1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Vip
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

fortios.firewall.Vip

Explore with Pulumi AI

fortios logo
Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse

    Configure virtual IP for IPv4.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.firewall.Vip("trname", {
        arpReply: "enable",
        color: 0,
        dnsMappingTtl: 0,
        extintf: "any",
        extip: "1.0.0.1-1.0.0.2",
        extport: "0-65535",
        fosid: 0,
        httpCookieAge: 60,
        httpCookieDomainFromHost: "disable",
        httpCookieGeneration: 0,
        httpCookieShare: "same-ip",
        httpIpHeader: "disable",
        httpMultiplex: "disable",
        httpsCookieSecure: "disable",
        ldbMethod: "static",
        mappedips: [{
            range: "3.0.0.0-3.0.0.1",
        }],
        mappedport: "0-65535",
        maxEmbryonicConnections: 1000,
        natSourceVip: "disable",
        outlookWebAccess: "disable",
        persistence: "none",
        portforward: "disable",
        portmappingType: "1-to-1",
        protocol: "tcp",
        sslAlgorithm: "high",
        sslClientFallback: "enable",
        sslClientRenegotiation: "secure",
        sslClientSessionStateMax: 1000,
        sslClientSessionStateTimeout: 30,
        sslClientSessionStateType: "both",
        sslDhBits: "2048",
        sslHpkp: "disable",
        sslHpkpAge: 5184000,
        sslHpkpIncludeSubdomains: "disable",
        sslHsts: "disable",
        sslHstsAge: 5184000,
        sslHstsIncludeSubdomains: "disable",
        sslHttpLocationConversion: "disable",
        sslHttpMatchHost: "enable",
        sslMaxVersion: "tls-1.2",
        sslMinVersion: "tls-1.1",
        sslMode: "half",
        sslPfs: "require",
        sslSendEmptyFrags: "enable",
        sslServerAlgorithm: "client",
        sslServerMaxVersion: "client",
        sslServerMinVersion: "client",
        sslServerSessionStateMax: 100,
        sslServerSessionStateTimeout: 60,
        sslServerSessionStateType: "both",
        type: "static-nat",
        weblogicServer: "disable",
        websphereServer: "disable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.firewall.Vip("trname",
        arp_reply="enable",
        color=0,
        dns_mapping_ttl=0,
        extintf="any",
        extip="1.0.0.1-1.0.0.2",
        extport="0-65535",
        fosid=0,
        http_cookie_age=60,
        http_cookie_domain_from_host="disable",
        http_cookie_generation=0,
        http_cookie_share="same-ip",
        http_ip_header="disable",
        http_multiplex="disable",
        https_cookie_secure="disable",
        ldb_method="static",
        mappedips=[fortios.firewall.VipMappedipArgs(
            range="3.0.0.0-3.0.0.1",
        )],
        mappedport="0-65535",
        max_embryonic_connections=1000,
        nat_source_vip="disable",
        outlook_web_access="disable",
        persistence="none",
        portforward="disable",
        portmapping_type="1-to-1",
        protocol="tcp",
        ssl_algorithm="high",
        ssl_client_fallback="enable",
        ssl_client_renegotiation="secure",
        ssl_client_session_state_max=1000,
        ssl_client_session_state_timeout=30,
        ssl_client_session_state_type="both",
        ssl_dh_bits="2048",
        ssl_hpkp="disable",
        ssl_hpkp_age=5184000,
        ssl_hpkp_include_subdomains="disable",
        ssl_hsts="disable",
        ssl_hsts_age=5184000,
        ssl_hsts_include_subdomains="disable",
        ssl_http_location_conversion="disable",
        ssl_http_match_host="enable",
        ssl_max_version="tls-1.2",
        ssl_min_version="tls-1.1",
        ssl_mode="half",
        ssl_pfs="require",
        ssl_send_empty_frags="enable",
        ssl_server_algorithm="client",
        ssl_server_max_version="client",
        ssl_server_min_version="client",
        ssl_server_session_state_max=100,
        ssl_server_session_state_timeout=60,
        ssl_server_session_state_type="both",
        type="static-nat",
        weblogic_server="disable",
        websphere_server="disable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewVip(ctx, "trname", &firewall.VipArgs{
    			ArpReply:                 pulumi.String("enable"),
    			Color:                    pulumi.Int(0),
    			DnsMappingTtl:            pulumi.Int(0),
    			Extintf:                  pulumi.String("any"),
    			Extip:                    pulumi.String("1.0.0.1-1.0.0.2"),
    			Extport:                  pulumi.String("0-65535"),
    			Fosid:                    pulumi.Int(0),
    			HttpCookieAge:            pulumi.Int(60),
    			HttpCookieDomainFromHost: pulumi.String("disable"),
    			HttpCookieGeneration:     pulumi.Int(0),
    			HttpCookieShare:          pulumi.String("same-ip"),
    			HttpIpHeader:             pulumi.String("disable"),
    			HttpMultiplex:            pulumi.String("disable"),
    			HttpsCookieSecure:        pulumi.String("disable"),
    			LdbMethod:                pulumi.String("static"),
    			Mappedips: firewall.VipMappedipArray{
    				&firewall.VipMappedipArgs{
    					Range: pulumi.String("3.0.0.0-3.0.0.1"),
    				},
    			},
    			Mappedport:                   pulumi.String("0-65535"),
    			MaxEmbryonicConnections:      pulumi.Int(1000),
    			NatSourceVip:                 pulumi.String("disable"),
    			OutlookWebAccess:             pulumi.String("disable"),
    			Persistence:                  pulumi.String("none"),
    			Portforward:                  pulumi.String("disable"),
    			PortmappingType:              pulumi.String("1-to-1"),
    			Protocol:                     pulumi.String("tcp"),
    			SslAlgorithm:                 pulumi.String("high"),
    			SslClientFallback:            pulumi.String("enable"),
    			SslClientRenegotiation:       pulumi.String("secure"),
    			SslClientSessionStateMax:     pulumi.Int(1000),
    			SslClientSessionStateTimeout: pulumi.Int(30),
    			SslClientSessionStateType:    pulumi.String("both"),
    			SslDhBits:                    pulumi.String("2048"),
    			SslHpkp:                      pulumi.String("disable"),
    			SslHpkpAge:                   pulumi.Int(5184000),
    			SslHpkpIncludeSubdomains:     pulumi.String("disable"),
    			SslHsts:                      pulumi.String("disable"),
    			SslHstsAge:                   pulumi.Int(5184000),
    			SslHstsIncludeSubdomains:     pulumi.String("disable"),
    			SslHttpLocationConversion:    pulumi.String("disable"),
    			SslHttpMatchHost:             pulumi.String("enable"),
    			SslMaxVersion:                pulumi.String("tls-1.2"),
    			SslMinVersion:                pulumi.String("tls-1.1"),
    			SslMode:                      pulumi.String("half"),
    			SslPfs:                       pulumi.String("require"),
    			SslSendEmptyFrags:            pulumi.String("enable"),
    			SslServerAlgorithm:           pulumi.String("client"),
    			SslServerMaxVersion:          pulumi.String("client"),
    			SslServerMinVersion:          pulumi.String("client"),
    			SslServerSessionStateMax:     pulumi.Int(100),
    			SslServerSessionStateTimeout: pulumi.Int(60),
    			SslServerSessionStateType:    pulumi.String("both"),
    			Type:                         pulumi.String("static-nat"),
    			WeblogicServer:               pulumi.String("disable"),
    			WebsphereServer:              pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Firewall.Vip("trname", new()
        {
            ArpReply = "enable",
            Color = 0,
            DnsMappingTtl = 0,
            Extintf = "any",
            Extip = "1.0.0.1-1.0.0.2",
            Extport = "0-65535",
            Fosid = 0,
            HttpCookieAge = 60,
            HttpCookieDomainFromHost = "disable",
            HttpCookieGeneration = 0,
            HttpCookieShare = "same-ip",
            HttpIpHeader = "disable",
            HttpMultiplex = "disable",
            HttpsCookieSecure = "disable",
            LdbMethod = "static",
            Mappedips = new[]
            {
                new Fortios.Firewall.Inputs.VipMappedipArgs
                {
                    Range = "3.0.0.0-3.0.0.1",
                },
            },
            Mappedport = "0-65535",
            MaxEmbryonicConnections = 1000,
            NatSourceVip = "disable",
            OutlookWebAccess = "disable",
            Persistence = "none",
            Portforward = "disable",
            PortmappingType = "1-to-1",
            Protocol = "tcp",
            SslAlgorithm = "high",
            SslClientFallback = "enable",
            SslClientRenegotiation = "secure",
            SslClientSessionStateMax = 1000,
            SslClientSessionStateTimeout = 30,
            SslClientSessionStateType = "both",
            SslDhBits = "2048",
            SslHpkp = "disable",
            SslHpkpAge = 5184000,
            SslHpkpIncludeSubdomains = "disable",
            SslHsts = "disable",
            SslHstsAge = 5184000,
            SslHstsIncludeSubdomains = "disable",
            SslHttpLocationConversion = "disable",
            SslHttpMatchHost = "enable",
            SslMaxVersion = "tls-1.2",
            SslMinVersion = "tls-1.1",
            SslMode = "half",
            SslPfs = "require",
            SslSendEmptyFrags = "enable",
            SslServerAlgorithm = "client",
            SslServerMaxVersion = "client",
            SslServerMinVersion = "client",
            SslServerSessionStateMax = 100,
            SslServerSessionStateTimeout = 60,
            SslServerSessionStateType = "both",
            Type = "static-nat",
            WeblogicServer = "disable",
            WebsphereServer = "disable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Vip;
    import com.pulumi.fortios.firewall.VipArgs;
    import com.pulumi.fortios.firewall.inputs.VipMappedipArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Vip("trname", VipArgs.builder()        
                .arpReply("enable")
                .color(0)
                .dnsMappingTtl(0)
                .extintf("any")
                .extip("1.0.0.1-1.0.0.2")
                .extport("0-65535")
                .fosid(0)
                .httpCookieAge(60)
                .httpCookieDomainFromHost("disable")
                .httpCookieGeneration(0)
                .httpCookieShare("same-ip")
                .httpIpHeader("disable")
                .httpMultiplex("disable")
                .httpsCookieSecure("disable")
                .ldbMethod("static")
                .mappedips(VipMappedipArgs.builder()
                    .range("3.0.0.0-3.0.0.1")
                    .build())
                .mappedport("0-65535")
                .maxEmbryonicConnections(1000)
                .natSourceVip("disable")
                .outlookWebAccess("disable")
                .persistence("none")
                .portforward("disable")
                .portmappingType("1-to-1")
                .protocol("tcp")
                .sslAlgorithm("high")
                .sslClientFallback("enable")
                .sslClientRenegotiation("secure")
                .sslClientSessionStateMax(1000)
                .sslClientSessionStateTimeout(30)
                .sslClientSessionStateType("both")
                .sslDhBits("2048")
                .sslHpkp("disable")
                .sslHpkpAge(5184000)
                .sslHpkpIncludeSubdomains("disable")
                .sslHsts("disable")
                .sslHstsAge(5184000)
                .sslHstsIncludeSubdomains("disable")
                .sslHttpLocationConversion("disable")
                .sslHttpMatchHost("enable")
                .sslMaxVersion("tls-1.2")
                .sslMinVersion("tls-1.1")
                .sslMode("half")
                .sslPfs("require")
                .sslSendEmptyFrags("enable")
                .sslServerAlgorithm("client")
                .sslServerMaxVersion("client")
                .sslServerMinVersion("client")
                .sslServerSessionStateMax(100)
                .sslServerSessionStateTimeout(60)
                .sslServerSessionStateType("both")
                .type("static-nat")
                .weblogicServer("disable")
                .websphereServer("disable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:firewall:Vip
        properties:
          arpReply: enable
          color: 0
          dnsMappingTtl: 0
          extintf: any
          extip: 1.0.0.1-1.0.0.2
          extport: 0-65535
          fosid: 0
          httpCookieAge: 60
          httpCookieDomainFromHost: disable
          httpCookieGeneration: 0
          httpCookieShare: same-ip
          httpIpHeader: disable
          httpMultiplex: disable
          httpsCookieSecure: disable
          ldbMethod: static
          mappedips:
            - range: 3.0.0.0-3.0.0.1
          mappedport: 0-65535
          maxEmbryonicConnections: 1000
          natSourceVip: disable
          outlookWebAccess: disable
          persistence: none
          portforward: disable
          portmappingType: 1-to-1
          protocol: tcp
          sslAlgorithm: high
          sslClientFallback: enable
          sslClientRenegotiation: secure
          sslClientSessionStateMax: 1000
          sslClientSessionStateTimeout: 30
          sslClientSessionStateType: both
          sslDhBits: '2048'
          sslHpkp: disable
          sslHpkpAge: 5.184e+06
          sslHpkpIncludeSubdomains: disable
          sslHsts: disable
          sslHstsAge: 5.184e+06
          sslHstsIncludeSubdomains: disable
          sslHttpLocationConversion: disable
          sslHttpMatchHost: enable
          sslMaxVersion: tls-1.2
          sslMinVersion: tls-1.1
          sslMode: half
          sslPfs: require
          sslSendEmptyFrags: enable
          sslServerAlgorithm: client
          sslServerMaxVersion: client
          sslServerMinVersion: client
          sslServerSessionStateMax: 100
          sslServerSessionStateTimeout: 60
          sslServerSessionStateType: both
          type: static-nat
          weblogicServer: disable
          websphereServer: disable
    

