noRegisteredMulticast?: boolean;
        /**
         * Whether to disable storm control on unknown unicast traffic
         */
        noUnknownUnicast?: boolean;
        /**
         * Bandwidth-percentage, configures the storm control level as a percentage of the available bandwidth
         */
        percentage?: number;
    }
    interface NetworktemplateRadiusConfig {
        acctImmediateUpdate?: boolean;
        /**
         * How frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled
         */
        acctInterimInterval: number;
        acctServers?: outputs.site.NetworktemplateRadiusConfigAcctServer[];
        /**
         * enum: `ordered`, `unordered`
         */
        authServerSelection: string;
        authServers?: outputs.site.NetworktemplateRadiusConfigAuthServer[];
        /**
         * Radius auth session retries
         */
        authServersRetries: number;
        /**
         * Radius auth session timeout
         */
        authServersTimeout: number;
        coaEnabled: boolean;
        coaPort: string;
        fastDot1xTimers: boolean;
        /**
         * Use `network`or `sourceIp`. Which network the RADIUS server resides, if there's static IP for this network, we'd use it as source-ip
         */
        network?: string;
        /**
         * Use `network`or `sourceIp`
         */
        sourceIp?: string;
    }
    interface NetworktemplateRadiusConfigAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface NetworktemplateRadiusConfigAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator?: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface NetworktemplateRemoteSyslog {
        archive?: outputs.site.NetworktemplateRemoteSyslogArchive;
        console?: outputs.site.NetworktemplateRemoteSyslogConsole;
        enabled: boolean;
        files?: outputs.site.NetworktemplateRemoteSyslogFile[];
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        network?: string;
        sendToAllServers?: boolean;
        servers?: outputs.site.NetworktemplateRemoteSyslogServer[];
        /**
         * enum: `millisecond`, `year`, `year millisecond`
         */
        timeFormat?: string;
        users?: outputs.site.NetworktemplateRemoteSyslogUser[];
    }
    interface NetworktemplateRemoteSyslogArchive {
        files?: string;
        size?: string;
    }
    interface NetworktemplateRemoteSyslogConsole {
        contents?: outputs.site.NetworktemplateRemoteSyslogConsoleContent[];
    }
    interface NetworktemplateRemoteSyslogConsoleContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogFile {
        archive?: outputs.site.NetworktemplateRemoteSyslogFileArchive;
        contents?: outputs.site.NetworktemplateRemoteSyslogFileContent[];
        explicitPriority?: boolean;
        file?: string;
        match?: string;
        structuredData?: boolean;
    }
    interface NetworktemplateRemoteSyslogFileArchive {
        files?: string;
        size?: string;
    }
    interface NetworktemplateRemoteSyslogFileContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogServer {
        contents?: outputs.site.NetworktemplateRemoteSyslogServerContent[];
        explicitPriority?: boolean;
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        host?: string;
        match?: string;
        port?: string;
        /**
         * enum: `tcp`, `udp`
         */
        protocol: string;
        routingInstance?: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
        /**
         * If sourceAddress is configured, will use the vlan firstly otherwise use source_ip
         */
        sourceAddress?: string;
        structuredData?: boolean;
        tag?: string;
    }
    interface NetworktemplateRemoteSyslogServerContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateRemoteSyslogUser {
        contents?: outputs.site.NetworktemplateRemoteSyslogUserContent[];
        match?: string;
        user?: string;
    }
    interface NetworktemplateRemoteSyslogUserContent {
        /**
         * enum: `any`, `authorization`, `change-log`, `config`, `conflict-log`, `daemon`, `dfc`, `external`, `firewall`, `ftp`, `interactive-commands`, `kernel`, `ntp`, `pfe`, `security`, `user`
         */
        facility: string;
        /**
         * enum: `alert`, `any`, `critical`, `emergency`, `error`, `info`, `notice`, `warning`
         */
        severity: string;
    }
    interface NetworktemplateSnmpConfig {
        clientLists?: outputs.site.NetworktemplateSnmpConfigClientList[];
        contact?: string;
        description?: string;
        enabled: boolean;
        engineId?: string;
        location?: string;
        name?: string;
        network?: string;
        trapGroups?: outputs.site.NetworktemplateSnmpConfigTrapGroup[];
        v2cConfigs?: outputs.site.NetworktemplateSnmpConfigV2cConfig[];
        v3Config?: outputs.site.NetworktemplateSnmpConfigV3Config;
        views?: outputs.site.NetworktemplateSnmpConfigView[];
    }
    interface NetworktemplateSnmpConfigClientList {
        clientListName?: string;
        clients?: string[];
    }
    interface NetworktemplateSnmpConfigTrapGroup {
        categories?: string[];
        /**
         * Categories list can refer to https://www.juniper.net/documentation/software/topics/task/configuration/snmp_trap-groups-configuring-junos-nm.html
         */
        groupName?: string;
        targets?: string[];
        /**
         * enum: `all`, `v1`, `v2`
         */
        version: string;
    }
    interface NetworktemplateSnmpConfigV2cConfig {
        authorization?: string;
        /**
         * Client_list_name here should refer to clientList above
         */
        clientListName?: string;
        communityName?: string;
        /**
         * View name here should be defined in views above
         */
        view?: string;
    }
    interface NetworktemplateSnmpConfigV3Config {
        notifies?: outputs.site.NetworktemplateSnmpConfigV3ConfigNotify[];
        notifyFilters?: outputs.site.NetworktemplateSnmpConfigV3ConfigNotifyFilter[];
        targetAddresses?: outputs.site.NetworktemplateSnmpConfigV3ConfigTargetAddress[];
        targetParameters?: outputs.site.NetworktemplateSnmpConfigV3ConfigTargetParameter[];
        usms?: outputs.site.NetworktemplateSnmpConfigV3ConfigUsm[];
        vacm?: outputs.site.NetworktemplateSnmpConfigV3ConfigVacm;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotify {
        name: string;
        tag: string;
        /**
         * enum: `inform`, `trap`
         */
        type: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotifyFilter {
        contents?: outputs.site.NetworktemplateSnmpConfigV3ConfigNotifyFilterContent[];
        profileName?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigNotifyFilterContent {
        include?: boolean;
        oid: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigTargetAddress {
        address: string;
        addressMask: string;
        port: string;
        /**
         * Refer to notify tag, can be multiple with blank
         */
        tagList?: string;
        targetAddressName: string;
        /**
         * Refer to notify target parameters name
         */
        targetParameters?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigTargetParameter {
        /**
         * enum: `v1`, `v2c`, `v3`
         */
        messageProcessingModel: string;
        name: string;
        /**
         * Refer to profile-name in notify_filter
         */
        notifyFilter?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * Refer to securityName in usm
         */
        securityName?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigUsm {
        /**
         * enum: `localEngine`, `remoteEngine`
         */
        engineType: string;
        /**
         * Required only if `engineType`==`remoteEngine`
         */
        remoteEngineId?: string;
        users?: outputs.site.NetworktemplateSnmpConfigV3ConfigUsmUser[];
    }
    interface NetworktemplateSnmpConfigV3ConfigUsmUser {
        /**
         * Not required if `authenticationType`==`authentication-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters.
