Docs
PackagesFortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse
fortios.firewall.Vip6
Explore with Pulumi AI
Configure virtual IP for IPv6.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Vip6("trname", {
arpReply: "enable",
color: 0,
extip: "2001:1:1:12::100",
extport: "0-65535",
fosid: 0,
httpCookieAge: 60,
httpCookieDomainFromHost: "disable",
httpCookieGeneration: 0,
httpCookieShare: "same-ip",
httpIpHeader: "disable",
httpMultiplex: "disable",
httpsCookieSecure: "disable",
ldbMethod: "static",
mappedip: "2001:1:1:12::200",
mappedport: "0-65535",
maxEmbryonicConnections: 1000,
outlookWebAccess: "disable",
persistence: "none",
portforward: "disable",
protocol: "tcp",
sslAlgorithm: "high",
sslClientFallback: "enable",
sslClientRenegotiation: "secure",
sslClientSessionStateMax: 1000,
sslClientSessionStateTimeout: 30,
sslClientSessionStateType: "both",
sslDhBits: "2048",
sslHpkp: "disable",
sslHpkpAge: 5184000,
sslHpkpIncludeSubdomains: "disable",
sslHsts: "disable",
sslHstsAge: 5184000,
sslHstsIncludeSubdomains: "disable",
sslHttpLocationConversion: "disable",
sslHttpMatchHost: "enable",
sslMaxVersion: "tls-1.2",
sslMinVersion: "tls-1.1",
sslMode: "half",
sslPfs: "require",
sslSendEmptyFrags: "enable",
sslServerAlgorithm: "client",
sslServerMaxVersion: "client",
sslServerMinVersion: "client",
sslServerSessionStateMax: 100,
sslServerSessionStateTimeout: 60,
sslServerSessionStateType: "both",
type: "static-nat",
weblogicServer: "disable",
websphereServer: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Vip6("trname",
arp_reply="enable",
color=0,
extip="2001:1:1:12::100",
extport="0-65535",
fosid=0,
http_cookie_age=60,
http_cookie_domain_from_host="disable",
http_cookie_generation=0,
http_cookie_share="same-ip",
http_ip_header="disable",
http_multiplex="disable",
https_cookie_secure="disable",
ldb_method="static",
mappedip="2001:1:1:12::200",
mappedport="0-65535",
max_embryonic_connections=1000,
outlook_web_access="disable",
persistence="none",
portforward="disable",
protocol="tcp",
ssl_algorithm="high",
ssl_client_fallback="enable",
ssl_client_renegotiation="secure",
ssl_client_session_state_max=1000,
ssl_client_session_state_timeout=30,
ssl_client_session_state_type="both",
ssl_dh_bits="2048",
ssl_hpkp="disable",
ssl_hpkp_age=5184000,
ssl_hpkp_include_subdomains="disable",
ssl_hsts="disable",
ssl_hsts_age=5184000,
ssl_hsts_include_subdomains="disable",
ssl_http_location_conversion="disable",
ssl_http_match_host="enable",
ssl_max_version="tls-1.2",
ssl_min_version="tls-1.1",
ssl_mode="half",
ssl_pfs="require",
ssl_send_empty_frags="enable",
ssl_server_algorithm="client",
ssl_server_max_version="client",
ssl_server_min_version="client",
ssl_server_session_state_max=100,
ssl_server_session_state_timeout=60,
ssl_server_session_state_type="both",
type="static-nat",
weblogic_server="disable",
websphere_server="disable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewVip6(ctx, "trname", &firewall.Vip6Args{
ArpReply: pulumi.String("enable"),
Color: pulumi.Int(0),
Extip: pulumi.String("2001:1:1:12::100"),
Extport: pulumi.String("0-65535"),
Fosid: pulumi.Int(0),
HttpCookieAge: pulumi.Int(60),
HttpCookieDomainFromHost: pulumi.String("disable"),
HttpCookieGeneration: pulumi.Int(0),
HttpCookieShare: pulumi.String("same-ip"),
HttpIpHeader: pulumi.String("disable"),
HttpMultiplex: pulumi.String("disable"),
HttpsCookieSecure: pulumi.String("disable"),
LdbMethod: pulumi.String("static"),
Mappedip: pulumi.String("2001:1:1:12::200"),
Mappedport: pulumi.String("0-65535"),
MaxEmbryonicConnections: pulumi.Int(1000),
OutlookWebAccess: pulumi.String("disable"),
Persistence: pulumi.String("none"),
Portforward: pulumi.String("disable"),
Protocol: pulumi.String("tcp"),
SslAlgorithm: pulumi.String("high"),
SslClientFallback: pulumi.String("enable"),
SslClientRenegotiation: pulumi.String("secure"),