    Create Vip Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Vip(name: string, args?: VipArgs, opts?: CustomResourceOptions);
    @overload
    def Vip(resource_name: str,
            args: Optional[VipArgs] = None,
            opts: Optional[ResourceOptions] = None)
    
    @overload
    def Vip(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            add_nat46_route: Optional[str] = None,
            arp_reply: Optional[str] = None,
            color: Optional[int] = None,
            comment: Optional[str] = None,
            dns_mapping_ttl: Optional[int] = None,
            dynamic_sort_subtable: Optional[str] = None,
            extaddrs: Optional[Sequence[VipExtaddrArgs]] = None,
            extintf: Optional[str] = None,
            extip: Optional[str] = None,
            extport: Optional[str] = None,
            fosid: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            gratuitous_arp_interval: Optional[int] = None,
            gslb_domain_name: Optional[str] = None,
            gslb_hostname: Optional[str] = None,
            gslb_public_ips: Optional[Sequence[VipGslbPublicIpArgs]] = None,
            h2_support: Optional[str] = None,
            h3_support: Optional[str] = None,
            http_cookie_age: Optional[int] = None,
            http_cookie_domain: Optional[str] = None,
            http_cookie_domain_from_host: Optional[str] = None,
            http_cookie_generation: Optional[int] = None,
            http_cookie_path: Optional[str] = None,
            http_cookie_share: Optional[str] = None,
            http_ip_header: Optional[str] = None,
            http_ip_header_name: Optional[str] = None,
            http_multiplex: Optional[str] = None,
            http_multiplex_max_concurrent_request: Optional[int] = None,
            http_multiplex_max_request: Optional[int] = None,
            http_multiplex_ttl: Optional[int] = None,
            http_redirect: Optional[str] = None,
            http_supported_max_version: Optional[str] = None,
            https_cookie_secure: Optional[str] = None,
            ipv6_mappedip: Optional[str] = None,
            ipv6_mappedport: Optional[str] = None,
            ldb_method: Optional[str] = None,
            mapped_addr: Optional[str] = None,
            mappedips: Optional[Sequence[VipMappedipArgs]] = None,
            mappedport: Optional[str] = None,
            max_embryonic_connections: Optional[int] = None,
            monitors: Optional[Sequence[VipMonitorArgs]] = None,
            name: Optional[str] = None,
            nat44: Optional[str] = None,
            nat46: Optional[str] = None,
            nat_source_vip: Optional[str] = None,
            one_click_gslb_server: Optional[str] = None,
            outlook_web_access: Optional[str] = None,
            persistence: Optional[str] = None,
            portforward: Optional[str] = None,
            portmapping_type: Optional[str] = None,
            protocol: Optional[str] = None,
            quic: Optional[VipQuicArgs] = None,
            realservers: Optional[Sequence[VipRealserverArgs]] = None,
            server_type: Optional[str] = None,
            services: Optional[Sequence[VipServiceArgs]] = None,
            src_filters: Optional[Sequence[VipSrcFilterArgs]] = None,
            srcintf_filters: Optional[Sequence[VipSrcintfFilterArgs]] = None,
            ssl_accept_ffdhe_groups: Optional[str] = None,
            ssl_algorithm: Optional[str] = None,
            ssl_certificate: Optional[str] = None,
            ssl_cipher_suites: Optional[Sequence[VipSslCipherSuiteArgs]] = None,
            ssl_client_fallback: Optional[str] = None,
            ssl_client_rekey_count: Optional[int] = None,
            ssl_client_renegotiation: Optional[str] = None,
            ssl_client_session_state_max: Optional[int] = None,
            ssl_client_session_state_timeout: Optional[int] = None,
            ssl_client_session_state_type: Optional[str] = None,
            ssl_dh_bits: Optional[str] = None,
            ssl_hpkp: Optional[str] = None,
            ssl_hpkp_age: Optional[int] = None,
            ssl_hpkp_backup: Optional[str] = None,
            ssl_hpkp_include_subdomains: Optional[str] = None,
            ssl_hpkp_primary: Optional[str] = None,
            ssl_hpkp_report_uri: Optional[str] = None,
            ssl_hsts: Optional[str] = None,
            ssl_hsts_age: Optional[int] = None,
            ssl_hsts_include_subdomains: Optional[str] = None,
            ssl_http_location_conversion: Optional[str] = None,
            ssl_http_match_host: Optional[str] = None,
            ssl_max_version: Optional[str] = None,
            ssl_min_version: Optional[str] = None,
            ssl_mode: Optional[str] = None,
            ssl_pfs: Optional[str] = None,
            ssl_send_empty_frags: Optional[str] = None,
            ssl_server_algorithm: Optional[str] = None,
            ssl_server_cipher_suites: Optional[Sequence[VipSslServerCipherSuiteArgs]] = None,
            ssl_server_max_version: Optional[str] = None,
            ssl_server_min_version: Optional[str] = None,
            ssl_server_renegotiation: Optional[str] = None,
            ssl_server_session_state_max: Optional[int] = None,
            ssl_server_session_state_timeout: Optional[int] = None,
            ssl_server_session_state_type: Optional[str] = None,
            status: Optional[str] = None,
            type: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            weblogic_server: Optional[str] = None,
            websphere_server: Optional[str] = None)
    func NewVip(ctx *Context, name string, args *VipArgs, opts ...ResourceOption) (*Vip, error)
    public Vip(string name, VipArgs? args = null, CustomResourceOptions? opts = null)
    public Vip(String name, VipArgs args)
    public Vip(String name, VipArgs args, CustomResourceOptions options)
    