         */
        authenticationPassword?: string;
        /**
         * sha224, sha256, sha384, sha512 are supported in 21.1 and newer release. enum: `authentication-md5`, `authentication-none`, `authentication-sha`, `authentication-sha224`, `authentication-sha256`, `authentication-sha384`, `authentication-sha512`
         */
        authenticationType?: string;
        /**
         * Not required if `encryptionType`==`privacy-none`. Include alphabetic, numeric, and special characters, but it cannot include control characters
         */
        encryptionPassword?: string;
        /**
         * enum: `privacy-3des`, `privacy-aes128`, `privacy-des`, `privacy-none`
         */
        encryptionType?: string;
        name?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacm {
        accesses?: outputs.site.NetworktemplateSnmpConfigV3ConfigVacmAccess[];
        securityToGroup?: outputs.site.NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroup;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmAccess {
        groupName?: string;
        prefixLists?: outputs.site.NetworktemplateSnmpConfigV3ConfigVacmAccessPrefixList[];
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmAccessPrefixList {
        /**
         * Only required if `type`==`contextPrefix`
         */
        contextPrefix?: string;
        /**
         * Refer to view name
         */
        notifyView?: string;
        /**
         * Refer to view name
         */
        readView?: string;
        /**
         * enum: `authentication`, `none`, `privacy`
         */
        securityLevel?: string;
        /**
         * enum: `any`, `usm`, `v1`, `v2c`
         */
        securityModel?: string;
        /**
         * enum: `contextPrefix`, `defaultContextPrefix`
         */
        type?: string;
        /**
         * Refer to view name
         */
        writeView?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroup {
        contents?: outputs.site.NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroupContent[];
        /**
         * enum: `usm`, `v1`, `v2c`
         */
        securityModel?: string;
    }
    interface NetworktemplateSnmpConfigV3ConfigVacmSecurityToGroupContent {
        /**
         * Refer to groupName under access
         */
        group?: string;
        securityName?: string;
    }
    interface NetworktemplateSnmpConfigView {
        /**
         * If the root oid configured is included
         */
        include?: boolean;
        oid?: string;
        viewName?: string;
    }
    interface NetworktemplateSwitchMatching {
        enable?: boolean;
        /**
         * list of rules to define custom switch configuration based on different criteria. Each list must have at least one of `matchModel`, `matchName` or `matchRole` must be defined
         */
        rules?: outputs.site.NetworktemplateSwitchMatchingRule[];
    }
    interface NetworktemplateSwitchMatchingRule {
        /**
         * additional CLI commands to append to the generated Junos config. **Note**: no check is done
         */
        additionalConfigCmds: string[];
        /**
         * In-Band Management interface configuration
         */
        ipConfig?: outputs.site.NetworktemplateSwitchMatchingRuleIpConfig;
        /**
         * string the switch model must start with to use this rule. It is possible to combine with the `matchName` and `matchRole` attributes
         */
        matchModel: string;
        /**
         * string the switch name must start with to use this rule. Use the `matchNameOffset` to indicate the first character of the switch name to compare to. It is possible to combine with the `matchModel` and `matchRole` attributes
         */
        matchName: string;
        /**
         * first character of the switch name to compare to the `matchName` value
         */
        matchNameOffset: number;
        /**
         * string the switch role must start with to use this rule. It is possible to combine with the `matchName` and `matchModel` attributes
         */
        matchRole?: string;
        /**
         * property key define the type of matching, value is the string to match. e.g: `match_name[0:3]`, `match_name[2:6]`, `matchModel`,  `match_model[0-6]`
         *
         * @deprecated The `matchType` attribute has been deprecated in version v0.2.8 of the Juniper-Mist Provider. It has been replaced with the `matchName`, `matchModel` and `matchRole`attribuites and may be removed in future versions.
Please update your configurations.
         */
        matchType: string;
        /**
         * @deprecated The `matchValue` attribute has been deprecated in version v0.2.8 of the Juniper-Mist Provider. It has been replaced with the `matchName`, `matchModel` and `matchRole`attribuites and may be removed in future versions.
Please update your configurations.
         */
        matchValue: string;
        /**
         * Rule name. WARNING: the name `default` is reserved and can only be used for the last rule in the list
         */
        name?: string;
        /**
         * Out-of-Band Management interface configuration
         */
        oobIpConfig?: outputs.site.NetworktemplateSwitchMatchingRuleOobIpConfig;
        /**
         * Property key is the port name or range (e.g. "ge-0/0/0-10")
         */
        portConfig?: {
            [key: string]: outputs.site.NetworktemplateSwitchMatchingRulePortConfig;
        };
        /**
         * Property key is the port mirroring instance name. `portMirroring` can be added under device/site settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output. A maximum 4 mirroring ports is allowed
         */
        portMirroring?: {
            [key: string]: outputs.site.NetworktemplateSwitchMatchingRulePortMirroring;
        };
    }
    interface NetworktemplateSwitchMatchingRuleIpConfig {
        /**
         * VLAN Name for the management interface
         */
        network?: string;
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
    }
    interface NetworktemplateSwitchMatchingRuleOobIpConfig {
        /**
         * enum: `dhcp`, `static`
         */
        type: string;
        /**
         * If supported on the platform. If enabled, DNS will be using this routing-instance, too
         */
        useMgmtVrf: boolean;
        /**
         * For host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired
         */
        useMgmtVrfForHostOut?: boolean;
    }
    interface NetworktemplateSwitchMatchingRulePortConfig {
        /**
         * To disable LACP support for the AE interface
         */
        aeDisableLacp?: boolean;
        /**
         * Users could force to use the designated AE name
         */
        aeIdx?: number;
        /**
         * To use fast timeout
         */
        aeLacpSlow?: boolean;
        aggregated?: boolean;
        /**
         * To generate port up/down alarm
         */
        critical: boolean;
        description?: string;
        /**
         * If `speed` and `duplex` are specified, whether to disable autonegotiation
         */
        disableAutoneg?: boolean;
        /**
         * enum: `auto`, `full`, `half`
         */
        duplex?: string;
        /**
         * Enable dynamic usage for this port. Set to `dynamic` to enable.
         */
        dynamicUsage?: string;
        esilag?: boolean;
        /**
         * Media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation
         */
        mtu?: number;
        /**
         * Prevent helpdesk to override the port config
         */
        noLocalOverwrite: boolean;
        poeDisabled?: boolean;
        /**
         * enum: `100m`, `10m`, `1g`, `2.5g`, `5g`, `10g`, `25g`, `40g`, `100g`,`auto`
         */
        speed?: string;
        /**
         * Port usage name. If EVPN is used, use `evpnUplink`or `evpnDownlink`
         */
        usage: string;
    }
    interface NetworktemplateSwitchMatchingRulePortMirroring {
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputNetworksIngresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsEgresses: string[];
        /**
         * At least one of the `inputPortIdsIngress`, `inputPortIdsEgress` or `inputNetworksIngress ` should be specified
         */
        inputPortIdsIngresses: string[];
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputNetwork?: string;
        /**
         * Exactly one of the `outputPortId` or `outputNetwork` should be provided
         */
        outputPortId?: string;
    }
    interface NetworktemplateSwitchMgmt {
        /**
         * AP_affinity_threshold apAffinityThreshold can be added as a field under site/setting. By default, this value is set to 12. If the field is set in both site/setting and org/setting, the value from site/setting will be used.
         */
        apAffinityThreshold?: number;
        /**
         * Set Banners for switches. Allows markup formatting
         */
        cliBanner?: string;
        /**
         * Sets timeout for switches
         */
        cliIdleTimeout?: number;
        /**
         * Rollback timer for commit confirmed
         */
        configRevertTimer: number;
        /**
         * Enable to provide the FQDN with DHCP option 81
         */
        dhcpOptionFqdn?: boolean;
        disableOobDownAlarm?: boolean;
        fipsEnabled?: boolean;
        /**
         * Property key is the user name. For Local user authentication
         */
        localAccounts?: {
            [key: string]: outputs.site.NetworktemplateSwitchMgmtLocalAccounts;
        };
        /**
         * IP Address or FQDN of the Mist Edge used to proxy the switch management traffic to the Mist Cloud
         */
        mxedgeProxyHost?: string;
        /**
         * Mist Edge port used to proxy the switch management traffic to the Mist Cloud. Value in range 1-65535
         */
        mxedgeProxyPort?: string;
        /**
         * Restrict inbound-traffic to host
         * when enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default, if dhcpd is enabled, we'll make sure it works
         */
        protectRe?: outputs.site.NetworktemplateSwitchMgmtProtectRe;
        rootPassword?: string;
        tacacs?: outputs.site.NetworktemplateSwitchMgmtTacacs;
        /**
         * To use mxedge as proxy
         */
        useMxedgeProxy: boolean;