SslClientSessionStateMax: pulumi.Int(1000),
SslClientSessionStateTimeout: pulumi.Int(30),
SslClientSessionStateType: pulumi.String("both"),
SslDhBits: pulumi.String("2048"),
SslHpkp: pulumi.String("disable"),
SslHpkpAge: pulumi.Int(5184000),
SslHpkpIncludeSubdomains: pulumi.String("disable"),
SslHsts: pulumi.String("disable"),
SslHstsAge: pulumi.Int(5184000),
SslHstsIncludeSubdomains: pulumi.String("disable"),
SslHttpLocationConversion: pulumi.String("disable"),
SslHttpMatchHost: pulumi.String("enable"),
SslMaxVersion: pulumi.String("tls-1.2"),
SslMinVersion: pulumi.String("tls-1.1"),
SslMode: pulumi.String("half"),
SslPfs: pulumi.String("require"),
SslSendEmptyFrags: pulumi.String("enable"),
SslServerAlgorithm: pulumi.String("client"),
SslServerMaxVersion: pulumi.String("client"),
SslServerMinVersion: pulumi.String("client"),
SslServerSessionStateMax: pulumi.Int(100),
SslServerSessionStateTimeout: pulumi.Int(60),
SslServerSessionStateType: pulumi.String("both"),
Type: pulumi.String("static-nat"),
WeblogicServer: pulumi.String("disable"),
WebsphereServer: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Firewall.Vip6("trname", new()
{
ArpReply = "enable",
Color = 0,
Extip = "2001:1:1:12::100",
Extport = "0-65535",
Fosid = 0,
HttpCookieAge = 60,
HttpCookieDomainFromHost = "disable",
HttpCookieGeneration = 0,
HttpCookieShare = "same-ip",
HttpIpHeader = "disable",
HttpMultiplex = "disable",
HttpsCookieSecure = "disable",
LdbMethod = "static",
Mappedip = "2001:1:1:12::200",
Mappedport = "0-65535",
MaxEmbryonicConnections = 1000,
OutlookWebAccess = "disable",
Persistence = "none",
Portforward = "disable",
Protocol = "tcp",
SslAlgorithm = "high",
SslClientFallback = "enable",
SslClientRenegotiation = "secure",
SslClientSessionStateMax = 1000,
SslClientSessionStateTimeout = 30,
SslClientSessionStateType = "both",
SslDhBits = "2048",
SslHpkp = "disable",
SslHpkpAge = 5184000,
SslHpkpIncludeSubdomains = "disable",
SslHsts = "disable",
SslHstsAge = 5184000,
SslHstsIncludeSubdomains = "disable",
SslHttpLocationConversion = "disable",
SslHttpMatchHost = "enable",
SslMaxVersion = "tls-1.2",
SslMinVersion = "tls-1.1",
SslMode = "half",
SslPfs = "require",
SslSendEmptyFrags = "enable",
SslServerAlgorithm = "client",
SslServerMaxVersion = "client",
SslServerMinVersion = "client",
SslServerSessionStateMax = 100,
SslServerSessionStateTimeout = 60,
SslServerSessionStateType = "both",
Type = "static-nat",
WeblogicServer = "disable",
WebsphereServer = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Vip6;
import com.pulumi.fortios.firewall.Vip6Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Vip6("trname", Vip6Args.builder()
.arpReply("enable")
.color(0)
.extip("2001:1:1:12::100")
.extport("0-65535")
.fosid(0)
.httpCookieAge(60)
.httpCookieDomainFromHost("disable")
.httpCookieGeneration(0)
.httpCookieShare("same-ip")
.httpIpHeader("disable")
.httpMultiplex("disable")
.httpsCookieSecure("disable")
.ldbMethod("static")
.mappedip("2001:1:1:12::200")
.mappedport("0-65535")
.maxEmbryonicConnections(1000)
.outlookWebAccess("disable")
.persistence("none")
.portforward("disable")
.protocol("tcp")
.sslAlgorithm("high")
.sslClientFallback("enable")
.sslClientRenegotiation("secure")
.sslClientSessionStateMax(1000)
.sslClientSessionStateTimeout(30)
.sslClientSessionStateType("both")
.sslDhBits("2048")
.sslHpkp("disable")
.sslHpkpAge(5184000)
.sslHpkpIncludeSubdomains("disable")
.sslHsts("disable")
.sslHstsAge(5184000)
.sslHstsIncludeSubdomains("disable")
.sslHttpLocationConversion("disable")
.sslHttpMatchHost("enable")
.sslMaxVersion("tls-1.2")
.sslMinVersion("tls-1.1")
.sslMode("half")
.sslPfs("require")
.sslSendEmptyFrags("enable")
.sslServerAlgorithm("client")
.sslServerMaxVersion("client")
.sslServerMinVersion("client")
.sslServerSessionStateMax(100)
.sslServerSessionStateTimeout(60)
.sslServerSessionStateType("both")
.type("static-nat")