    type: fortios:firewall:Vip
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VipArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VipArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VipArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VipArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VipArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var vipResource = new Fortios.Firewall.Vip("vipResource", new()
    {
        AddNat46Route = "string",
        ArpReply = "string",
        Color = 0,
        Comment = "string",
        DnsMappingTtl = 0,
        DynamicSortSubtable = "string",
        Extaddrs = new[]
        {
            new Fortios.Firewall.Inputs.VipExtaddrArgs
            {
                Name = "string",
            },
        },
        Extintf = "string",
        Extip = "string",
        Extport = "string",
        Fosid = 0,
        GetAllTables = "string",
        GratuitousArpInterval = 0,
        GslbDomainName = "string",
        GslbHostname = "string",
        GslbPublicIps = new[]
        {
            new Fortios.Firewall.Inputs.VipGslbPublicIpArgs
            {
                Index = 0,
                Ip = "string",
            },
        },
        H2Support = "string",
        H3Support = "string",
        HttpCookieAge = 0,
        HttpCookieDomain = "string",
        HttpCookieDomainFromHost = "string",
        HttpCookieGeneration = 0,
        HttpCookiePath = "string",
        HttpCookieShare = "string",
        HttpIpHeader = "string",
        HttpIpHeaderName = "string",
        HttpMultiplex = "string",
        HttpMultiplexMaxConcurrentRequest = 0,
        HttpMultiplexMaxRequest = 0,
        HttpMultiplexTtl = 0,
        HttpRedirect = "string",
        HttpSupportedMaxVersion = "string",
        HttpsCookieSecure = "string",
        Ipv6Mappedip = "string",
        Ipv6Mappedport = "string",
        LdbMethod = "string",
        MappedAddr = "string",
        Mappedips = new[]
        {
            new Fortios.Firewall.Inputs.VipMappedipArgs
            {
                Range = "string",
            },
        },
        Mappedport = "string",
        MaxEmbryonicConnections = 0,
        Monitors = new[]
        {
            new Fortios.Firewall.Inputs.VipMonitorArgs
            {
                Name = "string",
            },
        },
        Name = "string",
        Nat44 = "string",
        Nat46 = "string",
        NatSourceVip = "string",
        OneClickGslbServer = "string",
        OutlookWebAccess = "string",
        Persistence = "string",
        Portforward = "string",
        PortmappingType = "string",
        Protocol = "string",
        Quic = new Fortios.Firewall.Inputs.VipQuicArgs
        {
            AckDelayExponent = 0,
            ActiveConnectionIdLimit = 0,
            ActiveMigration = "string",
            GreaseQuicBit = "string",
            MaxAckDelay = 0,
            MaxDatagramFrameSize = 0,
            MaxIdleTimeout = 0,
            MaxUdpPayloadSize = 0,
        },
        Realservers = new[]
        {
            new Fortios.Firewall.Inputs.VipRealserverArgs
            {
                Address = "string",
                ClientIp = "string",
                Healthcheck = "string",
                HolddownInterval = 0,
                HttpHost = "string",
                Id = 0,
                Ip = "string",
                MaxConnections = 0,
                Monitor = "string",
                Port = 0,
                Status = "string",
                TranslateHost = "string",
                Type = "string",
                Weight = 0,
            },
        },
        ServerType = "string",
        Services = new[]
        {
            new Fortios.Firewall.Inputs.VipServiceArgs
            {
                Name = "string",
            },
        },
        SrcFilters = new[]
        {
            new Fortios.Firewall.Inputs.VipSrcFilterArgs
            {
                Range = "string",
            },
        },
        SrcintfFilters = new[]
        {
            new Fortios.Firewall.Inputs.VipSrcintfFilterArgs
            {
                InterfaceName = "string",
            },
        },
        SslAcceptFfdheGroups = "string",
        SslAlgorithm = "string",
        SslCertificate = "string",
        SslCipherSuites = new[]
        {
            new Fortios.Firewall.Inputs.VipSslCipherSuiteArgs
            {
                Cipher = "string",
                Priority = 0,
                Versions = "string",
            },
        },
        SslClientFallback = "string",
        SslClientRekeyCount = 0,
        SslClientRenegotiation = "string",
        SslClientSessionStateMax = 0,
        SslClientSessionStateTimeout = 0,
        SslClientSessionStateType = "string",
        SslDhBits = "string",
        SslHpkp = "string",
        SslHpkpAge = 0,
        SslHpkpBackup = "string",
        SslHpkpIncludeSubdomains = "string",
        SslHpkpPrimary = "string",
        SslHpkpReportUri = "string",
        SslHsts = "string",
        SslHstsAge = 0,
        SslHstsIncludeSubdomains = "string",
        SslHttpLocationConversion = "string",
        SslHttpMatchHost = "string",
        SslMaxVersion = "string",
        SslMinVersion = "string",
        SslMode = "string",
        SslPfs = "string",
        SslSendEmptyFrags = "string",
        SslServerAlgorithm = "string",
        SslServerCipherSuites = new[]
        {
            new Fortios.Firewall.Inputs.VipSslServerCipherSuiteArgs
            {
                Cipher = "string",
                Priority = 0,
                Versions = "string",
            },
        },
        SslServerMaxVersion = "string",
        SslServerMinVersion = "string",
        SslServerRenegotiation = "string",
        SslServerSessionStateMax = 0,
        SslServerSessionStateTimeout = 0,
        SslServerSessionStateType = "string",
        Status = "string",
        Type = "string",
        Uuid = "string",
        Vdomparam = "string",
        WeblogicServer = "string",
        WebsphereServer = "string",
    });
    
    example, err := firewall.NewVip(ctx, "vipResource", &firewall.VipArgs{
    	AddNat46Route:       pulumi.String("string"),
    	ArpReply:            pulumi.String("string"),
    	Color:               pulumi.Int(0),
    	Comment:             pulumi.String("string"),
    	DnsMappingTtl:       pulumi.Int(0),
    	DynamicSortSubtable: pulumi.String("string"),
    	Extaddrs: firewall.VipExtaddrArray{
    		&firewall.VipExtaddrArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Extintf:               pulumi.String("string"),
    	Extip:                 pulumi.String("string"),
    	Extport:               pulumi.String("string"),
    	Fosid:                 pulumi.Int(0),
    	GetAllTables:          pulumi.String("string"),
    	GratuitousArpInterval: pulumi.Int(0),
    	GslbDomainName:        pulumi.String("string"),
    	GslbHostname:          pulumi.String("string"),
    	GslbPublicIps: firewall.VipGslbPublicIpArray{
    		&firewall.VipGslbPublicIpArgs{
    			Index: pulumi.Int(0),
    			Ip:    pulumi.String("string"),
    		},
    	},
    	H2Support:                         pulumi.String("string"),
    	H3Support:                         pulumi.String("string"),
    	HttpCookieAge:                     pulumi.Int(0),
    	HttpCookieDomain:                  pulumi.String("string"),
    	HttpCookieDomainFromHost:          pulumi.String("string"),
    	HttpCookieGeneration:              pulumi.Int(0),
    	HttpCookiePath:                    pulumi.String("string"),
    	HttpCookieShare:                   pulumi.String("string"),
    	HttpIpHeader:                      pulumi.String("string"),
    	HttpIpHeaderName:                  pulumi.String("string"),
    	HttpMultiplex:                     pulumi.String("string"),
    	HttpMultiplexMaxConcurrentRequest: pulumi.Int(0),
    	HttpMultiplexMaxRequest:           pulumi.Int(0),
    	HttpMultiplexTtl:                  pulumi.Int(0),
    	HttpRedirect:                      pulumi.String("string"),
    	HttpSupportedMaxVersion:           pulumi.String("string"),
    	HttpsCookieSecure:                 pulumi.String("string"),
    	Ipv6Mappedip:                      pulumi.String("string"),
    	Ipv6Mappedport:                    pulumi.String("string"),
    	LdbMethod:                         pulumi.String("string"),
    	MappedAddr:                        pulumi.String("string"),
    	Mappedips: firewall.VipMappedipArray{
    		&firewall.VipMappedipArgs{
    			Range: pulumi.String("string"),
    		},
    	},
    	Mappedport:              pulumi.String("string"),
    	MaxEmbryonicConnections: pulumi.Int(0),
    	Monitors: firewall.VipMonitorArray{
    		&firewall.VipMonitorArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Name:               pulumi.String("string"),
    	Nat44:              pulumi.String("string"),
    	Nat46:              pulumi.String("string"),
    	NatSourceVip:       pulumi.String("string"),
    	OneClickGslbServer: pulumi.String("string"),
    	OutlookWebAccess:   pulumi.String("string"),
    	Persistence:        pulumi.String("string"),
    	Portforward:        pulumi.String("string"),
    	PortmappingType:    pulumi.String("string"),
    	Protocol:           pulumi.String("string"),
    	Quic: &firewall.VipQuicArgs{
    		AckDelayExponent:        pulumi.Int(0),
    		ActiveConnectionIdLimit: pulumi.Int(0),
    		ActiveMigration:         pulumi.String("string"),
    		GreaseQuicBit:           pulumi.String("string"),
    		MaxAckDelay:             pulumi.Int(0),
    		MaxDatagramFrameSize:    pulumi.Int(0),
    		MaxIdleTimeout:          pulumi.Int(0),
    		MaxUdpPayloadSize:       pulumi.Int(0),
    	},
    	Realservers: firewall.VipRealserverArray{
    		&firewall.VipRealserverArgs{
    			Address:          pulumi.String("string"),
    			ClientIp:         pulumi.String("string"),
    			Healthcheck:      pulumi.String("string"),
    			HolddownInterval: pulumi.Int(0),
    			HttpHost:         pulumi.String("string"),
    			Id:               pulumi.Int(0),
    			Ip:               pulumi.String("string"),
    			MaxConnections:   pulumi.Int(0),
    			Monitor:          pulumi.String("string"),
    			Port:             pulumi.Int(0),
    			Status:           pulumi.String("string"),
    			TranslateHost:    pulumi.String("string"),
    			Type:             pulumi.String("string"),
    			Weight:           pulumi.Int(0),
    		},
    	},
    	ServerType: pulumi.String("string"),
    	Services: firewall.VipServiceArray{
    		&firewall.VipServiceArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SrcFilters: firewall.VipSrcFilterArray{
    		&firewall.VipSrcFilterArgs{
    			Range: pulumi.String("string"),
    		},
    	},
    	SrcintfFilters: firewall.VipSrcintfFilterArray{
    		&firewall.VipSrcintfFilterArgs{
    			InterfaceName: pulumi.String("string"),
    		},
    	},
    	SslAcceptFfdheGroups: pulumi.String("string"),
    	SslAlgorithm:         pulumi.String("string"),
    	SslCertificate:       pulumi.String("string"),
    	SslCipherSuites: firewall.VipSslCipherSuiteArray{
    		&firewall.VipSslCipherSuiteArgs{
    			Cipher:   pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Versions: pulumi.String("string"),
    		},
    	},
    	SslClientFallback:            pulumi.String("string"),
    	SslClientRekeyCount:          pulumi.Int(0),
    	SslClientRenegotiation:       pulumi.String("string"),
    	SslClientSessionStateMax:     pulumi.Int(0),
    	SslClientSessionStateTimeout: pulumi.Int(0),
    	SslClientSessionStateType:    pulumi.String("string"),
    	SslDhBits:                    pulumi.String("string"),
    	SslHpkp:                      pulumi.String("string"),
    	SslHpkpAge:                   pulumi.Int(0),
    	SslHpkpBackup:                pulumi.String("string"),
    	SslHpkpIncludeSubdomains:     pulumi.String("string"),
    	SslHpkpPrimary:               pulumi.String("string"),
    	SslHpkpReportUri:             pulumi.String("string"),
    	SslHsts:                      pulumi.String("string"),
    	SslHstsAge:                   pulumi.Int(0),
    	SslHstsIncludeSubdomains:     pulumi.String("string"),
    	SslHttpLocationConversion:    pulumi.String("string"),
    	SslHttpMatchHost:             pulumi.String("string"),
    	SslMaxVersion:                pulumi.String("string"),
    	SslMinVersion:                pulumi.String("string"),
    	SslMode:                      pulumi.String("string"),
    	SslPfs:                       pulumi.String("string"),
    	SslSendEmptyFrags:            pulumi.String("string"),
    	SslServerAlgorithm:           pulumi.String("string"),
    	SslServerCipherSuites: firewall.VipSslServerCipherSuiteArray{
    		&firewall.VipSslServerCipherSuiteArgs{
    			Cipher:   pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Versions: pulumi.String("string"),
    		},
    	},
    	SslServerMaxVersion:          pulumi.String("string"),
    	SslServerMinVersion:          pulumi.String("string"),
    	SslServerRenegotiation:       pulumi.String("string"),
    	SslServerSessionStateMax:     pulumi.Int(0),
    	SslServerSessionStateTimeout: pulumi.Int(0),
    	SslServerSessionStateType:    pulumi.String("string"),
    	Status:                       pulumi.String("string"),
    	Type:                         pulumi.String("string"),
    	Uuid:                         pulumi.String("string"),
    	Vdomparam:                    pulumi.String("string"),
    	WeblogicServer:               pulumi.String("string"),
    	WebsphereServer:              pulumi.String("string"),
    })
    