    }
    interface NetworktemplateSwitchMgmtLocalAccounts {
        password?: string;
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        role: string;
    }
    interface NetworktemplateSwitchMgmtProtectRe {
        /**
         * optionally, services we'll allow. enum: `icmp`, `ssh`
         */
        allowedServices: string[];
        customs: outputs.site.NetworktemplateSwitchMgmtProtectReCustom[];
        /**
         * When enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default
         *      if dhcpd is enabled, we'll make sure it works
         */
        enabled: boolean;
        /**
         * host/subnets we'll allow traffic to/from
         */
        trustedHosts: string[];
    }
    interface NetworktemplateSwitchMgmtProtectReCustom {
        /**
         * matched dst port, "0" means any. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        portRange: string;
        /**
         * enum: `any`, `icmp`, `tcp`, `udp`. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        protocol: string;
        subnets: string[];
    }
    interface NetworktemplateSwitchMgmtTacacs {
        acctServers?: outputs.site.NetworktemplateSwitchMgmtTacacsAcctServer[];
        /**
         * enum: `admin`, `helpdesk`, `none`, `read`
         */
        defaultRole?: string;
        enabled?: boolean;
        /**
         * Which network the TACACS server resides
         */
        network?: string;
        tacplusServers?: outputs.site.NetworktemplateSwitchMgmtTacacsTacplusServer[];
    }
    interface NetworktemplateSwitchMgmtTacacsAcctServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface NetworktemplateSwitchMgmtTacacsTacplusServer {
        host?: string;
        port?: string;
        secret?: string;
        timeout: number;
    }
    interface NetworktemplateVrfConfig {
        /**
         * Whether to enable VRF (when supported on the device)
         */
        enabled?: boolean;
    }
    interface NetworktemplateVrfInstances {
        evpnAutoLoopbackSubnet?: string;
        evpnAutoLoopbackSubnet6?: string;
        /**
         * Property key is the destination CIDR (e.g. "10.0.0.0/8")
         */
        extraRoutes?: {
            [key: string]: outputs.site.NetworktemplateVrfInstancesExtraRoutes;
        };
        /**
         * Property key is the destination CIDR (e.g. "2a02:1234:420a:10c9::/64")
         */
        extraRoutes6?: {
            [key: string]: outputs.site.NetworktemplateVrfInstancesExtraRoutes6;
        };
        networks?: string[];
    }
    interface NetworktemplateVrfInstancesExtraRoutes {
        /**
         * Next-hop address
         */
        via: string;
    }
    interface NetworktemplateVrfInstancesExtraRoutes6 {
        /**
         * Next-hop address
         */
        via?: string;
    }
    interface SettingAnalytic {
        /**
         * Enable Advanced Analytic feature (using SUB-ANA license)
         */
        enabled: boolean;
    }
    interface SettingAutoUpgrade {
        /**
         * Custom versions for different models. Property key is the model name (e.g. "AP41")
         */
        customVersions: {
            [key: string]: string;
        };
        /**
         * enum: `any`, `fri`, `mon`, `sat`, `sun`, `thu`, `tue`, `wed`
         */
        dayOfWeek?: string;
        /**
         * Whether auto upgrade should happen (Note that Mist may auto-upgrade if the version is not supported)
         */
        enabled: boolean;
        /**
         * `any` / HH:MM (24-hour format), upgrade will happen within up to 1-hour from this time
         */
        timeOfDay?: string;
        /**
         * desired version. enum: `beta`, `custom`, `stable`
         */
        version: string;
    }
    interface SettingBleConfig {
        /**
         * Whether Mist beacons is enabled
         */
        beaconEnabled: boolean;
        /**
         * Required if `beaconRateMode`==`custom`, 1-10, in number-beacons-per-second
         */
        beaconRate?: number;
        /**
         * enum: `custom`, `default`
         */
        beaconRateMode: string;
        /**
         * List of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam)
         */
        beamDisableds?: number[];
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send custom packet
         */
        customBlePacketEnabled: boolean;
        /**
         * The custom frame to be sent out in this beacon. The frame must be a hexstring
         */
        customBlePacketFrame: string;
        /**
         * Frequency (msec) of data emitted by custom ble beacon
         */
        customBlePacketFreqMsec: number;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUidAdvPower: number;
        eddystoneUidBeams: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-UID beacon is enabled
         */
        eddystoneUidEnabled: boolean;
        /**
         * Frequency (msec) of data emmit by Eddystone-UID beacon
         */
        eddystoneUidFreqMsec: number;
        /**
         * Eddystone-UID instance for the device
         */
        eddystoneUidInstance: string;
        /**
         * Eddystone-UID namespace
         */
        eddystoneUidNamespace: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        eddystoneUrlAdvPower: number;
        eddystoneUrlBeams: string;
        /**
         * Only if `beaconEnabled`==`false`, Whether Eddystone-URL beacon is enabled
         */
        eddystoneUrlEnabled: boolean;
        /**
         * Frequency (msec) of data emit by Eddystone-UID beacon
         */
        eddystoneUrlFreqMsec: number;
        /**
         * URL pointed by Eddystone-URL beacon
         */
        eddystoneUrlUrl: string;
        /**
         * Advertised TX Power, -100 to 20 (dBm), omit this attribute to use default
         */
        ibeaconAdvPower: number;
        ibeaconBeams: string;
        /**
         * Can be enabled if `beaconEnabled`==`true`, whether to send iBeacon
         */
        ibeaconEnabled: boolean;
        /**
         * Frequency (msec) of data emmit for iBeacon
         */
        ibeaconFreqMsec: number;
        /**
         * Major number for iBeacon
         */
        ibeaconMajor: number;
        /**
         * Minor number for iBeacon
         */
        ibeaconMinor: number;
        /**
         * Optional, if not specified, the same UUID as the beacon will be used
         */
        ibeaconUuid: string;
        /**
         * Required if `powerMode`==`custom`; else use `powerMode` as default
         */
        power: number;
        /**
         * enum: `custom`, `default`
         */
        powerMode: string;
    }
    interface SettingConfigPushPolicy {
        /**
         * Stop any new config from being pushed to the device
         */
        noPush: boolean;
        /**
         * If enabled, new config will only be pushed to device within the specified time window
         */
        pushWindow?: outputs.site.SettingConfigPushPolicyPushWindow;
    }
    interface SettingConfigPushPolicyPushWindow {
        enabled: boolean;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours?: outputs.site.SettingConfigPushPolicyPushWindowHours;
    }
    interface SettingConfigPushPolicyPushWindowHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed: string;
    }
    interface SettingCriticalUrlMonitoring {
        enabled: boolean;
        monitors: outputs.site.SettingCriticalUrlMonitoringMonitor[];
    }
    interface SettingCriticalUrlMonitoringMonitor {
        url?: string;
        vlanId?: string;
    }
    interface SettingEngagement {
        /**
         * Name associated to each tag
         */
        dwellTagNames?: outputs.site.SettingEngagementDwellTagNames;
        /**
         * add tags to visits within the duration (in seconds)
         */
        dwellTags?: outputs.site.SettingEngagementDwellTags;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours?: outputs.site.SettingEngagementHours;
        /**
         * Max time, default is 43200(12h), max is 68400 (18h)
         */
        maxDwell?: number;
        /**
         * min time
         */
        minDwell?: number;
    }
    interface SettingEngagementDwellTagNames {
        /**
         * Default to `Visitor`
         */
        bounce: string;
        /**
         * Default to `Associates`
         */
        engaged: string;
        /**
         * Default to `Passerby`
         */
        passerby: string;
        /**
         * Default to `Assets`
         */
        stationed: string;
    }
    interface SettingEngagementDwellTags {
        /**
         * Default to `301-14400`
         */
        bounce: string;
        /**
         * Default to `14401-28800`
         */
        engaged: string;
        /**
         * Default to `1-300`
         */
        passerby: string;
        /**
         * Default to `28801-42000`
         */
        stationed: string;
    }
    interface SettingEngagementHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed?: string;
    }
    interface SettingGatewayMgmt {
        /**
         * For SSR only, as direct root access is not allowed
         */
        adminSshkeys: string[];
        appProbing?: outputs.site.SettingGatewayMgmtAppProbing;
        /**
         * Consumes uplink bandwidth, requires WA license
         */
        appUsage?: boolean;
        autoSignatureUpdate?: outputs.site.SettingGatewayMgmtAutoSignatureUpdate;
        /**
         * Rollback timer for commit confirmed
         */
        configRevertTimer?: number;
        /**
         * For both SSR and SRX disable console port
         */
        disableConsole?: boolean;
        /**
         * For both SSR and SRX disable management interface
         */
        disableOob?: boolean;
        /**
         * For SSR disable usb interface
         */
        disableUsb?: boolean;
        fipsEnabled?: boolean;
        probeHosts: string[];
        /**
         * Restrict inbound-traffic to host
         * when enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default, if dhcpd is enabled, we'll make sure it works
         */
        protectRe?: outputs.site.SettingGatewayMgmtProtectRe;
        /**
         * For SRX only
         */
        rootPassword?: string;
        securityLogSourceAddress?: string;