.weblogicServer("disable")
.websphereServer("disable")
.build());
}
}
resources:
trname:
type: fortios:firewall:Vip6
properties:
arpReply: enable
color: 0
extip: 2001:1:1:12::100
extport: 0-65535
fosid: 0
httpCookieAge: 60
httpCookieDomainFromHost: disable
httpCookieGeneration: 0
httpCookieShare: same-ip
httpIpHeader: disable
httpMultiplex: disable
httpsCookieSecure: disable
ldbMethod: static
mappedip: 2001:1:1:12::200
mappedport: 0-65535
maxEmbryonicConnections: 1000
outlookWebAccess: disable
persistence: none
portforward: disable
protocol: tcp
sslAlgorithm: high
sslClientFallback: enable
sslClientRenegotiation: secure
sslClientSessionStateMax: 1000
sslClientSessionStateTimeout: 30
sslClientSessionStateType: both
sslDhBits: '2048'
sslHpkp: disable
sslHpkpAge: 5.184e+06
sslHpkpIncludeSubdomains: disable
sslHsts: disable
sslHstsAge: 5.184e+06
sslHstsIncludeSubdomains: disable
sslHttpLocationConversion: disable
sslHttpMatchHost: enable
sslMaxVersion: tls-1.2
sslMinVersion: tls-1.1
sslMode: half
sslPfs: require
sslSendEmptyFrags: enable
sslServerAlgorithm: client
sslServerMaxVersion: client
sslServerMinVersion: client
sslServerSessionStateMax: 100
sslServerSessionStateTimeout: 60
sslServerSessionStateType: both
type: static-nat
weblogicServer: disable
websphereServer: disable
Create Vip6 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vip6(name: string, args: Vip6Args, opts?: CustomResourceOptions);@overload
def Vip6(resource_name: str,
args: Vip6Args,
opts: Optional[ResourceOptions] = None)
@overload
def Vip6(resource_name: str,
opts: Optional[ResourceOptions] = None,
extip: Optional[str] = None,
mappedip: Optional[str] = None,
add_nat64_route: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[int] = None,
comment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[int] = None,
get_all_tables: Optional[str] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[int] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[int] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[int] = None,
monitors: Optional[Sequence[Vip6MonitorArgs]] = None,
name: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[Vip6QuicArgs] = None,
realservers: Optional[Sequence[Vip6RealserverArgs]] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[Vip6SrcFilterArgs]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[Vip6SslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[int] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[int] = None,
ssl_client_session_state_timeout: Optional[int] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[int] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[int] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[Vip6SslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[int] = None,
ssl_server_session_state_timeout: Optional[int] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None)func NewVip6(ctx *Context, name string, args Vip6Args, opts ...ResourceOption) (*Vip6, error)public Vip6(string name, Vip6Args args, CustomResourceOptions? opts = null)type: fortios:firewall:Vip6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args Vip6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args Vip6Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args Vip6Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args Vip6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args Vip6Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vip6Resource = new Fortios.Firewall.Vip6("vip6Resource", new()
{
Extip = "string",
Mappedip = "string",
AddNat64Route = "string",
ArpReply = "string",
Color = 0,
Comment = "string",
DynamicSortSubtable = "string",
EmbeddedIpv4Address = "string",
Extport = "string",
Fosid = 0,
GetAllTables = "string",
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpRedirect = "string",
HttpsCookieSecure = "string",
Ipv4Mappedip = "string",
Ipv4Mappedport = "string",