    var vipResource = new Vip("vipResource", VipArgs.builder()
        .addNat46Route("string")
        .arpReply("string")
        .color(0)
        .comment("string")
        .dnsMappingTtl(0)
        .dynamicSortSubtable("string")
        .extaddrs(VipExtaddrArgs.builder()
            .name("string")
            .build())
        .extintf("string")
        .extip("string")
        .extport("string")
        .fosid(0)
        .getAllTables("string")
        .gratuitousArpInterval(0)
        .gslbDomainName("string")
        .gslbHostname("string")
        .gslbPublicIps(VipGslbPublicIpArgs.builder()
            .index(0)
            .ip("string")
            .build())
        .h2Support("string")
        .h3Support("string")
        .httpCookieAge(0)
        .httpCookieDomain("string")
        .httpCookieDomainFromHost("string")
        .httpCookieGeneration(0)
        .httpCookiePath("string")
        .httpCookieShare("string")
        .httpIpHeader("string")
        .httpIpHeaderName("string")
        .httpMultiplex("string")
        .httpMultiplexMaxConcurrentRequest(0)
        .httpMultiplexMaxRequest(0)
        .httpMultiplexTtl(0)
        .httpRedirect("string")
        .httpSupportedMaxVersion("string")
        .httpsCookieSecure("string")
        .ipv6Mappedip("string")
        .ipv6Mappedport("string")
        .ldbMethod("string")
        .mappedAddr("string")
        .mappedips(VipMappedipArgs.builder()
            .range("string")
            .build())
        .mappedport("string")
        .maxEmbryonicConnections(0)
        .monitors(VipMonitorArgs.builder()
            .name("string")
            .build())
        .name("string")
        .nat44("string")
        .nat46("string")
        .natSourceVip("string")
        .oneClickGslbServer("string")
        .outlookWebAccess("string")
        .persistence("string")
        .portforward("string")
        .portmappingType("string")
        .protocol("string")
        .quic(VipQuicArgs.builder()
            .ackDelayExponent(0)
            .activeConnectionIdLimit(0)
            .activeMigration("string")
            .greaseQuicBit("string")
            .maxAckDelay(0)
            .maxDatagramFrameSize(0)
            .maxIdleTimeout(0)
            .maxUdpPayloadSize(0)
            .build())
        .realservers(VipRealserverArgs.builder()
            .address("string")
            .clientIp("string")
            .healthcheck("string")
            .holddownInterval(0)
            .httpHost("string")
            .id(0)
            .ip("string")
            .maxConnections(0)
            .monitor("string")
            .port(0)
            .status("string")
            .translateHost("string")
            .type("string")
            .weight(0)
            .build())
        .serverType("string")
        .services(VipServiceArgs.builder()
            .name("string")
            .build())
        .srcFilters(VipSrcFilterArgs.builder()
            .range("string")
            .build())
        .srcintfFilters(VipSrcintfFilterArgs.builder()
            .interfaceName("string")
            .build())
        .sslAcceptFfdheGroups("string")
        .sslAlgorithm("string")
        .sslCertificate("string")
        .sslCipherSuites(VipSslCipherSuiteArgs.builder()
            .cipher("string")
            .priority(0)
            .versions("string")
            .build())
        .sslClientFallback("string")
        .sslClientRekeyCount(0)
        .sslClientRenegotiation("string")
        .sslClientSessionStateMax(0)
        .sslClientSessionStateTimeout(0)
        .sslClientSessionStateType("string")
        .sslDhBits("string")
        .sslHpkp("string")
        .sslHpkpAge(0)
        .sslHpkpBackup("string")
        .sslHpkpIncludeSubdomains("string")
        .sslHpkpPrimary("string")
        .sslHpkpReportUri("string")
        .sslHsts("string")
        .sslHstsAge(0)
        .sslHstsIncludeSubdomains("string")
        .sslHttpLocationConversion("string")
        .sslHttpMatchHost("string")
        .sslMaxVersion("string")
        .sslMinVersion("string")
        .sslMode("string")
        .sslPfs("string")
        .sslSendEmptyFrags("string")
        .sslServerAlgorithm("string")
        .sslServerCipherSuites(VipSslServerCipherSuiteArgs.builder()
            .cipher("string")
            .priority(0)
            .versions("string")
            .build())
        .sslServerMaxVersion("string")
        .sslServerMinVersion("string")
        .sslServerRenegotiation("string")
        .sslServerSessionStateMax(0)
        .sslServerSessionStateTimeout(0)
        .sslServerSessionStateType("string")
        .status("string")
        .type("string")
        .uuid("string")
        .vdomparam("string")
        .weblogicServer("string")
        .websphereServer("string")
        .build());
    
    vip_resource = fortios.firewall.Vip("vipResource",
        add_nat46_route="string",
        arp_reply="string",
        color=0,
        comment="string",
        dns_mapping_ttl=0,
        dynamic_sort_subtable="string",
        extaddrs=[fortios.firewall.VipExtaddrArgs(
            name="string",
        )],
        extintf="string",
        extip="string",
        extport="string",
        fosid=0,
        get_all_tables="string",
        gratuitous_arp_interval=0,
        gslb_domain_name="string",
        gslb_hostname="string",
        gslb_public_ips=[fortios.firewall.VipGslbPublicIpArgs(
            index=0,
            ip="string",
        )],
        h2_support="string",
        h3_support="string",
        http_cookie_age=0,
        http_cookie_domain="string",
        http_cookie_domain_from_host="string",
        http_cookie_generation=0,
        http_cookie_path="string",
        http_cookie_share="string",
        http_ip_header="string",
        http_ip_header_name="string",
        http_multiplex="string",
        http_multiplex_max_concurrent_request=0,
        http_multiplex_max_request=0,
        http_multiplex_ttl=0,
        http_redirect="string",
        http_supported_max_version="string",
        https_cookie_secure="string",
        ipv6_mappedip="string",
        ipv6_mappedport="string",
        ldb_method="string",
        mapped_addr="string",
        mappedips=[fortios.firewall.VipMappedipArgs(
            range="string",
        )],
        mappedport="string",
        max_embryonic_connections=0,
        monitors=[fortios.firewall.VipMonitorArgs(
            name="string",
        )],
        name="string",
        nat44="string",
        nat46="string",
        nat_source_vip="string",
        one_click_gslb_server="string",
        outlook_web_access="string",
        persistence="string",
        portforward="string",
        portmapping_type="string",
        protocol="string",
        quic=fortios.firewall.VipQuicArgs(
            ack_delay_exponent=0,
            active_connection_id_limit=0,
            active_migration="string",
            grease_quic_bit="string",
            max_ack_delay=0,
            max_datagram_frame_size=0,
            max_idle_timeout=0,
            max_udp_payload_size=0,
        ),
        realservers=[fortios.firewall.VipRealserverArgs(
            address="string",
            client_ip="string",
            healthcheck="string",
            holddown_interval=0,
            http_host="string",
            id=0,
            ip="string",
            max_connections=0,
            monitor="string",
            port=0,
            status="string",
            translate_host="string",
            type="string",
            weight=0,
        )],
        server_type="string",
        services=[fortios.firewall.VipServiceArgs(
            name="string",
        )],
        src_filters=[fortios.firewall.VipSrcFilterArgs(
            range="string",
        )],
        srcintf_filters=[fortios.firewall.VipSrcintfFilterArgs(
            interface_name="string",
        )],
        ssl_accept_ffdhe_groups="string",
        ssl_algorithm="string",
        ssl_certificate="string",
        ssl_cipher_suites=[fortios.firewall.VipSslCipherSuiteArgs(
            cipher="string",
            priority=0,
            versions="string",
        )],
        ssl_client_fallback="string",
        ssl_client_rekey_count=0,
        ssl_client_renegotiation="string",
        ssl_client_session_state_max=0,
        ssl_client_session_state_timeout=0,
        ssl_client_session_state_type="string",
        ssl_dh_bits="string",
        ssl_hpkp="string",
        ssl_hpkp_age=0,
        ssl_hpkp_backup="string",
        ssl_hpkp_include_subdomains="string",
        ssl_hpkp_primary="string",
        ssl_hpkp_report_uri="string",
        ssl_hsts="string",
        ssl_hsts_age=0,
        ssl_hsts_include_subdomains="string",
        ssl_http_location_conversion="string",
        ssl_http_match_host="string",
        ssl_max_version="string",
        ssl_min_version="string",
        ssl_mode="string",
        ssl_pfs="string",
        ssl_send_empty_frags="string",
        ssl_server_algorithm="string",
        ssl_server_cipher_suites=[fortios.firewall.VipSslServerCipherSuiteArgs(
            cipher="string",
            priority=0,
            versions="string",
        )],
        ssl_server_max_version="string",
        ssl_server_min_version="string",
        ssl_server_renegotiation="string",
        ssl_server_session_state_max=0,
        ssl_server_session_state_timeout=0,
        ssl_server_session_state_type="string",
        status="string",
        type="string",
        uuid="string",
        vdomparam="string",
        weblogic_server="string",
        websphere_server="string")
    