        securityLogSourceInterface: string;
    }
    interface SettingGatewayMgmtAppProbing {
        /**
         * APp-keys from List Applications
         */
        apps?: string[];
        customApps?: outputs.site.SettingGatewayMgmtAppProbingCustomApp[];
        enabled?: boolean;
    }
    interface SettingGatewayMgmtAppProbingCustomApp {
        address: string;
        appType?: string;
        /**
         * Only 1 entry is allowed:
         *     * if `protocol`==`http`: URL (e.g. `http://test.com` or `https://test.com`)
         *     * if `protocol`==`icmp`: IP Address (e.g. `1.2.3.4`)
         */
        hostnames: string[];
        key: string;
        name: string;
        network?: string;
        /**
         * If `protocol`==`icmp`
         */
        packetSize?: number;
        /**
         * enum: `http`, `icmp`
         */
        protocol: string;
        url: string;
        vrf?: string;
    }
    interface SettingGatewayMgmtAutoSignatureUpdate {
        /**
         * enum: `any`, `fri`, `mon`, `sat`, `sun`, `thu`, `tue`, `wed`
         */
        dayOfWeek: string;
        enable: boolean;
        /**
         * Optional, Mist will decide the timing
         */
        timeOfDay?: string;
    }
    interface SettingGatewayMgmtProtectRe {
        /**
         * optionally, services we'll allow. enum: `icmp`, `ssh`
         */
        allowedServices: string[];
        customs: outputs.site.SettingGatewayMgmtProtectReCustom[];
        /**
         * When enabled, all traffic that is not essential to our operation will be dropped
         * e.g. ntp / dns / traffic to mist will be allowed by default
         *      if dhcpd is enabled, we'll make sure it works
         */
        enabled: boolean;
        /**
         * host/subnets we'll allow traffic to/from
         */
        trustedHosts: string[];
    }
    interface SettingGatewayMgmtProtectReCustom {
        /**
         * matched dst port, "0" means any. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        portRange: string;
        /**
         * enum: `any`, `icmp`, `tcp`, `udp`. Note: For `protocol`==`any` and  `portRange`==`any`, configure `trustedHosts` instead
         */
        protocol: string;
        subnets: string[];
    }
    interface SettingJuniperSrx {
        gateways?: outputs.site.SettingJuniperSrxGateway[];
        sendMistNacUserInfo?: boolean;
    }
    interface SettingJuniperSrxGateway {
        apiKey?: string;
        apiPassword?: string;
        apiUrl?: string;
    }
    interface SettingLed {
        brightness: number;
        enabled: boolean;
    }
    interface SettingOccupancy {
        /**
         * Indicate whether named BLE assets should be included in the zone occupancy calculation
         */
        assetsEnabled: boolean;
        /**
         * Indicate whether connected Wi-Fi clients should be included in the zone occupancy calculation
         */
        clientsEnabled: boolean;
        /**
         * Minimum duration
         */
        minDuration?: number;
        /**
         * Indicate whether SDK clients should be included in the zone occupancy calculation
         */
        sdkclientsEnabled: boolean;
        /**
         * Indicate whether unconnected Wi-Fi clients should be included in the zone occupancy calculation
         */
        unconnectedClientsEnabled: boolean;
    }
    interface SettingProxy {
        url?: string;
    }
    interface SettingRogue {
        /**
         * list of VLAN IDs on which rogue APs are ignored
         */
        allowedVlanIds: number[];
        /**
         * Whether rogue detection is enabled
         */
        enabled: boolean;
        /**
         * Whether honeypot detection is enabled
         */
        honeypotEnabled: boolean;
        /**
         * Minimum duration for a bssid to be considered neighbor
         */
        minDuration: number;
        /**
         * Minimum duration for a bssid to be considered rogue
         */
        minRogueDuration?: number;
        /**
         * Minimum RSSI for an AP to be considered rogue
         */
        minRogueRssi?: number;
        /**
         * Minimum RSSI for an AP to be considered neighbor (ignoring APs that’s far away)
         */
        minRssi: number;
        /**
         * list of BSSIDs to whitelist. Ex: "cc-:8e-:6f-:d4-:bf-:16", "cc-8e-6f-d4-bf-16", "cc-73-*", "cc:82:*"
         */
        whitelistedBssids: string[];
        /**
         * List of SSIDs to whitelist
         */
        whitelistedSsids: string[];
    }
    interface SettingRtsa {
        appWaking: boolean;
        disableDeadReckoning?: boolean;
        disablePressureSensor?: boolean;
        enabled?: boolean;
        /**
         * Asset tracking related
         */
        trackAsset: boolean;
    }
    interface SettingSimpleAlert {
        arpFailure?: outputs.site.SettingSimpleAlertArpFailure;
        dhcpFailure?: outputs.site.SettingSimpleAlertDhcpFailure;
        dnsFailure?: outputs.site.SettingSimpleAlertDnsFailure;
    }
    interface SettingSimpleAlertArpFailure {
        clientCount: number;
        /**
         * failing within minutes
         */
        duration: number;
        incidentCount: number;
    }
    interface SettingSimpleAlertDhcpFailure {
        clientCount: number;
        /**
         * failing within minutes
         */
        duration: number;
        incidentCount: number;
    }
    interface SettingSimpleAlertDnsFailure {
        clientCount: number;
        /**
         * failing within minutes
         */
        duration: number;
        incidentCount: number;
    }
    interface SettingSkyatp {
        enabled?: boolean;
        /**
         * Whether to send IP-MAC mapping to SkyATP
         */
        sendIpMacMapping: boolean;
    }
    interface SettingSrxApp {
        enabled: boolean;
    }
    interface SettingSsr {
        conductorHosts?: string[];
        disableStats?: boolean;
    }
    interface SettingSyntheticTest {
        disabled?: boolean;
        vlans?: outputs.site.SettingSyntheticTestVlan[];
        wanSpeedtest?: outputs.site.SettingSyntheticTestWanSpeedtest;
    }
    interface SettingSyntheticTestVlan {
        customTestUrls: string[];
        /**
         * For some vlans where we don't want this to run
         */
        disabled: boolean;
        vlanIds: string[];
    }
    interface SettingSyntheticTestWanSpeedtest {
        enabled?: boolean;
        /**
         * `any` / HH:MM (24-hour format)
         */
        timeOfDay: string;
    }
    interface SettingUplinkPortConfig {
        /**
         * Whether to do 802.1x against uplink switch. When enabled, AP cert will be used to do EAP-TLS and the Org's CA Cert has to be provisioned at the switch
         */
        dot1x?: boolean;
        /**
         * By default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons.
         */
        keepWlansUpIfDown: boolean;
    }
    interface SettingVna {
        /**
         * Enable Virtual Network Assistant (using SUB-VNA license). This applied to AP / Switch / Gateway
         */
        enabled: boolean;
    }
    interface SettingVsInstance {
        networks: string[];
    }
    interface SettingWanVna {
        enabled: boolean;
    }
    interface SettingWids {
        repeatedAuthFailures?: outputs.site.SettingWidsRepeatedAuthFailures;
    }
    interface SettingWidsRepeatedAuthFailures {
        /**
         * Window where a trigger will be detected and action to be taken (in seconds)
         */
        duration?: number;
        /**
         * Count of events to trigger
         */
        threshold?: number;
    }
    interface SettingWifi {
        ciscoEnabled?: boolean;
        /**
         * Whether to disable 11k
         */
        disable11k?: boolean;
        disableRadiosWhenPowerConstrained?: boolean;
        /**
         * When proxyArp is enabled, check for arp spoofing.
         */
        enableArpSpoofCheck?: boolean;
        enableSharedRadioScanning?: boolean;
        /**
         * Enable Wi-Fi feature (using SUB-MAN license)
         */
        enabled: boolean;
        /**
         * Whether to locate connected clients
         */
        locateConnected: boolean;
        /**
         * Whether to locate unconnected clients
         */
        locateUnconnected: boolean;
        /**
         * Whether to allow Mesh to use DFS channels. For DFS channels, Remote Mesh AP would have to do CAC when scanning for new Base AP, which is slow and will disrupt the connection. If roaming is desired, keep it disabled.
         */
        meshAllowDfs: boolean;
        /**
         * Used to enable/disable CRM
         */
        meshEnableCrm?: boolean;
        /**
         * Whether to enable Mesh feature for the site
         */
        meshEnabled: boolean;
        /**
         * Optional passphrase of mesh networking, default is generated randomly
         */
        meshPsk?: string;
        /**
         * Optional ssid of mesh networking, default is based on site_id
         */
        meshSsid?: string;
        /**
         * enum: `default`, `disabled`, `enabled`
         */
        proxyArp?: string;
    }
    interface SettingWiredVna {
        enabled: boolean;
    }
    interface SettingZoneOccupancyAlert {
        /**
         * List of email addresses to send email notifications when the alert threshold is reached
         */
        emailNotifiers: string[];
        /**
         * Indicate whether zone occupancy alert is enabled for the site
         */
        enabled: boolean;
        /**
         * Sending zone-occupancy-alert webhook message only if a zone stays non-compliant (i.e. actual occupancy > occupancy_limit) for a minimum duration specified in the threshold, in minutes
         */
        threshold: number;
    }
    interface WlanAcctServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface WlanAirwatch {
        /**
         * API Key
         */
        apiKey: string;
        /**
         * Console URL
         */
        consoleUrl: string;
        enabled: boolean;
        /**
         * Password
         */
        password: string;
        /**
         * Username
         */
        username: string;
    }
    interface WlanAppLimit {
        /**
         * Map from app key to bandwidth in kbps.