LdbMethod = "string",
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitors = new[]
{
new Fortios.Firewall.Inputs.Vip6MonitorArgs
{
Name = "string",
},
},
Name = "string",
Nat64 = "string",
Nat66 = "string",
NatSourceVip = "string",
NdpReply = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
Protocol = "string",
Quic = new Fortios.Firewall.Inputs.Vip6QuicArgs
{
AckDelayExponent = 0,
ActiveConnectionIdLimit = 0,
ActiveMigration = "string",
GreaseQuicBit = "string",
MaxAckDelay = 0,
MaxDatagramFrameSize = 0,
MaxIdleTimeout = 0,
MaxUdpPayloadSize = 0,
},
Realservers = new[]
{
new Fortios.Firewall.Inputs.Vip6RealserverArgs
{
ClientIp = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Status = "string",
TranslateHost = "string",
Weight = 0,
},
},
ServerType = "string",
SrcFilters = new[]
{
new Fortios.Firewall.Inputs.Vip6SrcFilterArgs
{
Range = "string",
},
},
SrcVipFilter = "string",
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortios.Firewall.Inputs.Vip6SslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = "string",
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerCipherSuites = new[]
{
new Fortios.Firewall.Inputs.Vip6SslServerCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = "string",
},
},
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Type = "string",
Uuid = "string",
Vdomparam = "string",
WeblogicServer = "string",
WebsphereServer = "string",
});
example, err := firewall.NewVip6(ctx, "vip6Resource", &firewall.Vip6Args{
Extip: pulumi.String("string"),
Mappedip: pulumi.String("string"),
AddNat64Route: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Int(0),
Comment: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EmbeddedIpv4Address: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Int(0),
GetAllTables: pulumi.String("string"),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Int(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Int(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpRedirect: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv4Mappedip: pulumi.String("string"),
Ipv4Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Int(0),
Monitors: firewall.Vip6MonitorArray{
&firewall.Vip6MonitorArgs{
Name: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Nat64: pulumi.String("string"),
Nat66: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
NdpReply: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
Protocol: pulumi.String("string"),
Quic: &firewall.Vip6QuicArgs{
AckDelayExponent: pulumi.Int(0),
ActiveConnectionIdLimit: pulumi.Int(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Int(0),
MaxDatagramFrameSize: pulumi.Int(0),
MaxIdleTimeout: pulumi.Int(0),
MaxUdpPayloadSize: pulumi.Int(0),
},
Realservers: firewall.Vip6RealserverArray{
&firewall.Vip6RealserverArgs{
ClientIp: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Int(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Int(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Int(0),
Monitor: pulumi.String("string"),
Port: pulumi.Int(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
ServerType: pulumi.String("string"),
SrcFilters: firewall.Vip6SrcFilterArray{
&firewall.Vip6SrcFilterArgs{
Range: pulumi.String("string"),
},
},
SrcVipFilter: pulumi.String("string"),
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: firewall.Vip6SslCipherSuiteArray{
&firewall.Vip6SslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Int(0),
Versions: pulumi.String("string"),
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Int(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Int(0),
SslClientSessionStateTimeout: pulumi.Int(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Int(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Int(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerCipherSuites: firewall.Vip6SslServerCipherSuiteArray{