    const vipResource = new fortios.firewall.Vip("vipResource", {
        addNat46Route: "string",
        arpReply: "string",
        color: 0,
        comment: "string",
        dnsMappingTtl: 0,
        dynamicSortSubtable: "string",
        extaddrs: [{
            name: "string",
        }],
        extintf: "string",
        extip: "string",
        extport: "string",
        fosid: 0,
        getAllTables: "string",
        gratuitousArpInterval: 0,
        gslbDomainName: "string",
        gslbHostname: "string",
        gslbPublicIps: [{
            index: 0,
            ip: "string",
        }],
        h2Support: "string",
        h3Support: "string",
        httpCookieAge: 0,
        httpCookieDomain: "string",
        httpCookieDomainFromHost: "string",
        httpCookieGeneration: 0,
        httpCookiePath: "string",
        httpCookieShare: "string",
        httpIpHeader: "string",
        httpIpHeaderName: "string",
        httpMultiplex: "string",
        httpMultiplexMaxConcurrentRequest: 0,
        httpMultiplexMaxRequest: 0,
        httpMultiplexTtl: 0,
        httpRedirect: "string",
        httpSupportedMaxVersion: "string",
        httpsCookieSecure: "string",
        ipv6Mappedip: "string",
        ipv6Mappedport: "string",
        ldbMethod: "string",
        mappedAddr: "string",
        mappedips: [{
            range: "string",
        }],
        mappedport: "string",
        maxEmbryonicConnections: 0,
        monitors: [{
            name: "string",
        }],
        name: "string",
        nat44: "string",
        nat46: "string",
        natSourceVip: "string",
        oneClickGslbServer: "string",
        outlookWebAccess: "string",
        persistence: "string",
        portforward: "string",
        portmappingType: "string",
        protocol: "string",
        quic: {
            ackDelayExponent: 0,
            activeConnectionIdLimit: 0,
            activeMigration: "string",
            greaseQuicBit: "string",
            maxAckDelay: 0,
            maxDatagramFrameSize: 0,
            maxIdleTimeout: 0,
            maxUdpPayloadSize: 0,
        },
        realservers: [{
            address: "string",
            clientIp: "string",
            healthcheck: "string",
            holddownInterval: 0,
            httpHost: "string",
            id: 0,
            ip: "string",
            maxConnections: 0,
            monitor: "string",
            port: 0,
            status: "string",
            translateHost: "string",
            type: "string",
            weight: 0,
        }],
        serverType: "string",
        services: [{
            name: "string",
        }],
        srcFilters: [{
            range: "string",
        }],
        srcintfFilters: [{
            interfaceName: "string",
        }],
        sslAcceptFfdheGroups: "string",
        sslAlgorithm: "string",
        sslCertificate: "string",
        sslCipherSuites: [{
            cipher: "string",
            priority: 0,
            versions: "string",
        }],
        sslClientFallback: "string",
        sslClientRekeyCount: 0,
        sslClientRenegotiation: "string",
        sslClientSessionStateMax: 0,
        sslClientSessionStateTimeout: 0,
        sslClientSessionStateType: "string",
        sslDhBits: "string",
        sslHpkp: "string",
        sslHpkpAge: 0,
        sslHpkpBackup: "string",
        sslHpkpIncludeSubdomains: "string",
        sslHpkpPrimary: "string",
        sslHpkpReportUri: "string",
        sslHsts: "string",
        sslHstsAge: 0,
        sslHstsIncludeSubdomains: "string",
        sslHttpLocationConversion: "string",
        sslHttpMatchHost: "string",
        sslMaxVersion: "string",
        sslMinVersion: "string",
        sslMode: "string",
        sslPfs: "string",
        sslSendEmptyFrags: "string",
        sslServerAlgorithm: "string",
        sslServerCipherSuites: [{
            cipher: "string",
            priority: 0,
            versions: "string",
        }],
        sslServerMaxVersion: "string",
        sslServerMinVersion: "string",
        sslServerRenegotiation: "string",
        sslServerSessionStateMax: 0,
        sslServerSessionStateTimeout: 0,
        sslServerSessionStateType: "string",
        status: "string",
        type: "string",
        uuid: "string",
        vdomparam: "string",
        weblogicServer: "string",
        websphereServer: "string",
    });
    
    type: fortios:firewall:Vip
    properties:
        addNat46Route: string
        arpReply: string
        color: 0
        comment: string
        dnsMappingTtl: 0
        dynamicSortSubtable: string
        extaddrs:
            - name: string
        extintf: string
        extip: string
        extport: string
        fosid: 0
        getAllTables: string
        gratuitousArpInterval: 0
        gslbDomainName: string
        gslbHostname: string
        gslbPublicIps:
            - index: 0
              ip: string
        h2Support: string
        h3Support: string
        httpCookieAge: 0
        httpCookieDomain: string
        httpCookieDomainFromHost: string
        httpCookieGeneration: 0
        httpCookiePath: string
        httpCookieShare: string
        httpIpHeader: string
        httpIpHeaderName: string
        httpMultiplex: string
        httpMultiplexMaxConcurrentRequest: 0
        httpMultiplexMaxRequest: 0
        httpMultiplexTtl: 0
        httpRedirect: string
        httpSupportedMaxVersion: string
        httpsCookieSecure: string
        ipv6Mappedip: string
        ipv6Mappedport: string
        ldbMethod: string
        mappedAddr: string
        mappedips:
            - range: string
        mappedport: string
        maxEmbryonicConnections: 0
        monitors:
            - name: string
        name: string
        nat44: string
        nat46: string
        natSourceVip: string
        oneClickGslbServer: string
        outlookWebAccess: string
        persistence: string
        portforward: string
        portmappingType: string
        protocol: string
        quic:
            ackDelayExponent: 0
            activeConnectionIdLimit: 0
            activeMigration: string
            greaseQuicBit: string
            maxAckDelay: 0
            maxDatagramFrameSize: 0
            maxIdleTimeout: 0
            maxUdpPayloadSize: 0
        realservers:
            - address: string
              clientIp: string
              healthcheck: string
              holddownInterval: 0
              httpHost: string
              id: 0
              ip: string
              maxConnections: 0
              monitor: string
              port: 0
              status: string
              translateHost: string
              type: string
              weight: 0
        serverType: string
        services:
            - name: string
        srcFilters:
            - range: string
        srcintfFilters:
            - interfaceName: string
        sslAcceptFfdheGroups: string
        sslAlgorithm: string
        sslCertificate: string
        sslCipherSuites:
            - cipher: string
              priority: 0
              versions: string
        sslClientFallback: string
        sslClientRekeyCount: 0
        sslClientRenegotiation: string
        sslClientSessionStateMax: 0
        sslClientSessionStateTimeout: 0
        sslClientSessionStateType: string
        sslDhBits: string
        sslHpkp: string
        sslHpkpAge: 0
        sslHpkpBackup: string
        sslHpkpIncludeSubdomains: string
        sslHpkpPrimary: string
        sslHpkpReportUri: string
        sslHsts: string
        sslHstsAge: 0
        sslHstsIncludeSubdomains: string
        sslHttpLocationConversion: string
        sslHttpMatchHost: string
        sslMaxVersion: string
        sslMinVersion: string
        sslMode: string
        sslPfs: string
        sslSendEmptyFrags: string
        sslServerAlgorithm: string
        sslServerCipherSuites:
            - cipher: string
              priority: 0
              versions: string
        sslServerMaxVersion: string
        sslServerMinVersion: string
        sslServerRenegotiation: string
        sslServerSessionStateMax: 0
        sslServerSessionStateTimeout: 0
        sslServerSessionStateType: string
        status: string
        type: string
        uuid: string
        vdomparam: string
        weblogicServer: string
        websphereServer: string
    

    Vip Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Vip resource accepts the following input properties:

    AddNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DnsMappingTtl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Extaddrs List<Pulumiverse.Fortios.Firewall.Inputs.VipExtaddr>
    External FQDN address name. The structure of extaddr block is documented below.
    Extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GratuitousArpInterval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    GslbDomainName string
    Domain to use when integrating with FortiGSLB.
    GslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    GslbPublicIps List<Pulumiverse.Fortios.Firewall.Inputs.VipGslbPublicIp>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpMultiplexMaxConcurrentRequest int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    HttpMultiplexMaxRequest int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    HttpMultiplexTtl int
    Time-to-live for idle connections to servers.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    Ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    MappedAddr string
    Mapped FQDN address name.
    Mappedips List<Pulumiverse.Fortios.Firewall.Inputs.VipMappedip>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors List<Pulumiverse.Fortios.Firewall.Inputs.VipMonitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual IP name.
    Nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    Nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    NatSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    OneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    PortmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    Quic Pulumiverse.Fortios.Firewall.Inputs.VipQuic
    QUIC setting. The structure of quic block is documented below.
    Realservers List<Pulumiverse.Fortios.Firewall.Inputs.VipRealserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.VipService>
    Service name. The structure of service block is documented below.
    SrcFilters List<Pulumiverse.Fortios.Firewall.Inputs.VipSrcFilter>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcintfFilters List<Pulumiverse.Fortios.Firewall.Inputs.VipSrcintfFilter>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.VipSslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of seconds the client should honour the HPKP setting.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.VipSslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Status string
    Enable/disable VIP. Valid values: disable, enable.
    Type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    AddNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DnsMappingTtl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Extaddrs []VipExtaddrArgs
    External FQDN address name. The structure of extaddr block is documented below.
    Extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GratuitousArpInterval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    GslbDomainName string
    Domain to use when integrating with FortiGSLB.
    GslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    GslbPublicIps []VipGslbPublicIpArgs
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpMultiplexMaxConcurrentRequest int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    HttpMultiplexMaxRequest int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    HttpMultiplexTtl int
    Time-to-live for idle connections to servers.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    Ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    MappedAddr string
    Mapped FQDN address name.
    Mappedips []VipMappedipArgs
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors []VipMonitorArgs
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual IP name.
    Nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    Nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    NatSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    OneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    PortmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    Quic VipQuicArgs
    QUIC setting. The structure of quic block is documented below.
    Realservers []VipRealserverArgs
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    Services []VipServiceArgs
    Service name. The structure of service block is documented below.
    SrcFilters []VipSrcFilterArgs
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcintfFilters []VipSrcintfFilterArgs
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites []VipSslCipherSuiteArgs
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of seconds the client should honour the HPKP setting.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites []VipSslServerCipherSuiteArgs
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Status string
    Enable/disable VIP. Valid values: disable, enable.
    Type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route String
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Integer
    Color of icon on the GUI.
    comment String
    Comment.
    dnsMappingTtl Integer
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs List<VipExtaddr>
    External FQDN address name. The structure of extaddr block is documented below.
    extintf String
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Integer
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval Integer
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName String
    Domain to use when integrating with FortiGSLB.
    gslbHostname String
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps List<VipGslbPublicIp>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Integer
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Integer
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest Integer
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest Integer
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl Integer
    Time-to-live for idle connections to servers.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion String
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip String
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport String
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr String
    Mapped FQDN address name.
    mappedips List<VipMappedip>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Integer
    Maximum number of incomplete connections.
    monitors List<VipMonitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual IP name.
    nat44 String
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 String
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip String
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer String
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType String
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuic
    QUIC setting. The structure of quic block is documented below.
    realservers List<VipRealserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services List<VipService>
    Service name. The structure of service block is documented below.
    srcFilters List<VipSrcFilter>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters List<VipSrcintfFilter>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<VipSslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Integer
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Integer
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Integer
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Integer
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Integer
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<VipSslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Integer
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Integer
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status String
    Enable/disable VIP. Valid values: disable, enable.
    type String
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color number
    Color of icon on the GUI.
    comment string
    Comment.
    dnsMappingTtl number
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs VipExtaddr[]
    External FQDN address name. The structure of extaddr block is documented below.
    extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid number
    Custom defined ID.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval number
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName string
    Domain to use when integrating with FortiGSLB.
    gslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps VipGslbPublicIp[]
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest number
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest number
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl number
    Time-to-live for idle connections to servers.
    httpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr string
    Mapped FQDN address name.
    mappedips VipMappedip[]
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections number
    Maximum number of incomplete connections.
    monitors VipMonitor[]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name string
    Virtual IP name.
    nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuic
    QUIC setting. The structure of quic block is documented below.
    realservers VipRealserver[]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services VipService[]
    Service name. The structure of service block is documented below.
    srcFilters VipSrcFilter[]
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters VipSrcintfFilter[]
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites VipSslCipherSuite[]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge number
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri string
    URL to report HPKP violations to.
    sslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    sslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites VipSslServerCipherSuite[]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status string
    Enable/disable VIP. Valid values: disable, enable.
    type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    add_nat46_route str
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arp_reply str
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color int
    Color of icon on the GUI.
    comment str
    Comment.
    dns_mapping_ttl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs Sequence[VipExtaddrArgs]
    External FQDN address name. The structure of extaddr block is documented below.
    extintf str
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip str
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport str
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid int
    Custom defined ID.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitous_arp_interval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslb_domain_name str
    Domain to use when integrating with FortiGSLB.
    gslb_hostname str
    Hostname to use within the configured FortiGSLB domain.
    gslb_public_ips Sequence[VipGslbPublicIpArgs]
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2_support str
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3_support str
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    http_cookie_age int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    http_cookie_domain str
    Domain that HTTP cookie persistence should apply to.
    http_cookie_domain_from_host str
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    http_cookie_generation int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    http_cookie_path str
    Limit HTTP cookie persistence to the specified path.
    http_cookie_share str
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    http_ip_header str
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    http_ip_header_name str
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    http_multiplex str
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    http_multiplex_max_concurrent_request int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    http_multiplex_max_request int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    http_multiplex_ttl int
    Time-to-live for idle connections to servers.
    http_redirect str
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    http_supported_max_version str
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    https_cookie_secure str
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6_mappedip str
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6_mappedport str
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldb_method str
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mapped_addr str
    Mapped FQDN address name.
    mappedips Sequence[VipMappedipArgs]
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport str
    Port number range on the destination network to which the external port number range is mapped.
    max_embryonic_connections int
    Maximum number of incomplete connections.
    monitors Sequence[VipMonitorArgs]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name str
    Virtual IP name.
    nat44 str
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 str
    Enable/disable NAT46. Valid values: disable, enable.
    nat_source_vip str
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    one_click_gslb_server str
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlook_web_access str
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence str
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward str
    Enable/disable port forwarding. Valid values: disable, enable.
    portmapping_type str
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol str
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuicArgs
    QUIC setting. The structure of quic block is documented below.
    realservers Sequence[VipRealserverArgs]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    server_type str
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services Sequence[VipServiceArgs]
    Service name. The structure of service block is documented below.
    src_filters Sequence[VipSrcFilterArgs]
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintf_filters Sequence[VipSrcintfFilterArgs]
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    ssl_accept_ffdhe_groups str
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    ssl_algorithm str
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    ssl_certificate str
    The name of the SSL certificate to use for SSL acceleration.
    ssl_cipher_suites Sequence[VipSslCipherSuiteArgs]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    ssl_client_fallback str
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    ssl_client_rekey_count int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    ssl_client_renegotiation str
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    ssl_client_session_state_max int
    Maximum number of client to FortiGate SSL session states to keep.
    ssl_client_session_state_timeout int
    Number of minutes to keep client to FortiGate SSL session state.
    ssl_client_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    ssl_dh_bits str
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    ssl_hpkp str
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    ssl_hpkp_age int
    Number of seconds the client should honour the HPKP setting.
    ssl_hpkp_backup str
    Certificate to generate backup HPKP pin from.
    ssl_hpkp_include_subdomains str
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    ssl_hpkp_primary str
    Certificate to generate primary HPKP pin from.
    ssl_hpkp_report_uri str
    URL to report HPKP violations to.
    ssl_hsts str
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    ssl_hsts_age int
    Number of seconds the client should honour the HSTS setting.
    ssl_hsts_include_subdomains str
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    ssl_http_location_conversion str
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    ssl_http_match_host str
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    ssl_max_version str
    Highest SSL/TLS version acceptable from a client.
    ssl_min_version str
    Lowest SSL/TLS version acceptable from a client.
    ssl_mode str
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    ssl_pfs str
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    ssl_server_algorithm str
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    ssl_server_cipher_suites Sequence[VipSslServerCipherSuiteArgs]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    ssl_server_max_version str
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_min_version str
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_renegotiation str
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    ssl_server_session_state_max int
    Maximum number of FortiGate to Server SSL session states to keep.
    ssl_server_session_state_timeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    ssl_server_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status str
    Enable/disable VIP. Valid values: disable, enable.
    type str
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogic_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphere_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route String
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Number
    Color of icon on the GUI.
    comment String
    Comment.
    dnsMappingTtl Number
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs List<Property Map>
    External FQDN address name. The structure of extaddr block is documented below.
    extintf String
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Number
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval Number
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName String
    Domain to use when integrating with FortiGSLB.
    gslbHostname String
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps List<Property Map>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest Number
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest Number
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl Number
    Time-to-live for idle connections to servers.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion String
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip String
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport String
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr String
    Mapped FQDN address name.
    mappedips List<Property Map>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Number
    Maximum number of incomplete connections.
    monitors List<Property Map>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual IP name.
    nat44 String
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 String
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip String
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer String
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType String
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic Property Map
    QUIC setting. The structure of quic block is documented below.
    realservers List<Property Map>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services List<Property Map>
    Service name. The structure of service block is documented below.
    srcFilters List<Property Map>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters List<Property Map>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Property Map>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Number
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Property Map>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status String
    Enable/disable VIP. Valid values: disable, enable.
    type String
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Vip resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Vip Resource