         * Property key is the app key, defined in Get Application List
         */
        apps: {
            [key: string]: number;
        };
        enabled: boolean;
        /**
         * Map from wxtagId of Hostname Wxlan Tags to bandwidth in kbps. Property key is the `wxtagId`
         */
        wxtagIds: {
            [key: string]: number;
        };
    }
    interface WlanAppQos {
        apps?: {
            [key: string]: outputs.site.WlanAppQosApps;
        };
        enabled: boolean;
        others?: outputs.site.WlanAppQosOther[];
    }
    interface WlanAppQosApps {
        /**
         * DSCP value range between 0 and 63
         */
        dscp?: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        dstSubnet?: string;
        /**
         * Subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
         */
        srcSubnet?: string;
    }
    interface WlanAppQosOther {
        dscp?: string;
        dstSubnet?: string;
        portRanges?: string;
        protocol?: string;
        srcSubnet?: string;
    }
    interface WlanAuth {
        /**
         * SAE anti-clogging token threshold
         */
        anticlogThreshold?: number;
        /**
         * Whether to trigger EAP reauth when the session ends
         */
        eapReauth: boolean;
        /**
         * Whether to enable MAC Auth, uses the same auth_servers
         */
        enableMacAuth: boolean;
        /**
         * When `type`==`wep`
         */
        keyIdx: number;
        /**
         * When type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length
         */
        keys: string[];
        /**
         * When `type`==`psk`, whether to only use multi_psk
         */
        multiPskOnly: boolean;
        /**
         * if `type`==`open`. enum: `disabled`, `enabled` (means transition mode), `required`
         */
        owe?: string;
        /**
         * When `type`=`psk` or `type`=`eap`, one or more of `wpa1-ccmp`, `wpa1-tkip`, `wpa2-ccmp`, `wpa2-tkip`, `wpa3`
         */
        pairwises?: string[];
        /**
         * When `multiPskOnly`==`true`, whether private wlan is enabled
         */
        privateWlan: boolean;
        /**
         * When `type`==`psk`, 8-64 characters, or 64 hex characters
         */
        psk: string;
        /**
         * enum: `eap`, `eap192`, `open`, `psk`, `psk-tkip`, `psk-wpa2-tkip`, `wep`
         */
        type: string;
        /**
         * Enable WEP as secondary auth
         */
        wepAsSecondaryAuth?: boolean;
    }
    interface WlanAuthServer {
        /**
         * IP/ hostname of RADIUS server
         */
        host: string;
        keywrapEnabled?: boolean;
        /**
         * enum: `ascii`, `hex`
         */
        keywrapFormat?: string;
        keywrapKek?: string;
        keywrapMack?: string;
        port?: string;
        /**
         * Whether to require Message-Authenticator in requests
         */
        requireMessageAuthenticator: boolean;
        /**
         * Secret of RADIUS server
         */
        secret: string;
    }
    interface WlanBonjour {
        /**
         * additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses
         */
        additionalVlanIds?: string[];
        /**
         * Whether to enable bonjour for this WLAN. Once enabled, limitBcast is assumed true, allowMdns is assumed false
         */
        enabled?: boolean;
        /**
         * What services are allowed.
         * Property key is the service name
         */
        services?: {
            [key: string]: outputs.site.WlanBonjourServices;
        };
    }
    interface WlanBonjourServices {
        /**
         * Whether to prevent wireless clients to discover bonjour devices on the same WLAN
         */
        disableLocal: boolean;
        /**
         * Optional, if the service is further restricted for certain RADIUS groups
         */
        radiusGroups?: string[];
        /**
         * how bonjour services should be discovered for the same WLAN. enum: `sameAp`, `sameMap`, `sameSite`
         */
        scope: string;
    }
    interface WlanCiscoCwa {
        /**
         * List of hostnames without http(s):// (matched by substring)
         */
        allowedHostnames: string[];
        /**
         * List of CIDRs
         */
        allowedSubnets: string[];
        /**
         * List of blocked CIDRs
         */
        blockedSubnets: string[];
        enabled: boolean;
    }
    interface WlanCoaServer {
        /**
         * Whether to disable Event-Timestamp Check
         */
        disableEventTimestampCheck: boolean;
        enabled: boolean;
        ip: string;
        port?: string;
        secret: string;
    }
    interface WlanDnsServerRewrite {
        enabled: boolean;
        /**
         * Map between radiusGroup and the desired DNS server (IPv4 only). Property key is the RADIUS group, property value is the desired DNS Server
         */
        radiusGroups?: {
            [key: string]: string;
        };
    }
    interface WlanDynamicPsk {
        /**
         * Default PSK to use if cloud WLC is not available, 8-63 characters
         */
        defaultPsk?: string;
        defaultVlanId?: string;
        enabled: boolean;
        /**
         * When 11r is enabled, we'll try to use the cached PMK, this can be disabled. `false` means auto
         */
        forceLookup: boolean;
        /**
         * enum: `cloudPsks`, `radius`
         */
        source: string;
    }
    interface WlanDynamicVlan {
        /**
         * Default VLAN ID(s) can be a number, a range of VLAN IDs, a variable or multiple numbers, ranges or variables as a VLAN pool. Default VLAN as a pool of VLANS requires 0.14.x or newer firmware
         */
        defaultVlanIds?: string[];
        /**
         * Requires `vlanEnabled`==`true` to be set to `true`. Whether to enable dynamic vlan
         */
        enabled: boolean;
        /**
         * VLAN_ids to be locally bridged
         */
        localVlanIds: string[];
        /**
         * standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco). enum: `airespace-interface-name`, `standard`
         */
        type: string;
        /**
         * Map between vlanId (as string) to airespace interface names (comma-separated) or null for standard mapping
         *   * if `dynamic_vlan.type`==`standard`, property key is the Vlan ID and property value is \"\"
         *   * if `dynamic_vlan.type`==`airespace-interface-name`, property key is the Vlan ID and property value is the Airespace Interface Name
         */
        vlans?: {
            [key: string]: string;
        };
    }
    interface WlanHotspot20 {
        domainNames?: string[];
        /**
         * Whether to enable hotspot 2.0 config
         */
        enabled?: boolean;
        naiRealms?: string[];
        /**
         * List of operators to support
         */
        operators?: string[];
        rcois?: string[];
        /**
         * Venue name, default is site name
         */
        venueName?: string;
    }
    interface WlanInjectDhcpOption82 {
        /**
         * Information to set in the `circuitId` field of the DHCP Option 82. It is possible to use static string or the following variables (e.g. `{{SSID}}:{{AP_MAC}}`):
         *   * {{AP_MAC}}
         *   * {{AP_MAC_DASHED}}
         *   * {{AP_MODEL}}
         *   * {{AP_NAME}}
         *   * {{SITE_NAME}}
         *   * {{SSID}}
         */
        circuitId?: string;
        /**
         * Whether to inject option 82 when forwarding DHCP packets
         */
        enabled: boolean;
    }
    interface WlanMistNac {
        /**
         * When enabled:
         *   * `authServers` is ignored
         *   * `acctServers` is ignored
         *   * `auth_servers_*` are ignored
         *   * `coaServers` is ignored
         *   * `radsec` is ignored
         *   * `coaEnabled` is assumed
         */
        enabled: boolean;
    }
    interface WlanPortal {
        /**
         * Optional if `amazonEnabled`==`true`. Whether to allow guest to connect to other Guest WLANs (with different `WLAN.ssid`) of same org without reauthentication (disable randomMac for seamless roaming)
         */
        allowWlanIdRoam?: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        amazonClientId: string;
        /**
         * Optional if `amazonEnabled`==`true`. Amazon OAuth2 client secret. If amazonClientId was provided, provide a corresponding value. Else leave blank.
         */
        amazonClientSecret: string;
        /**
         * Optional if `amazonEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        amazonEmailDomains: string[];
        /**
         * Whether amazon is enabled as a login method
         */
        amazonEnabled: boolean;
        /**
         * Optional if `amazonEnabled`==`true`. Interval for which guest remains authorized using amazon auth (in minutes), if not provided, uses expire`
         */
        amazonExpire?: number;
        /**
         * authentication scheme. enum: `amazon`, `azure`, `email`, `external`, `facebook`, `google`, `microsoft`, `multi`, `none`, `password`, `sms`, `sponsor`, `sso`
         */
        auth: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client id
         */
        azureClientId: string;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory app client secret
         */
        azureClientSecret: string;
        /**
         * Whether Azure Active Directory is enabled as a login method
         */
        azureEnabled: boolean;
        /**
         * Interval for which guest remains authorized using azure auth (in minutes), if not provided, uses expire`
         */
        azureExpire?: number;
        /**
         * Required if `azureEnabled`==`true`. Azure active directory tenant id.
         */
        azureTenantId: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetPassword: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetSid?: string;
        /**
         * Required if `smsProvider`==`broadnet`
         */
        broadnetUserId?: string;
        /**
         * Whether to bypass the guest portal when cloud not reachable (and apply the default policies)
         */
        bypassWhenCloudDown: boolean;
        /**
         * Required if `smsProvider`==`clickatell`
         */
        clickatellApiKey?: string;
        /**
         * Whether to allow guest to roam between WLANs (with same `WLAN.ssid`, regardless of variables) of different sites of same org without reauthentication (disable randomMac for seamless roaming)
         */
        crossSite?: boolean;
        /**
         * Whether email (access code verification) is enabled as a login method
         */
        emailEnabled: boolean;
        /**
         * Whether guest portal is enabled
         */
        enabled: boolean;
        /**
         * How long to remain authorized, in minutes
         */
        expire: number;
        /**
         * Required if `wlanPortalAuth`==`external`. External portal URL (e.g. https://host/url) where we can append our query parameters to
         */
        externalPortalUrl: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        facebookClientId: string;
        /**
         * Required if `facebookEnabled`==`true`. Facebook OAuth2 app secret. If facebookClientId was provided, provide a corresponding value. Else leave blank.