&firewall.Vip6SslServerCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Int(0),
Versions: pulumi.String("string"),
},
},
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Int(0),
SslServerSessionStateTimeout: pulumi.Int(0),
SslServerSessionStateType: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
var vip6Resource = new Vip6("vip6Resource", Vip6Args.builder()
.extip("string")
.mappedip("string")
.addNat64Route("string")
.arpReply("string")
.color(0)
.comment("string")
.dynamicSortSubtable("string")
.embeddedIpv4Address("string")
.extport("string")
.fosid(0)
.getAllTables("string")
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpRedirect("string")
.httpsCookieSecure("string")
.ipv4Mappedip("string")
.ipv4Mappedport("string")
.ldbMethod("string")
.mappedport("string")
.maxEmbryonicConnections(0)
.monitors(Vip6MonitorArgs.builder()
.name("string")
.build())
.name("string")
.nat64("string")
.nat66("string")
.natSourceVip("string")
.ndpReply("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.protocol("string")
.quic(Vip6QuicArgs.builder()
.ackDelayExponent(0)
.activeConnectionIdLimit(0)
.activeMigration("string")
.greaseQuicBit("string")
.maxAckDelay(0)
.maxDatagramFrameSize(0)
.maxIdleTimeout(0)
.maxUdpPayloadSize(0)
.build())
.realservers(Vip6RealserverArgs.builder()
.clientIp("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.status("string")
.translateHost("string")
.weight(0)
.build())
.serverType("string")
.srcFilters(Vip6SrcFilterArgs.builder()
.range("string")
.build())
.srcVipFilter("string")
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(Vip6SslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerCipherSuites(Vip6SslServerCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.type("string")
.uuid("string")
.vdomparam("string")
.weblogicServer("string")
.websphereServer("string")
.build());
vip6_resource = fortios.firewall.Vip6("vip6Resource",
extip="string",
mappedip="string",
add_nat64_route="string",
arp_reply="string",
color=0,
comment="string",
dynamic_sort_subtable="string",
embedded_ipv4_address="string",
extport="string",
fosid=0,
get_all_tables="string",
h2_support="string",
h3_support="string",
http_cookie_age=0,
http_cookie_domain="string",
http_cookie_domain_from_host="string",
http_cookie_generation=0,
http_cookie_path="string",
http_cookie_share="string",
http_ip_header="string",
http_ip_header_name="string",
http_multiplex="string",
http_redirect="string",
https_cookie_secure="string",
ipv4_mappedip="string",
ipv4_mappedport="string",
ldb_method="string",
mappedport="string",
max_embryonic_connections=0,
monitors=[fortios.firewall.Vip6MonitorArgs(
name="string",
)],
name="string",
nat64="string",
nat66="string",
nat_source_vip="string",
ndp_reply="string",
outlook_web_access="string",
persistence="string",
portforward="string",
protocol="string",
quic=fortios.firewall.Vip6QuicArgs(
ack_delay_exponent=0,
active_connection_id_limit=0,
active_migration="string",
grease_quic_bit="string",
max_ack_delay=0,
max_datagram_frame_size=0,
max_idle_timeout=0,
max_udp_payload_size=0,
),
realservers=[fortios.firewall.Vip6RealserverArgs(
client_ip="string",
healthcheck="string",
holddown_interval=0,
http_host="string",
id=0,
ip="string",
max_connections=0,
monitor="string",
port=0,
status="string",
translate_host="string",
weight=0,
)],
server_type="string",
src_filters=[fortios.firewall.Vip6SrcFilterArgs(
range="string",
)],
src_vip_filter="string",
ssl_accept_ffdhe_groups="string",
ssl_algorithm="string",
ssl_certificate="string",
ssl_cipher_suites=[fortios.firewall.Vip6SslCipherSuiteArgs(
cipher="string",
priority=0,
versions="string",
)],
ssl_client_fallback="string",
ssl_client_rekey_count=0,
ssl_client_renegotiation="string",
ssl_client_session_state_max=0,
ssl_client_session_state_timeout=0,
ssl_client_session_state_type="string",
ssl_dh_bits="string",
ssl_hpkp="string",
ssl_hpkp_age=0,
ssl_hpkp_backup="string",
ssl_hpkp_include_subdomains="string",
ssl_hpkp_primary="string",
ssl_hpkp_report_uri="string",
ssl_hsts="string",
ssl_hsts_age=0,
ssl_hsts_include_subdomains="string",
ssl_http_location_conversion="string",
ssl_http_match_host="string",
ssl_max_version="string",
ssl_min_version="string",
ssl_mode="string",
ssl_pfs="string",
ssl_send_empty_frags="string",
ssl_server_algorithm="string",
ssl_server_cipher_suites=[fortios.firewall.Vip6SslServerCipherSuiteArgs(
cipher="string",
priority=0,
versions="string",
)],
ssl_server_max_version="string",
ssl_server_min_version="string",
ssl_server_renegotiation="string",
ssl_server_session_state_max=0,
ssl_server_session_state_timeout=0,
ssl_server_session_state_type="string",
type="string",
uuid="string",
vdomparam="string",
weblogic_server="string",
websphere_server="string")
const vip6Resource = new fortios.firewall.Vip6("vip6Resource", {
extip: "string",
mappedip: "string",
addNat64Route: "string",
arpReply: "string",
color: 0,
comment: "string",
dynamicSortSubtable: "string",
embeddedIpv4Address: "string",
extport: "string",
fosid: 0,
getAllTables: "string",
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpRedirect: "string",
httpsCookieSecure: "string",
ipv4Mappedip: "string",
ipv4Mappedport: "string",
ldbMethod: "string",
mappedport: "string",
maxEmbryonicConnections: 0,
monitors: [{
name: "string",
}],
name: "string",
nat64: "string",
nat66: "string",
natSourceVip: "string",
ndpReply: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
protocol: "string",
quic: {
ackDelayExponent: 0,
activeConnectionIdLimit: 0,
activeMigration: "string",
greaseQuicBit: "string",
maxAckDelay: 0,
maxDatagramFrameSize: 0,
maxIdleTimeout: 0,
maxUdpPayloadSize: 0,
},
realservers: [{
clientIp: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
status: "string",
translateHost: "string",
weight: 0,
}],
serverType: "string",
srcFilters: [{
range: "string",
}],
srcVipFilter: "string",
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: "string",
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerCipherSuites: [{
cipher: "string",
priority: 0,
versions: "string",
}],
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
type: "string",
uuid: "string",
vdomparam: "string",
weblogicServer: "string",
websphereServer: "string",
});
type: fortios:firewall:Vip6
properties:
addNat64Route: string
arpReply: string
color: 0
comment: string
dynamicSortSubtable: string
embeddedIpv4Address: string
extip: string
extport: string
fosid: 0
getAllTables: string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpRedirect: string
httpsCookieSecure: string
ipv4Mappedip: string
ipv4Mappedport: string
ldbMethod: string
mappedip: string
mappedport: string
maxEmbryonicConnections: 0
monitors:
- name: string
name: string
nat64: string
nat66: string
natSourceVip: string
ndpReply: string
outlookWebAccess: string
persistence: string
portforward: string
protocol: string
quic:
ackDelayExponent: 0
activeConnectionIdLimit: 0
activeMigration: string
greaseQuicBit: string
maxAckDelay: 0
maxDatagramFrameSize: 0
maxIdleTimeout: 0
maxUdpPayloadSize: 0
realservers:
- clientIp: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
status: string
translateHost: string
weight: 0
serverType: string
srcFilters:
- range: string
srcVipFilter: string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
priority: 0
versions: string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerCipherSuites:
- cipher: string
priority: 0
versions: string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
type: string
uuid: string
vdomparam: string
weblogicServer: string
websphereServer: string
Vip6 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Vip6 resource accepts the following input properties:
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip6Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Pulumiverse.
Fortios. Firewall. Inputs. Vip6Quic - QUIC setting. The structure of
quicblock is documented below. - Realservers
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip6Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Src
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip6Src Filter> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<Pulumiverse.Suites Fortios. Firewall. Inputs. Vip6Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server List<Pulumiverse.Cipher Suites Fortios. Firewall. Inputs. Vip6Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
[]Vip6Monitor
Args - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Vip6Quic
Args - QUIC setting. The structure of
quicblock is documented below. - Realservers
[]Vip6Realserver
Args - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Src
Filters []Vip6SrcFilter Args - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []Vip6SslSuites Cipher Suite Args - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server []Vip6SslCipher Suites Server Cipher Suite Args - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- mappedip String
- Mapped IP address range in the format startIP-endIP.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Integer
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Integer
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Integer
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Integer
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic IntegerConnections - Maximum number of incomplete connections.
- monitors List<Vip6Monitor>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Vip6Quic
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Vip6Realserver>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters List<Vip6SrcFilter> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Vip6SslSuites Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client IntegerRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client IntegerSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client IntegerSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp IntegerAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts IntegerAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Vip6SslCipher Suites Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server IntegerSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server IntegerSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- mappedip string
- Mapped IP address range in the format startIP-endIP.
- add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitors Vip6Monitor[]
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name string
- Virtual ip6 name.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Vip6Quic
- QUIC setting. The structure of
quicblock is documented below. - realservers Vip6Realserver[]
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters Vip6SrcFilter[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher Vip6SslSuites Cipher Suite[] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server Vip6SslCipher Suites Server Cipher Suite[] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- mappedip str
- Mapped IP address range in the format startIP-endIP.
- add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color int
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid int
- Custom defined ID.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ intconnections - Maximum number of incomplete connections.
- monitors
Sequence[Vip6Monitor
Args] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name str
- Virtual ip6 name.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Vip6Quic
Args - QUIC setting. The structure of
quicblock is documented below. - realservers
Sequence[Vip6Realserver
Args] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src_
filters Sequence[Vip6SrcFilter Args] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Vip6Sslsuites Cipher Suite Args] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ intrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl_
client_ intsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ intsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ intage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ intage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client.
- ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client.
- ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl_
server_ Sequence[Vip6Sslcipher_ suites Server Cipher Suite Args] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl_
server_ intsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ intsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- mappedip String
- Mapped IP address range in the format startIP-endIP.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitors List<Property Map>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Property Map
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Property Map>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters List<Property Map> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Property Map>Cipher Suites - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the Vip6 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Vip6 Resource
Get an existing Vip6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: Vip6State, opts?: CustomResourceOptions): Vip6@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_nat64_route: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[int] = None,
comment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[int] = None,
get_all_tables: Optional[str] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[int] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[int] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedip: Optional[str] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[int] = None,
monitors: Optional[Sequence[Vip6MonitorArgs]] = None,
name: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[Vip6QuicArgs] = None,
realservers: Optional[Sequence[Vip6RealserverArgs]] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[Vip6SrcFilterArgs]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[Vip6SslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[int] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[int] = None,
ssl_client_session_state_timeout: Optional[int] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[int] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[int] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[Vip6SslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[int] = None,
ssl_server_session_state_timeout: Optional[int] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None) -> Vip6func GetVip6(ctx *Context, name string, id IDInput, state *Vip6State, opts ...ResourceOption) (*Vip6, error)public static Vip6 Get(string name, Input<string> id, Vip6State? state, CustomResourceOptions? opts = null)public static Vip6 get(String name, Output<String> id, Vip6State state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip6Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Pulumiverse.
Fortios. Firewall. Inputs. Vip6Quic - QUIC setting. The structure of
quicblock is documented below. - Realservers
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip6Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Src
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip6Src Filter> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<Pulumiverse.Suites Fortios. Firewall. Inputs. Vip6Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server List<Pulumiverse.Cipher Suites Fortios. Firewall. Inputs. Vip6Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
[]Vip6Monitor
Args - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Vip6Quic
Args - QUIC setting. The structure of
quicblock is documented below. - Realservers
[]Vip6Realserver
Args - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Src
Filters []Vip6SrcFilter Args - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []Vip6SslSuites Cipher Suite Args - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server []Vip6SslCipher Suites Server Cipher Suite Args - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Integer
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Integer
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Integer
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Integer
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic IntegerConnections - Maximum number of incomplete connections.
- monitors List<Vip6Monitor>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Vip6Quic
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Vip6Realserver>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters List<Vip6SrcFilter> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Vip6SslSuites Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client IntegerRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client IntegerSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client IntegerSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp IntegerAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts IntegerAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Vip6SslCipher Suites Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server IntegerSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server IntegerSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip string
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitors Vip6Monitor[]
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name string
- Virtual ip6 name.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Vip6Quic
- QUIC setting. The structure of
quicblock is documented below. - realservers Vip6Realserver[]
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters Vip6SrcFilter[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher Vip6SslSuites Cipher Suite[] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server Vip6SslCipher Suites Server Cipher Suite[] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color int
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid int
- Custom defined ID.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip str
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ intconnections - Maximum number of incomplete connections.
- monitors
Sequence[Vip6Monitor
Args] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name str
- Virtual ip6 name.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Vip6Quic
Args - QUIC setting. The structure of
quicblock is documented below. - realservers
Sequence[Vip6Realserver
Args] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src_
filters Sequence[Vip6SrcFilter Args] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Vip6Sslsuites Cipher Suite Args] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ intrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl_
client_ intsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ intsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ intage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ intage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client.
- ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client.
- ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl_
server_ Sequence[Vip6Sslcipher_ suites Server Cipher Suite Args] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl_
server_ intsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ intsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitors List<Property Map>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Property Map
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Property Map>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - src
Filters List<Property Map> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of
src_filterblock is documented below. - src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Property Map>Cipher Suites - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Supporting Types
Vip6Monitor, Vip6MonitorArgs
- Name string
- Health monitor name.
- Name string
- Health monitor name.
- name String
- Health monitor name.
- name string
- Health monitor name.
- name str
- Health monitor name.
- name String
- Health monitor name.
Vip6Quic, Vip6QuicArgs
- Ack
Delay intExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection intId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - Max
Ack intDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram intFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle intTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp intPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- Ack
Delay intExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection intId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - Max
Ack intDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram intFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle intTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp intPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay IntegerExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection IntegerId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack IntegerDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram IntegerFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle IntegerTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp IntegerPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay numberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection numberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack numberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram numberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle numberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp numberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack_
delay_ intexponent - ACK delay exponent (1 - 20, default = 3).
- active_
connection_ intid_ limit - Active connection ID limit (1 - 8, default = 2).
- active_
migration str - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease_
quic_ strbit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max_
ack_ intdelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max_
datagram_ intframe_ size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max_
idle_ inttimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max_
udp_ intpayload_ size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay NumberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection NumberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack NumberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram NumberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle NumberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp NumberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
Vip6Realserver, Vip6RealserverArgs
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval int - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id int
- Real server ID.
- Ip string
- IPv6 address of the real server.
- Max
Connections int - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - Weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval int - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id int
- Real server ID.
- Ip string
- IPv6 address of the real server.
- Max
Connections int - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - Weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Integer - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Integer
- Real server ID.
- ip String
- IPv6 address of the real server.
- max
Connections Integer - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Integer
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - weight Integer
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip string - Only clients in this IP range can connect to this real server.
- healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IPv6 address of the real server.
- max
Connections number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client_
ip str - Only clients in this IP range can connect to this real server.
- healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval int - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id int
- Real server ID.
- ip str
- IPv6 address of the real server.
- max_
connections int - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IPv6 address of the real server.
- max
Connections Number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
Vip6SrcFilter, Vip6SrcFilterArgs
- Range string
- Source-filter range.
- Range string
- Source-filter range.
- range String
- Source-filter range.
- range string
- Source-filter range.
- range str
- Source-filter range.
- range String
- Source-filter range.
Vip6SslCipherSuite, Vip6SslCipherSuiteArgs
Vip6SslServerCipherSuite, Vip6SslServerCipherSuiteArgs
Import
Firewall Vip6 can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortiosTerraform Provider.