    Get an existing Vip resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VipState, opts?: CustomResourceOptions): Vip
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            add_nat46_route: Optional[str] = None,
            arp_reply: Optional[str] = None,
            color: Optional[int] = None,
            comment: Optional[str] = None,
            dns_mapping_ttl: Optional[int] = None,
            dynamic_sort_subtable: Optional[str] = None,
            extaddrs: Optional[Sequence[VipExtaddrArgs]] = None,
            extintf: Optional[str] = None,
            extip: Optional[str] = None,
            extport: Optional[str] = None,
            fosid: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            gratuitous_arp_interval: Optional[int] = None,
            gslb_domain_name: Optional[str] = None,
            gslb_hostname: Optional[str] = None,
            gslb_public_ips: Optional[Sequence[VipGslbPublicIpArgs]] = None,
            h2_support: Optional[str] = None,
            h3_support: Optional[str] = None,
            http_cookie_age: Optional[int] = None,
            http_cookie_domain: Optional[str] = None,
            http_cookie_domain_from_host: Optional[str] = None,
            http_cookie_generation: Optional[int] = None,
            http_cookie_path: Optional[str] = None,
            http_cookie_share: Optional[str] = None,
            http_ip_header: Optional[str] = None,
            http_ip_header_name: Optional[str] = None,
            http_multiplex: Optional[str] = None,
            http_multiplex_max_concurrent_request: Optional[int] = None,
            http_multiplex_max_request: Optional[int] = None,
            http_multiplex_ttl: Optional[int] = None,
            http_redirect: Optional[str] = None,
            http_supported_max_version: Optional[str] = None,
            https_cookie_secure: Optional[str] = None,
            ipv6_mappedip: Optional[str] = None,
            ipv6_mappedport: Optional[str] = None,
            ldb_method: Optional[str] = None,
            mapped_addr: Optional[str] = None,
            mappedips: Optional[Sequence[VipMappedipArgs]] = None,
            mappedport: Optional[str] = None,
            max_embryonic_connections: Optional[int] = None,
            monitors: Optional[Sequence[VipMonitorArgs]] = None,
            name: Optional[str] = None,
            nat44: Optional[str] = None,
            nat46: Optional[str] = None,
            nat_source_vip: Optional[str] = None,
            one_click_gslb_server: Optional[str] = None,
            outlook_web_access: Optional[str] = None,
            persistence: Optional[str] = None,
            portforward: Optional[str] = None,
            portmapping_type: Optional[str] = None,
            protocol: Optional[str] = None,
            quic: Optional[VipQuicArgs] = None,
            realservers: Optional[Sequence[VipRealserverArgs]] = None,
            server_type: Optional[str] = None,
            services: Optional[Sequence[VipServiceArgs]] = None,
            src_filters: Optional[Sequence[VipSrcFilterArgs]] = None,
            srcintf_filters: Optional[Sequence[VipSrcintfFilterArgs]] = None,
            ssl_accept_ffdhe_groups: Optional[str] = None,
            ssl_algorithm: Optional[str] = None,
            ssl_certificate: Optional[str] = None,
            ssl_cipher_suites: Optional[Sequence[VipSslCipherSuiteArgs]] = None,
            ssl_client_fallback: Optional[str] = None,
            ssl_client_rekey_count: Optional[int] = None,
            ssl_client_renegotiation: Optional[str] = None,
            ssl_client_session_state_max: Optional[int] = None,
            ssl_client_session_state_timeout: Optional[int] = None,
            ssl_client_session_state_type: Optional[str] = None,
            ssl_dh_bits: Optional[str] = None,
            ssl_hpkp: Optional[str] = None,
            ssl_hpkp_age: Optional[int] = None,
            ssl_hpkp_backup: Optional[str] = None,
            ssl_hpkp_include_subdomains: Optional[str] = None,
            ssl_hpkp_primary: Optional[str] = None,
            ssl_hpkp_report_uri: Optional[str] = None,
            ssl_hsts: Optional[str] = None,
            ssl_hsts_age: Optional[int] = None,
            ssl_hsts_include_subdomains: Optional[str] = None,
            ssl_http_location_conversion: Optional[str] = None,
            ssl_http_match_host: Optional[str] = None,
            ssl_max_version: Optional[str] = None,
            ssl_min_version: Optional[str] = None,
            ssl_mode: Optional[str] = None,
            ssl_pfs: Optional[str] = None,
            ssl_send_empty_frags: Optional[str] = None,
            ssl_server_algorithm: Optional[str] = None,
            ssl_server_cipher_suites: Optional[Sequence[VipSslServerCipherSuiteArgs]] = None,
            ssl_server_max_version: Optional[str] = None,
            ssl_server_min_version: Optional[str] = None,
            ssl_server_renegotiation: Optional[str] = None,
            ssl_server_session_state_max: Optional[int] = None,
            ssl_server_session_state_timeout: Optional[int] = None,
            ssl_server_session_state_type: Optional[str] = None,
            status: Optional[str] = None,
            type: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            weblogic_server: Optional[str] = None,
            websphere_server: Optional[str] = None) -> Vip
    func GetVip(ctx *Context, name string, id IDInput, state *VipState, opts ...ResourceOption) (*Vip, error)
    public static Vip Get(string name, Input<string> id, VipState? state, CustomResourceOptions? opts = null)
    public static Vip get(String name, Output<String> id, VipState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DnsMappingTtl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Extaddrs List<Pulumiverse.Fortios.Firewall.Inputs.VipExtaddr>
    External FQDN address name. The structure of extaddr block is documented below.
    Extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GratuitousArpInterval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    GslbDomainName string
    Domain to use when integrating with FortiGSLB.
    GslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    GslbPublicIps List<Pulumiverse.Fortios.Firewall.Inputs.VipGslbPublicIp>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpMultiplexMaxConcurrentRequest int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    HttpMultiplexMaxRequest int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    HttpMultiplexTtl int
    Time-to-live for idle connections to servers.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    Ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    MappedAddr string
    Mapped FQDN address name.
    Mappedips List<Pulumiverse.Fortios.Firewall.Inputs.VipMappedip>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors List<Pulumiverse.Fortios.Firewall.Inputs.VipMonitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual IP name.
    Nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    Nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    NatSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    OneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    PortmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    Quic Pulumiverse.Fortios.Firewall.Inputs.VipQuic
    QUIC setting. The structure of quic block is documented below.
    Realservers List<Pulumiverse.Fortios.Firewall.Inputs.VipRealserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    Services List<Pulumiverse.Fortios.Firewall.Inputs.VipService>
    Service name. The structure of service block is documented below.
    SrcFilters List<Pulumiverse.Fortios.Firewall.Inputs.VipSrcFilter>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcintfFilters List<Pulumiverse.Fortios.Firewall.Inputs.VipSrcintfFilter>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.VipSslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of seconds the client should honour the HPKP setting.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.VipSslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Status string
    Enable/disable VIP. Valid values: disable, enable.
    Type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    AddNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DnsMappingTtl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Extaddrs []VipExtaddrArgs
    External FQDN address name. The structure of extaddr block is documented below.
    Extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GratuitousArpInterval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    GslbDomainName string
    Domain to use when integrating with FortiGSLB.
    GslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    GslbPublicIps []VipGslbPublicIpArgs
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpMultiplexMaxConcurrentRequest int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    HttpMultiplexMaxRequest int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    HttpMultiplexTtl int
    Time-to-live for idle connections to servers.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    Ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    MappedAddr string
    Mapped FQDN address name.
    Mappedips []VipMappedipArgs
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors []VipMonitorArgs
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual IP name.
    Nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    Nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    NatSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    OneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    PortmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    Quic VipQuicArgs
    QUIC setting. The structure of quic block is documented below.
    Realservers []VipRealserverArgs
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    Services []VipServiceArgs
    Service name. The structure of service block is documented below.
    SrcFilters []VipSrcFilterArgs
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcintfFilters []VipSrcintfFilterArgs
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites []VipSslCipherSuiteArgs
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of seconds the client should honour the HPKP setting.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites []VipSslServerCipherSuiteArgs
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Status string
    Enable/disable VIP. Valid values: disable, enable.
    Type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route String
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Integer
    Color of icon on the GUI.
    comment String
    Comment.
    dnsMappingTtl Integer
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs List<VipExtaddr>
    External FQDN address name. The structure of extaddr block is documented below.
    extintf String
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Integer
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval Integer
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName String
    Domain to use when integrating with FortiGSLB.
    gslbHostname String
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps List<VipGslbPublicIp>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Integer
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Integer
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest Integer
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest Integer
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl Integer
    Time-to-live for idle connections to servers.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion String
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip String
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport String
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr String
    Mapped FQDN address name.
    mappedips List<VipMappedip>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Integer
    Maximum number of incomplete connections.
    monitors List<VipMonitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual IP name.
    nat44 String
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 String
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip String
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer String
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType String
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuic
    QUIC setting. The structure of quic block is documented below.
    realservers List<VipRealserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services List<VipService>
    Service name. The structure of service block is documented below.
    srcFilters List<VipSrcFilter>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters List<VipSrcintfFilter>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<VipSslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Integer
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Integer
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Integer
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Integer
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Integer
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<VipSslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Integer
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Integer
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status String
    Enable/disable VIP. Valid values: disable, enable.
    type String
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route string
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color number
    Color of icon on the GUI.
    comment string
    Comment.
    dnsMappingTtl number
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs VipExtaddr[]
    External FQDN address name. The structure of extaddr block is documented below.
    extintf string
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid number
    Custom defined ID.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval number
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName string
    Domain to use when integrating with FortiGSLB.
    gslbHostname string
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps VipGslbPublicIp[]
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest number
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest number
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl number
    Time-to-live for idle connections to servers.
    httpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion string
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip string
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport string
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr string
    Mapped FQDN address name.
    mappedips VipMappedip[]
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections number
    Maximum number of incomplete connections.
    monitors VipMonitor[]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name string
    Virtual IP name.
    nat44 string
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 string
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip string
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer string
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward string
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType string
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuic
    QUIC setting. The structure of quic block is documented below.
    realservers VipRealserver[]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services VipService[]
    Service name. The structure of service block is documented below.
    srcFilters VipSrcFilter[]
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters VipSrcintfFilter[]
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites VipSslCipherSuite[]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge number
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri string
    URL to report HPKP violations to.
    sslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    sslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites VipSslServerCipherSuite[]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status string
    Enable/disable VIP. Valid values: disable, enable.
    type string
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    add_nat46_route str
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arp_reply str
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color int
    Color of icon on the GUI.
    comment str
    Comment.
    dns_mapping_ttl int
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs Sequence[VipExtaddrArgs]
    External FQDN address name. The structure of extaddr block is documented below.
    extintf str
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip str
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport str
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid int
    Custom defined ID.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitous_arp_interval int
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslb_domain_name str
    Domain to use when integrating with FortiGSLB.
    gslb_hostname str
    Hostname to use within the configured FortiGSLB domain.
    gslb_public_ips Sequence[VipGslbPublicIpArgs]
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2_support str
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3_support str
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    http_cookie_age int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    http_cookie_domain str
    Domain that HTTP cookie persistence should apply to.
    http_cookie_domain_from_host str
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    http_cookie_generation int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    http_cookie_path str
    Limit HTTP cookie persistence to the specified path.
    http_cookie_share str
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    http_ip_header str
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    http_ip_header_name str
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    http_multiplex str
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    http_multiplex_max_concurrent_request int
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    http_multiplex_max_request int
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    http_multiplex_ttl int
    Time-to-live for idle connections to servers.
    http_redirect str
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    http_supported_max_version str
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    https_cookie_secure str
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6_mappedip str
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6_mappedport str
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldb_method str
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mapped_addr str
    Mapped FQDN address name.
    mappedips Sequence[VipMappedipArgs]
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport str
    Port number range on the destination network to which the external port number range is mapped.
    max_embryonic_connections int
    Maximum number of incomplete connections.
    monitors Sequence[VipMonitorArgs]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name str
    Virtual IP name.
    nat44 str
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 str
    Enable/disable NAT46. Valid values: disable, enable.
    nat_source_vip str
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    one_click_gslb_server str
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlook_web_access str
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence str
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward str
    Enable/disable port forwarding. Valid values: disable, enable.
    portmapping_type str
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol str
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic VipQuicArgs
    QUIC setting. The structure of quic block is documented below.
    realservers Sequence[VipRealserverArgs]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    server_type str
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services Sequence[VipServiceArgs]
    Service name. The structure of service block is documented below.
    src_filters Sequence[VipSrcFilterArgs]
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintf_filters Sequence[VipSrcintfFilterArgs]
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    ssl_accept_ffdhe_groups str
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    ssl_algorithm str
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    ssl_certificate str
    The name of the SSL certificate to use for SSL acceleration.
    ssl_cipher_suites Sequence[VipSslCipherSuiteArgs]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    ssl_client_fallback str
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    ssl_client_rekey_count int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    ssl_client_renegotiation str
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    ssl_client_session_state_max int
    Maximum number of client to FortiGate SSL session states to keep.
    ssl_client_session_state_timeout int
    Number of minutes to keep client to FortiGate SSL session state.
    ssl_client_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    ssl_dh_bits str
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    ssl_hpkp str
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    ssl_hpkp_age int
    Number of seconds the client should honour the HPKP setting.
    ssl_hpkp_backup str
    Certificate to generate backup HPKP pin from.
    ssl_hpkp_include_subdomains str
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    ssl_hpkp_primary str
    Certificate to generate primary HPKP pin from.
    ssl_hpkp_report_uri str
    URL to report HPKP violations to.
    ssl_hsts str
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    ssl_hsts_age int
    Number of seconds the client should honour the HSTS setting.
    ssl_hsts_include_subdomains str
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    ssl_http_location_conversion str
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    ssl_http_match_host str
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    ssl_max_version str
    Highest SSL/TLS version acceptable from a client.
    ssl_min_version str
    Lowest SSL/TLS version acceptable from a client.
    ssl_mode str
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    ssl_pfs str
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    ssl_server_algorithm str
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    ssl_server_cipher_suites Sequence[VipSslServerCipherSuiteArgs]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    ssl_server_max_version str
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_min_version str
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_renegotiation str
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    ssl_server_session_state_max int
    Maximum number of FortiGate to Server SSL session states to keep.
    ssl_server_session_state_timeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    ssl_server_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status str
    Enable/disable VIP. Valid values: disable, enable.
    type str
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogic_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphere_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat46Route String
    Enable/disable adding NAT46 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Number
    Color of icon on the GUI.
    comment String
    Comment.
    dnsMappingTtl Number
    DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    extaddrs List<Property Map>
    External FQDN address name. The structure of extaddr block is documented below.
    extintf String
    Interface connected to the source network that receives the packets that will be forwarded to the destination network.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Number
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gratuitousArpInterval Number
    Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
    gslbDomainName String
    Domain to use when integrating with FortiGSLB.
    gslbHostname String
    Hostname to use within the configured FortiGSLB domain.
    gslbPublicIps List<Property Map>
    Publicly accessible IP addresses for the FortiGSLB service. The structure of gslb_public_ips block is documented below.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpMultiplexMaxConcurrentRequest Number
    Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
    httpMultiplexMaxRequest Number
    Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
    httpMultiplexTtl Number
    Time-to-live for idle connections to servers.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpSupportedMaxVersion String
    Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv6Mappedip String
    Start-mapped-IPv6-address [-end mapped-IPv6-address].
    ipv6Mappedport String
    IPv6 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedAddr String
    Mapped FQDN address name.
    mappedips List<Property Map>
    IP address or address range on the destination network to which the external IP address is mapped. The structure of mappedip block is documented below.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Number
    Maximum number of incomplete connections.
    monitors List<Property Map>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual IP name.
    nat44 String
    Enable/disable NAT44. Valid values: disable, enable.
    nat46 String
    Enable/disable NAT46. Valid values: disable, enable.
    natSourceVip String
    Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
    oneClickGslbServer String
    Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable/disable port forwarding. Valid values: disable, enable.
    portmappingType String
    Port mapping type. Valid values: 1-to-1, m-to-n.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
    quic Property Map
    QUIC setting. The structure of quic block is documented below.
    realservers List<Property Map>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    services List<Property Map>
    Service name. The structure of service block is documented below.
    srcFilters List<Property Map>
    Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcintfFilters List<Property Map>
    Interfaces to which the VIP applies. Separate the names with spaces. The structure of srcintf_filter block is documented below.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Property Map>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Number
    Number of seconds the client should honour the HPKP setting.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Property Map>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    status String
    Enable/disable VIP. Valid values: disable, enable.
    type String
    Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