         */
        facebookClientSecret: string;
        /**
         * Optional if `facebookEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        facebookEmailDomains: string[];
        /**
         * Whether facebook is enabled as a login method
         */
        facebookEnabled: boolean;
        /**
         * Optional if `facebookEnabled`==`true`. Interval for which guest remains authorized using facebook auth (in minutes), if not provided, uses expire`
         */
        facebookExpire?: number;
        /**
         * Whether to forward the user to another URL after authorized
         */
        forward: boolean;
        /**
         * URL to forward the user to
         */
        forwardUrl: string;
        /**
         * Google OAuth2 app id. This is optional. If not provided, it will use a default one.
         */
        googleClientId: string;
        /**
         * Optional if `googleEnabled`==`true`. Google OAuth2 app secret. If googleClientId was provided, provide a corresponding value. Else leave blank.
         */
        googleClientSecret: string;
        /**
         * Optional if `googleEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        googleEmailDomains: string[];
        /**
         * Whether Google is enabled as login method
         */
        googleEnabled: boolean;
        /**
         * Optional if `googleEnabled`==`true`. Interval for which guest remains authorized using Google Auth (in minutes), if not provided, uses expire`
         */
        googleExpire?: number;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupPassword?: string;
        /**
         * Required if `smsProvider`==`gupshup`
         */
        gupshupUserid?: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one.
         */
        microsoftClientId: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Microsoft 365 OAuth2 client secret. If microsoftClientId was provided, provide a corresponding value. Else leave blank.
         */
        microsoftClientSecret: string;
        /**
         * Optional if `microsoftEnabled`==`true`. Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed.
         */
        microsoftEmailDomains: string[];
        /**
         * Whether microsoft 365 is enabled as a login method
         */
        microsoftEnabled: boolean;
        /**
         * Optional if `microsoftEnabled`==`true`. Interval for which guest remains authorized using microsoft auth (in minutes), if not provided, uses expire`
         */
        microsoftExpire?: number;
        /**
         * Whether password is enabled
         */
        passphraseEnabled: boolean;
        /**
         * Optional if `passphraseEnabled`==`true`. Interval for which guest remains authorized using passphrase auth (in minutes), if not provided, uses `expire`
         */
        passphraseExpire?: number;
        /**
         * Required if `passphraseEnabled`==`true`.
         */
        password: string;
        /**
         * Whether to show list of sponsor emails mentioned in `sponsors` object as a dropdown. If both `sponsorNotifyAll` and `predefinedSponsorsEnabled` are false, behaviour is acc to `sponsorEmailDomains`
         */
        predefinedSponsorsEnabled: boolean;
        /**
         * Whether to hide sponsor’s email from list of sponsors
         */
        predefinedSponsorsHideEmail: boolean;
        privacy: boolean;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelPassword?: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelServiceId?: string;
        /**
         * Required if `smsProvider`==`puzzel`
         */
        puzzelUsername?: string;
        /**
         * Whether sms is enabled as a login method
         */
        smsEnabled: boolean;
        /**
         * Optional if `smsEnabled`==`true`. Interval for which guest remains authorized using sms auth (in minutes), if not provided, uses expire`
         */
        smsExpire?: number;
        /**
         * Optional if `smsEnabled`==`true`. SMS Message format
         */
        smsMessageFormat: string;
        /**
         * Optioanl if `smsEnabled`==`true`. enum: `broadnet`, `clickatell`, `gupshup`, `manual`, `puzzel`, `telstra`, `twilio`
         */
        smsProvider: string;
        /**
         * Optional if `sponsorEnabled`==`true`. Whether to automatically approve guest and allow sponsor to revoke guest access, needs predefinedSponsorsEnabled enabled and sponsorNotifyAll disabled
         */
        sponsorAutoApprove?: boolean;
        /**
         * List of domain allowed for sponsor email. Required if `sponsorEnabled` is `true` and `sponsors` is empty.
         */
        sponsorEmailDomains: string[];
        /**
         * Whether sponsor is enabled
         */
        sponsorEnabled: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. Interval for which guest remains authorized using sponsor auth (in minutes), if not provided, uses expire`
         */
        sponsorExpire?: number;
        /**
         * Optional if `sponsorEnabled`==`true`. How long to remain valid sponsored guest request approve/deny link received in email, in minutes. Default is 60 minutes.
         */
        sponsorLinkValidityDuration: string;
        /**
         * Optional if `sponsorEnabled`==`true`. whether to notify all sponsors that are mentioned in `sponsors` object. Both `sponsorNotifyAll` and `predefinedSponsorsEnabled` should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order.
         */
        sponsorNotifyAll: boolean;
        /**
         * Optional if `sponsorEnabled`==`true`. If enabled, guest will get email about sponsor's action (approve/deny)
         */
        sponsorStatusNotify: boolean;
        /**
         * object of allowed sponsors email with name. Required if `sponsorEnabled`
         *             is `true` and `sponsorEmailDomains` is empty.
         *
         *             Property key is the sponsor email, Property value is the sponsor name
         */
        sponsors: {
            [key: string]: string;
        };
        /**
         * Optional if `wlanPortalAuth`==`sso`, default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
         */
        ssoDefaultRole: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`
         */
        ssoForcedRole: string;
        /**
         * Required if `wlanPortalAuth`==`sso`. IDP Cert (used to verify the signed response)
         */
        ssoIdpCert: string;
        /**
         * Optioanl if `wlanPortalAuth`==`sso`, Signing algorithm for SAML Assertion. enum: `sha1`, `sha256`, `sha384`, `sha512`
         */
        ssoIdpSignAlgo: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP Single-Sign-On URL
         */
        ssoIdpSsoUrl: string;
        /**
         * Required if `wlanPortalAuth`==`sso`, IDP issuer URL
         */
        ssoIssuer: string;
        /**
         * Optional if `wlanPortalAuth`==`sso`. enum: `email`, `unspecified`
         */
        ssoNameidFormat: string;
        /**
         * Required if `smsProvider`==`telstra`, Client ID provided by Telstra
         */
        telstraClientId?: string;
        /**
         * Required if `smsProvider`==`telstra`, Client secret provided by Telstra
         */
        telstraClientSecret?: string;
        /**
         * Required if `smsProvider`==`twilio`, Auth token account with twilio account
         */
        twilioAuthToken?: string;
        /**
         * Required if `smsProvider`==`twilio`, Twilio phone number associated with the account. See example for accepted format.
         */
        twilioPhoneNumber?: string;
        /**
         * Required if `smsProvider`==`twilio`, Account SID provided by Twilio
         */
        twilioSid?: string;
    }
    interface WlanPortalTemplatePortalTemplate {
        accessCodeAlternateEmail: string;
        /**
         * defines alignment on portal. enum: `center`, `left`, `right`
         */
        alignment: string;
        /**
         * Label for Amazon auth button
         */
        authButtonAmazon: string;
        /**
         * Label for Azure auth button
         */
        authButtonAzure: string;
        /**
         * Label for Email auth button
         */
        authButtonEmail: string;
        /**
         * Label for Facebook auth button
         */
        authButtonFacebook: string;
        /**
         * Label for Google auth button
         */
        authButtonGoogle: string;
        /**
         * Label for Microsoft auth button
         */
        authButtonMicrosoft: string;
        /**
         * Label for passphrase auth button
         */
        authButtonPassphrase: string;
        /**
         * Label for SMS auth button
         */
        authButtonSms: string;
        /**
         * Label for Sponsor auth button
         */
        authButtonSponsor: string;
        authLabel: string;
        /**
         * Label of the link to go back to /logon
         */
        backLink?: string;
        /**
         * Portal main color
         */
        color: string;
        colorDark: string;
        colorLight: string;
        /**
         * Whether company field is required
         */
        company: boolean;
        /**
         * Error message when company not provided
         */
        companyError: string;
        /**
         * Label of company field
         */
        companyLabel: string;
        /**
         * Whether email field is required
         */
        email: boolean;
        /**
         * Error message when a user has valid social login but doesn't match specified email domains.
         */
        emailAccessDomainError: string;
        /**
         * Label for cancel confirmation code submission using email auth
         */
        emailCancel: string;
        emailCodeCancel: string;
        emailCodeError: string;
        emailCodeFieldLabel: string;
        emailCodeMessage: string;
        emailCodeSubmit: string;
        emailCodeTitle: string;
        /**
         * Error message when email not provided
         */
        emailError: string;
        emailFieldLabel: string;
        /**
         * Label of email field
         */
        emailLabel: string;
        emailMessage: string;
        /**
         * Label for confirmation code submit button using email auth
         */
        emailSubmit: string;
        /**
         * Title for the Email registration
         */
        emailTitle: string;
        /**
         * Whether to ask field1
         */
        field1: boolean;
        /**
         * Error message when field1 not provided
         */
        field1error: string;
        /**
         * Label of field1
         */
        field1label: string;
        /**
         * Whether field1 is required field
         */
        field1required?: boolean;
        /**
         * Whether to ask field2
         */
        field2: boolean;
        /**
         * Error message when field2 not provided
         */
        field2error: string;
        /**
         * Label of field2
         */
        field2label: string;
        /**
         * Whether field2 is required field
         */
        field2required?: boolean;
        /**
         * Whether to ask field3
         */
        field3: boolean;
        /**
         * Error message when field3 not provided
         */
        field3error: string;
        /**
         * Label of field3
         */
        field3label: string;
        /**
         * Whether field3 is required field
         */
        field3required?: boolean;
        /**
         * Whether to ask field4
         */
        field4: boolean;
        /**
         * Error message when field4 not provided
         */
        field4error: string;
        /**
         * Label of field4
         */
        field4label: string;
        /**
         * Whether field4 is required field
         */
        field4required?: boolean;
        /**
         * Can be used to localize the portal based on the User Agent. Allowed property key values are:
         *   `ar`, `ca-ES`, `cs-CZ`, `da-DK`, `de-DE`, `el-GR`, `en-GB`, `en-US`, `es-ES`, `fi-FI`, `fr-FR`,
         *   `he-IL`, `hi-IN`, `hr-HR`, `hu-HU`, `id-ID`, `it-IT`, `ja-J^`, `ko-KT`, `ms-MY`, `nb-NO`, `nl-NL`,
         *   `pl-PL`, `pt-BR`, `pt-PT`, `ro-RO`, `ru-RU`, `sk-SK`, `sv-SE`, `th-TH`, `tr-TR`, `uk-UA`, `vi-VN`,
         *   `zh-Hans`, `zh-Hant`
         */
        locales?: {
            [key: string]: outputs.site.WlanPortalTemplatePortalTemplateLocales;
        };
        /**
         * path to the background image file. File must be a `png` image`
         */
        logo: string;
        /**
         * label of the link to go to /marketing_policy
         */
        marketingPolicyLink: string;
        /**
         * Whether marketing policy optin is enabled
         */
        marketingPolicyOptIn: boolean;
        /**
         * label for marketing optin
         */
        marketingPolicyOptInLabel: string;
        /**
         * marketing policy text
         */
        marketingPolicyOptInText: string;
        message: string;
        multiAuth: boolean;
        /**
         * Whether name field is required
         */
        name: boolean;
        /**
         * Error message when name not provided
         */
        nameError: string;
        /**
         * Label of name field
         */
        nameLabel: string;
        /**
         * Default value for the `Do not store` checkbox
         */
        optOutDefault: boolean;
        /**
         * Whether to display Do Not Store My Personal Information
         */
        optout: boolean;
        /**
         * Label for Do Not Store My Personal Information
         */
        optoutLabel: string;
        pageTitle: string;
        /**
         * Label for the Passphrase cancel button
         */
        passphraseCancel: string;
        /**
         * Error message when invalid passphrase is provided
         */
        passphraseError: string;
        /**
         * Passphrase
         */
        passphraseLabel: string;
        passphraseMessage: string;
        /**
         * Label for the Passphrase submit button
         */
        passphraseSubmit: string;
        /**
         * Title for passphrase details page
         */
        passphraseTitle: string;
        /**
         * Whether to show \"Powered by Mist\"
         */
        poweredBy: boolean;
        /**
         * Whether to require the Privacy Term acceptance
         */
        privacy: boolean;
        /**
         * Prefix of the label of the link to go to Privacy Policy
         */
        privacyPolicyAcceptLabel: string;
        /**
         * Error message when Privacy Policy not accepted
         */
        privacyPolicyError: string;
        /**
         * Label of the link to go to Privacy Policy
         */
        privacyPolicyLink: string;
        /**
         * Text of the Privacy Policy
         */
        privacyPolicyText: string;
        /**
         * Label to denote required field
         */
        requiredFieldLabel: string;
        responsiveLayout: boolean;
        /**
         * Label of the button to signin
         */
        signInLabel: string;
        smsCarrierDefault: string;
        smsCarrierError: string;
        /**
         * Label for mobile carrier drop-down list
         */
        smsCarrierFieldLabel: string;
        /**
         * Label for cancel confirmation code submission
         */
        smsCodeCancel: string;
        /**
         * Error message when confirmation code is invalid
         */
        smsCodeError: string;
        smsCodeFieldLabel: string;
        smsCodeMessage: string;
        /**
         * Label for confirmation code submit button
         */
        smsCodeSubmit: string;
        smsCodeTitle: string;
        smsCountryFieldLabel: string;
        smsCountryFormat: string;
        /**
         * Label for checkbox to specify that the user has access code
         */
        smsHaveAccessCode: string;
        smsIsTwilio: boolean;
        /**
         * Format of access code sms message. {{code}} and {{duration}} are placeholders and should be retained as is.
         */
        smsMessageFormat?: string;
        /**
         * Label for canceling mobile details for SMS auth
         */
        smsNumberCancel: string;
        smsNumberError: string;
        /**
         * Label for field to provide mobile number
         */
        smsNumberFieldLabel: string;
        smsNumberFormat: string;
        smsNumberMessage: string;
        /**
         * Label for submit button for code generation
         */
        smsNumberSubmit: string;
        /**
         * Title for phone number details
         */
        smsNumberTitle: string;
        smsUsernameFormat: string;
        /**
         * How long confirmation code should be considered valid (in minutes)
         */
        smsValidityDuration?: number;
        sponsorBackLink: string;
        sponsorCancel: string;
        /**
         * Label for Sponsor Email
         */
        sponsorEmail: string;
        sponsorEmailError: string;
        /**
         * HTML template to replace/override default sponsor email template
         * Sponsor Email Template supports following template variables:
         *   * `approveUrl`: Renders URL to approve the request; optionally &minutes=N query param can be appended to change the Authorization period of the guest, where N is a valid integer denoting number of minutes a guest remains authorized
         *   * `denyUrl`: Renders URL to reject the request
         *   * `guestEmail`: Renders Email ID of the guest
         *   * `guestName`: Renders Name of the guest
         *   * `field1`: Renders value of the Custom Field 1
         *   * `field2`: Renders value of the Custom Field 2
         *   * `sponsorLinkValidityDuration`: Renders validity time of the request (i.e. Approve/Deny URL)
         *   * `authExpireMinutes`: Renders Wlan-level configured Guest Authorization Expiration time period (in minutes), If not configured then default (1 day in minutes)
         */
        sponsorEmailTemplate: string;
        sponsorInfoApproved: string;
        sponsorInfoDenied: string;
        sponsorInfoPending: string;
        /**
         * Label for Sponsor Name
         */
        sponsorName: string;
        sponsorNameError: string;
        sponsorNotePending: string;
        /**
         * Submit button label request Wifi Access and notify sponsor about guest request
         */
        sponsorRequestAccess: string;
        /**
         * Text to display if sponsor approves request
         */
        sponsorStatusApproved: string;
        /**
         * Text to display when sponsor denies request
         */
        sponsorStatusDenied: string;
        /**
         * Text to display if request is still pending
         */
        sponsorStatusPending: string;
        /**
         * Submit button label to notify sponsor about guest request
         */
        sponsorSubmit: string;
        sponsorsError: string;
        sponsorsFieldLabel: string;
        tos: boolean;
        /**
         * Prefix of the label of the link to go to tos
         */
        tosAcceptLabel: string;
        /**
         * Error message when tos not accepted
         */
        tosError: string;
        /**
         * Label of the link to go to tos
         */
        tosLink: string;
        /**
         * Text of the Terms of Service
         */
        tosText: string;
    }
    interface WlanPortalTemplatePortalTemplateLocales {
        /**
         * Label for Amazon auth button
         */
        authButtonAmazon?: string;
        /**
         * Label for Azure auth button
         */
        authButtonAzure?: string;
        /**
         * Label for Email auth button
         */
        authButtonEmail?: string;
        /**
         * Label for Facebook auth button
         */
        authButtonFacebook?: string;
        /**
         * Label for Google auth button
         */
        authButtonGoogle?: string;
        /**
         * Label for Microsoft auth button
         */
        authButtonMicrosoft?: string;
        /**
         * Label for passphrase auth button
         */
        authButtonPassphrase?: string;
        /**
         * Label for SMS auth button
         */
        authButtonSms?: string;
        /**
         * Label for Sponsor auth button
         */
        authButtonSponsor?: string;
        authLabel?: string;
        /**
         * Label of the link to go back to /logon
         */
        backLink?: string;
        /**
         * Error message when company not provided
         */
        companyError?: string;
        /**
         * Label of company field
         */
        companyLabel?: string;
        /**
         * Error message when a user has valid social login but doesn't match specified email domains.
         */
        emailAccessDomainError?: string;
        /**
         * Label for cancel confirmation code submission using email auth
         */
        emailCancel?: string;
        emailCodeCancel?: string;
        emailCodeError?: string;
        emailCodeFieldLabel?: string;
        emailCodeMessage?: string;
        emailCodeSubmit?: string;
        emailCodeTitle?: string;
        /**
         * Error message when email not provided
         */
        emailError?: string;
        emailFieldLabel?: string;
        /**
         * Label of email field
         */
        emailLabel?: string;
        emailMessage?: string;
        /**
         * Label for confirmation code submit button using email auth
         */
        emailSubmit?: string;
        /**
         * Title for the Email registration
         */
        emailTitle?: string;
        /**
         * Error message when field1 not provided
         */
        field1error?: string;
        /**
         * Label of field1
         */
        field1label?: string;
        /**
         * Error message when field2 not provided
         */
        field2error?: string;
        /**
         * Label of field2
         */
        field2label?: string;
        /**
         * Error message when field3 not provided
         */
        field3error?: string;
        /**
         * Label of field3
         */
        field3label?: string;
        /**
         * Error message when field4 not provided
         */
        field4error?: string;
        /**
         * Label of field4
         */
        field4label?: string;
        /**
         * label of the link to go to /marketing_policy
         */
        marketingPolicyLink?: string;
        /**
         * Whether marketing policy optin is enabled
         */
        marketingPolicyOptIn?: boolean;
        /**
         * label for marketing optin
         */
        marketingPolicyOptInLabel?: string;
        /**
         * marketing policy text
         */
        marketingPolicyOptInText?: string;
        message?: string;
        /**
         * Error message when name not provided
         */
        nameError?: string;
        /**
         * Label of name field
         */
        nameLabel?: string;
        /**
         * Label for Do Not Store My Personal Information
         */
        optoutLabel?: string;
        pageTitle?: string;
        /**
         * Label for the Passphrase cancel button
         */
        passphraseCancel?: string;
        /**
         * Error message when invalid passphrase is provided
         */
        passphraseError?: string;
        /**
         * Passphrase
         */
        passphraseLabel?: string;
        passphraseMessage?: string;
        /**
         * Label for the Passphrase submit button
         */
        passphraseSubmit?: string;
        /**
         * Title for passphrase details page
         */
        passphraseTitle?: string;
        /**
         * Prefix of the label of the link to go to Privacy Policy
         */
        privacyPolicyAcceptLabel?: string;
        /**
         * Error message when Privacy Policy not accepted
         */
        privacyPolicyError?: string;
        /**
         * Label of the link to go to Privacy Policy
         */
        privacyPolicyLink?: string;
        /**
         * Text of the Privacy Policy
         */
        privacyPolicyText?: string;
        /**
         * Label to denote required field
         */
        requiredFieldLabel?: string;
        /**
         * Label of the button to signin
         */
        signInLabel?: string;
        smsCarrierDefault?: string;
        smsCarrierError?: string;
        /**
         * Label for mobile carrier drop-down list
         */
        smsCarrierFieldLabel?: string;
        /**
         * Label for cancel confirmation code submission
         */
        smsCodeCancel?: string;
        /**
         * Error message when confirmation code is invalid
         */
        smsCodeError?: string;
        smsCodeFieldLabel?: string;
        smsCodeMessage?: string;
        /**
         * Label for confirmation code submit button
         */
        smsCodeSubmit?: string;
        smsCodeTitle?: string;
        smsCountryFieldLabel?: string;
        smsCountryFormat?: string;
        /**
         * Label for checkbox to specify that the user has access code
         */
        smsHaveAccessCode?: string;
        /**
         * Format of access code sms message. {{code}} and {{duration}} are placeholders and should be retained as is.
         */
        smsMessageFormat?: string;
        /**
         * Label for canceling mobile details for SMS auth
         */
        smsNumberCancel?: string;
        smsNumberError?: string;
        /**
         * Label for field to provide mobile number
         */
        smsNumberFieldLabel?: string;
        smsNumberFormat?: string;
        smsNumberMessage?: string;
        /**
         * Label for submit button for code generation
         */
        smsNumberSubmit?: string;
        /**
         * Title for phone number details
         */
        smsNumberTitle?: string;
        smsUsernameFormat?: string;
        sponsorBackLink?: string;
        sponsorCancel?: string;
        /**
         * Label for Sponsor Email
         */
        sponsorEmail?: string;
        sponsorEmailError?: string;
        sponsorInfoApproved?: string;
        sponsorInfoDenied?: string;
        sponsorInfoPending?: string;
        /**
         * Label for Sponsor Name
         */
        sponsorName?: string;
        sponsorNameError?: string;
        sponsorNotePending?: string;
        /**
         * Submit button label request Wifi Access and notify sponsor about guest request
         */
        sponsorRequestAccess?: string;
        /**
         * Text to display if sponsor approves request
         */
        sponsorStatusApproved?: string;
        /**
         * Text to display when sponsor denies request
         */
        sponsorStatusDenied?: string;
        /**
         * Text to display if request is still pending
         */
        sponsorStatusPending?: string;
        /**
         * Submit button label to notify sponsor about guest request
         */
        sponsorSubmit?: string;
        sponsorsError?: string;
        sponsorsFieldLabel?: string;
        /**
         * Prefix of the label of the link to go to tos
         */
        tosAcceptLabel?: string;
        /**
         * Error message when tos not accepted
         */
        tosError?: string;
        /**
         * Label of the link to go to tos
         */
        tosLink?: string;
        /**
         * Text of the Terms of Service
         */
        tosText?: string;
    }
    interface WlanQos {
        /**
         * enum: `background`, `bestEffort`, `video`, `voice`
         */
        class: string;
        /**
         * Whether to overwrite QoS
         */
        overwrite: boolean;
    }
    interface WlanRadsec {
        coaEnabled?: boolean;
        enabled?: boolean;
        idleTimeout?: string;
        /**
         * To use Org mxedges when this WLAN does not use mxtunnel, specify their mxcluster_ids. Org mxedge(s) identified by mxcluster_ids
         */
        mxclusterIds?: string[];
        /**
         * Default is site.mxedge.radsec.proxy_hosts which must be a superset of all `wlans[*].radsec.proxy_hosts`. When `radsec.proxy_hosts` are not used, tunnel peers (org or site mxedges) are used irrespective of `useSiteMxedge`
         */
        proxyHosts?: string[];
        /**
         * Name of the server to verify (against the cacerts in Org Setting). Only if not Mist Edge.
         */
        serverName: string;
        /**
         * List of RadSec Servers. Only if not Mist Edge.
         */
        servers?: outputs.site.WlanRadsecServer[];
        /**
         * use mxedge(s) as RadSec Proxy
         */
        useMxedge?: boolean;
        /**
         * To use Site mxedges when this WLAN does not use mxtunnel
         */
        useSiteMxedge?: boolean;
    }
    interface WlanRadsecServer {
        host?: string;
        port?: number;
    }
    interface WlanRateset {
        /**
         * If `template`==`custom`. EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit)
         */
        eht?: string;
        /**
         * If `template`==`custom`. HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit
         */
        he?: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20)
         */
        ht?: string;
        /**
         * if `template`==`custom`. List of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If `template`==`custom` is configured and legacy does not define at least one basic rate, it will use `no-legacy` default values. enum: `1`, `11`, `11b`, `12`, `12b`, `18`, `18b`, `1b`, `2`, `24`, `24b`, `2b`, `36`, `36b`, `48`, `48b`, `5.5`, `5.5b`, `54`, `54b`, `6`, `6b`, `9`, `9b`
         */
        legacies?: string[];
        /**
         * Minimum RSSI for client to connect, 0 means not enforcing
         */
        minRssi: number;
        /**
         * Data Rates template to apply. enum:
         *   * `no-legacy`: no 11b
         *   * `compatible`: all, like before, default setting that Broadcom/Atheros used
         *   * `legacy-only`: disable 802.11n and 802.11ac
         *   * `high-density`: no 11b, no low rates
         *   * `custom`: user defined
         */
        template: string;
        /**
         * If `template`==`custom`. MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams.
         */
        vht?: string;
    }
    interface WlanSchedule {
        enabled: boolean;
        /**
         * Days/Hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun)
         */
        hours?: outputs.site.WlanScheduleHours;
    }
    interface WlanScheduleHours {
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        fri?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        mon?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sat?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        sun?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        thu?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        tue?: string;
        /**
         * Hour range of the day (e.g. `09:00-17:00`). If the hour is not defined then it's treated as 00:00-23:59.
         */
        wed?: string;
    }
    interface WxtagSpec {
        /**
         * Matched destination port, "0" means any
         */
        portRange: string;
        /**
         * tcp / udp / icmp / gre / any / ":protocol_number", `protocolNumber` is between 1-254
         */
        protocol: string;
        /**
         * Matched destination subnets and/or IP Addresses
         */
        subnets: string[];
    }
}