    Supporting Types

    VipExtaddr, VipExtaddrArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    VipGslbPublicIp, VipGslbPublicIpArgs

    Index int
    Index of this public IP setting.
    Ip string
    The publicly accessible IP address.
    Index int
    Index of this public IP setting.
    Ip string
    The publicly accessible IP address.
    index Integer
    Index of this public IP setting.
    ip String
    The publicly accessible IP address.
    index number
    Index of this public IP setting.
    ip string
    The publicly accessible IP address.
    index int
    Index of this public IP setting.
    ip str
    The publicly accessible IP address.
    index Number
    Index of this public IP setting.
    ip String
    The publicly accessible IP address.

    VipMappedip, VipMappedipArgs

    Range string
    Mapped IP range.
    Range string
    Mapped IP range.
    range String
    Mapped IP range.
    range string
    Mapped IP range.
    range str
    Mapped IP range.
    range String
    Mapped IP range.

    VipMonitor, VipMonitorArgs

    Name string
    Health monitor name.
    Name string
    Health monitor name.
    name String
    Health monitor name.
    name string
    Health monitor name.
    name str
    Health monitor name.
    name String
    Health monitor name.

    VipQuic, VipQuicArgs

    AckDelayExponent int
    ACK delay exponent (1 - 20, default = 3).
    ActiveConnectionIdLimit int
    Active connection ID limit (1 - 8, default = 2).
    ActiveMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    GreaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    MaxAckDelay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    MaxDatagramFrameSize int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    MaxIdleTimeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    MaxUdpPayloadSize int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    AckDelayExponent int
    ACK delay exponent (1 - 20, default = 3).
    ActiveConnectionIdLimit int
    Active connection ID limit (1 - 8, default = 2).
    ActiveMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    GreaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    MaxAckDelay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    MaxDatagramFrameSize int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    MaxIdleTimeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    MaxUdpPayloadSize int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent Integer
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit Integer
    Active connection ID limit (1 - 8, default = 2).
    activeMigration String
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit String
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay Integer
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize Integer
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout Integer
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize Integer
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent number
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit number
    Active connection ID limit (1 - 8, default = 2).
    activeMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay number
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize number
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout number
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize number
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ack_delay_exponent int
    ACK delay exponent (1 - 20, default = 3).
    active_connection_id_limit int
    Active connection ID limit (1 - 8, default = 2).
    active_migration str
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    grease_quic_bit str
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    max_ack_delay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    max_datagram_frame_size int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    max_idle_timeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    max_udp_payload_size int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent Number
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit Number
    Active connection ID limit (1 - 8, default = 2).
    activeMigration String
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit String
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay Number
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize Number
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout Number
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize Number
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).

    VipRealserver, VipRealserverArgs

    Address string
    Dynamic address of the real server.
    ClientIp string
    Only clients in this IP range can connect to this real server.
    Healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    HolddownInterval int
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    HttpHost string
    HTTP server domain name in HTTP header.
    Id int
    Real server ID.
    Ip string
    IP address of the real server.
    MaxConnections int
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    Monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    Port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    Status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    TranslateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    Type string
    Type of address. Valid values: ip, address.
    Weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    Address string
    Dynamic address of the real server.
    ClientIp string
    Only clients in this IP range can connect to this real server.
    Healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    HolddownInterval int
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    HttpHost string
    HTTP server domain name in HTTP header.
    Id int
    Real server ID.
    Ip string
    IP address of the real server.
    MaxConnections int
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    Monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    Port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    Status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    TranslateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    Type string
    Type of address. Valid values: ip, address.
    Weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    address String
    Dynamic address of the real server.
    clientIp String
    Only clients in this IP range can connect to this real server.
    healthcheck String
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval Integer
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    httpHost String
    HTTP server domain name in HTTP header.
    id Integer
    Real server ID.
    ip String
    IP address of the real server.
    maxConnections Integer
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    monitor String
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port Integer
    Port for communicating with the real server. Required if port forwarding is enabled.
    status String
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost String
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    type String
    Type of address. Valid values: ip, address.
    weight Integer
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    address string
    Dynamic address of the real server.
    clientIp string
    Only clients in this IP range can connect to this real server.
    healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval number
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    httpHost string
    HTTP server domain name in HTTP header.
    id number
    Real server ID.
    ip string
    IP address of the real server.
    maxConnections number
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port number
    Port for communicating with the real server. Required if port forwarding is enabled.
    status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    type string
    Type of address. Valid values: ip, address.
    weight number
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    address str
    Dynamic address of the real server.
    client_ip str
    Only clients in this IP range can connect to this real server.
    healthcheck str
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddown_interval int
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    http_host str
    HTTP server domain name in HTTP header.
    id int
    Real server ID.
    ip str
    IP address of the real server.
    max_connections int
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    monitor str
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    status str
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translate_host str
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    type str
    Type of address. Valid values: ip, address.
    weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    address String
    Dynamic address of the real server.
    clientIp String
    Only clients in this IP range can connect to this real server.
    healthcheck String
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval Number
    Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
    httpHost String
    HTTP server domain name in HTTP header.
    id Number
    Real server ID.
    ip String
    IP address of the real server.
    maxConnections Number
    Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
    monitor String
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port Number
    Port for communicating with the real server. Required if port forwarding is enabled.
    status String
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost String
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    type String
    Type of address. Valid values: ip, address.
    weight Number
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.

    VipService, VipServiceArgs

    Name string
    Service name.
    Name string
    Service name.
    name String
    Service name.
    name string
    Service name.
    name str
    Service name.
    name String
    Service name.

    VipSrcFilter, VipSrcFilterArgs

    Range string
    Source-filter range.
    Range string
    Source-filter range.
    range String
    Source-filter range.
    range string
    Source-filter range.
    range str
    Source-filter range.
    range String
    Source-filter range.

    VipSrcintfFilter, VipSrcintfFilterArgs

    InterfaceName string
    Interface name.
    InterfaceName string
    Interface name.
    interfaceName String
    Interface name.
    interfaceName string
    Interface name.
    interface_name str
    Interface name.
    interfaceName String
    Interface name.

    VipSslCipherSuite, VipSslCipherSuiteArgs

    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Integer
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.
    cipher string
    Cipher suite name.
    priority number
    SSL/TLS cipher suites priority.
    versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher str
    Cipher suite name.
    priority int
    SSL/TLS cipher suites priority.
    versions str
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Number
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.

    VipSslServerCipherSuite, VipSslServerCipherSuiteArgs

    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Integer
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.
    cipher string
    Cipher suite name.
    priority number
    SSL/TLS cipher suites priority.
    versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher str
    Cipher suite name.
    priority int
    SSL/TLS cipher suites priority.
    versions str
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Number
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.

    Import

    Firewall Vip can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/vip:Vip labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/vip:Vip labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse