unifi.setting.USG

Unifi v0.2.0, Feb 17 26

Viewing docs for Unifi v0.2.0
published on Tuesday, Feb 17, 2026 by Pulumiverse

Schema (JSON)

pulumiverse/pulumi-unifi

Viewing docs for Unifi v0.2.0
published on Tuesday, Feb 17, 2026 by Pulumiverse

Schema (JSON)

pulumiverse/pulumi-unifi

Multicast DNS (mDNS) for cross-VLAN service discovery
DHCP relay for forwarding DHCP requests to external servers
Geo IP filtering for country-based traffic control
UPNP/NAT-PMP for automatic port forwarding
Protocol helpers for FTP, GRE, H323, PPTP, SIP, and TFTP
TCP/UDP timeout settings for connection tracking
Security features like SYN cookies and ICMP redirect controls
MSS clamping for optimizing MTU issues

Note: Some settings may not be available on all controller versions. For example, multicast_dns_enabled is not supported on UniFi OS v7+. Changes to certain attributes may not be reflected in the plan unless explicitly modified in the configuration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as unifi from "@pulumiverse/unifi";

const example = new unifi.setting.USG("example", {
    geoIpFiltering: {
        block: "block",
        countries: [
            "UK",
            "CN",
            "AU",
        ],
        trafficDirection: "both",
    },
    upnp: {
        natPmpEnabled: true,
        secureMode: true,
        wanInterface: "WAN",
    },
    dnsVerification: {
        domain: "example.com",
        primaryDnsServer: "1.1.1.1",
        secondaryDnsServer: "1.0.0.1",
        settingPreference: "manual",
    },
    tcpTimeouts: {
        closeTimeout: 10,
        establishedTimeout: 3600,
        closeWaitTimeout: 20,
        finWaitTimeout: 30,
        lastAckTimeout: 30,
        synRecvTimeout: 60,
        synSentTimeout: 120,
        timeWaitTimeout: 120,
    },
    arpCacheTimeout: "custom",
    arpCacheBaseReachable: 60,
    broadcastPing: true,
    dhcpdHostfileUpdate: true,
    dhcpdUseDnsmasq: true,
    dnsmasqAllServers: true,
    dhcpRelay: {
        agentsPackets: "forward",
        hopCount: 5,
    },
    dhcpRelayServers: [
        "10.1.2.3",
        "10.1.2.4",
    ],
    echoServer: "echo.example.com",
    ftpModule: true,
    greModule: true,
    tftpModule: true,
    icmpTimeout: 20,
    lldpEnableAll: true,
    mssClamp: "auto",
    mssClampMss: 1452,
    offloadAccounting: true,
    offloadL2Blocking: true,
    offloadScheduling: false,
    otherTimeout: 600,
    timeoutSettingPreference: "auto",
    receiveRedirects: false,
    sendRedirects: true,
    synCookies: true,
    udpOtherTimeout: 30,
    udpStreamTimeout: 120,
});

import pulumi
import pulumiverse_unifi as unifi

example = unifi.setting.USG("example",
    geo_ip_filtering={
        "block": "block",
        "countries": [
            "UK",
            "CN",
            "AU",
        ],
        "traffic_direction": "both",
    },
    upnp={
        "nat_pmp_enabled": True,
        "secure_mode": True,
        "wan_interface": "WAN",
    },
    dns_verification={
        "domain": "example.com",
        "primary_dns_server": "1.1.1.1",
        "secondary_dns_server": "1.0.0.1",
        "setting_preference": "manual",
    },
    tcp_timeouts={
        "close_timeout": 10,
        "established_timeout": 3600,
        "close_wait_timeout": 20,
        "fin_wait_timeout": 30,
        "last_ack_timeout": 30,
        "syn_recv_timeout": 60,
        "syn_sent_timeout": 120,
        "time_wait_timeout": 120,
    },
    arp_cache_timeout="custom",
    arp_cache_base_reachable=60,
    broadcast_ping=True,
    dhcpd_hostfile_update=True,
    dhcpd_use_dnsmasq=True,
    dnsmasq_all_servers=True,
    dhcp_relay={
        "agents_packets": "forward",
        "hop_count": 5,
    },
    dhcp_relay_servers=[
        "10.1.2.3",
        "10.1.2.4",
    ],
    echo_server="echo.example.com",
    ftp_module=True,
    gre_module=True,
    tftp_module=True,
    icmp_timeout=20,
    lldp_enable_all=True,
    mss_clamp="auto",
    mss_clamp_mss=1452,
    offload_accounting=True,
    offload_l2_blocking=True,
    offload_scheduling=False,
    other_timeout=600,
    timeout_setting_preference="auto",
    receive_redirects=False,
    send_redirects=True,
    syn_cookies=True,
    udp_other_timeout=30,
    udp_stream_timeout=120)

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi/setting"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := setting.NewUSG(ctx, "example", &setting.USGArgs{
			GeoIpFiltering: &setting.USGGeoIpFilteringArgs{
				Block: "block",
				Countries: pulumi.StringArray{
					pulumi.String("UK"),
					pulumi.String("CN"),
					pulumi.String("AU"),
				},
				TrafficDirection: pulumi.String("both"),
			},
			Upnp: &setting.USGUpnpArgs{
				NatPmpEnabled: pulumi.Bool(true),
				SecureMode:    pulumi.Bool(true),
				WanInterface:  pulumi.String("WAN"),
			},
			DnsVerification: &setting.USGDnsVerificationArgs{
				Domain:             pulumi.String("example.com"),
				PrimaryDnsServer:   pulumi.String("1.1.1.1"),
				SecondaryDnsServer: pulumi.String("1.0.0.1"),
				SettingPreference:  pulumi.String("manual"),
			},
			TcpTimeouts: &setting.USGTcpTimeoutsArgs{
				CloseTimeout:       pulumi.Int(10),
				EstablishedTimeout: pulumi.Int(3600),
				CloseWaitTimeout:   pulumi.Int(20),
				FinWaitTimeout:     pulumi.Int(30),
				LastAckTimeout:     pulumi.Int(30),
				SynRecvTimeout:     pulumi.Int(60),
				SynSentTimeout:     pulumi.Int(120),
				TimeWaitTimeout:    pulumi.Int(120),
			},
			ArpCacheTimeout:       pulumi.String("custom"),
			ArpCacheBaseReachable: pulumi.Int(60),
			BroadcastPing:         pulumi.Bool(true),
			DhcpdHostfileUpdate:   pulumi.Bool(true),
			DhcpdUseDnsmasq:       pulumi.Bool(true),
			DnsmasqAllServers:     pulumi.Bool(true),
			DhcpRelay: &setting.USGDhcpRelayArgs{
				AgentsPackets: pulumi.String("forward"),
				HopCount:      pulumi.Int(5),
			},
			DhcpRelayServers: pulumi.StringArray{
				pulumi.String("10.1.2.3"),
				pulumi.String("10.1.2.4"),
			},
			EchoServer:               pulumi.String("echo.example.com"),
			FtpModule:                pulumi.Bool(true),
			GreModule:                pulumi.Bool(true),
			TftpModule:               pulumi.Bool(true),
			IcmpTimeout:              pulumi.Int(20),
			LldpEnableAll:            pulumi.Bool(true),
			MssClamp:                 pulumi.String("auto"),
			MssClampMss:              pulumi.Int(1452),
			OffloadAccounting:        pulumi.Bool(true),
			OffloadL2Blocking:        pulumi.Bool(true),
			OffloadScheduling:        false,
			OtherTimeout:             pulumi.Int(600),
			TimeoutSettingPreference: pulumi.String("auto"),
			ReceiveRedirects:         pulumi.Bool(false),
			SendRedirects:            pulumi.Bool(true),
			SynCookies:               pulumi.Bool(true),
			UdpOtherTimeout:          pulumi.Int(30),
			UdpStreamTimeout:         pulumi.Int(120),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Unifi = Pulumiverse.Unifi;

return await Deployment.RunAsync(() => 
{
    var example = new Unifi.Setting.USG("example", new()
    {
        GeoIpFiltering = new Unifi.Setting.Inputs.USGGeoIpFilteringArgs
        {
            Block = "block",
            Countries = new[]
            {
                "UK",
                "CN",
                "AU",
            },
            TrafficDirection = "both",
        },
        Upnp = new Unifi.Setting.Inputs.USGUpnpArgs
        {
            NatPmpEnabled = true,
            SecureMode = true,
            WanInterface = "WAN",
        },
        DnsVerification = new Unifi.Setting.Inputs.USGDnsVerificationArgs
        {
            Domain = "example.com",
            PrimaryDnsServer = "1.1.1.1",
            SecondaryDnsServer = "1.0.0.1",
            SettingPreference = "manual",
        },
        TcpTimeouts = new Unifi.Setting.Inputs.USGTcpTimeoutsArgs
        {
            CloseTimeout = 10,
            EstablishedTimeout = 3600,
            CloseWaitTimeout = 20,
            FinWaitTimeout = 30,
            LastAckTimeout = 30,
            SynRecvTimeout = 60,
            SynSentTimeout = 120,
            TimeWaitTimeout = 120,
        },
        ArpCacheTimeout = "custom",
        ArpCacheBaseReachable = 60,
        BroadcastPing = true,
        DhcpdHostfileUpdate = true,
        DhcpdUseDnsmasq = true,
        DnsmasqAllServers = true,
        DhcpRelay = new Unifi.Setting.Inputs.USGDhcpRelayArgs
        {
            AgentsPackets = "forward",
            HopCount = 5,
        },
        DhcpRelayServers = new[]
        {
            "10.1.2.3",
            "10.1.2.4",
        },
        EchoServer = "echo.example.com",
        FtpModule = true,
        GreModule = true,
        TftpModule = true,
        IcmpTimeout = 20,
        LldpEnableAll = true,
        MssClamp = "auto",
        MssClampMss = 1452,
        OffloadAccounting = true,
        OffloadL2Blocking = true,
        OffloadScheduling = false,
        OtherTimeout = 600,
        TimeoutSettingPreference = "auto",
        ReceiveRedirects = false,
        SendRedirects = true,
        SynCookies = true,
        UdpOtherTimeout = 30,
        UdpStreamTimeout = 120,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumiverse.unifi.setting.USG;
import com.pulumiverse.unifi.setting.USGArgs;
import com.pulumi.unifi.setting.inputs.USGGeoIpFilteringArgs;
import com.pulumi.unifi.setting.inputs.USGUpnpArgs;
import com.pulumi.unifi.setting.inputs.USGDnsVerificationArgs;
import com.pulumi.unifi.setting.inputs.USGTcpTimeoutsArgs;
import com.pulumi.unifi.setting.inputs.USGDhcpRelayArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new USG("example", USGArgs.builder()
            .geoIpFiltering(USGGeoIpFilteringArgs.builder()
                .block("block")
                .countries(                
                    "UK",
                    "CN",
                    "AU")
                .trafficDirection("both")
                .build())
            .upnp(USGUpnpArgs.builder()
                .natPmpEnabled(true)
                .secureMode(true)
                .wanInterface("WAN")
                .build())
            .dnsVerification(USGDnsVerificationArgs.builder()
                .domain("example.com")
                .primaryDnsServer("1.1.1.1")
                .secondaryDnsServer("1.0.0.1")
                .settingPreference("manual")
                .build())
            .tcpTimeouts(USGTcpTimeoutsArgs.builder()
                .closeTimeout(10)
                .establishedTimeout(3600)
                .closeWaitTimeout(20)
                .finWaitTimeout(30)
                .lastAckTimeout(30)
                .synRecvTimeout(60)
                .synSentTimeout(120)
                .timeWaitTimeout(120)
                .build())
            .arpCacheTimeout("custom")
            .arpCacheBaseReachable(60)
            .broadcastPing(true)
            .dhcpdHostfileUpdate(true)
            .dhcpdUseDnsmasq(true)
            .dnsmasqAllServers(true)
            .dhcpRelay(USGDhcpRelayArgs.builder()
                .agentsPackets("forward")
                .hopCount(5)
                .build())
            .dhcpRelayServers(            
                "10.1.2.3",
                "10.1.2.4")
            .echoServer("echo.example.com")
            .ftpModule(true)
            .greModule(true)
            .tftpModule(true)
            .icmpTimeout(20)
            .lldpEnableAll(true)
            .mssClamp("auto")
            .mssClampMss(1452)
            .offloadAccounting(true)
            .offloadL2Blocking(true)
            .offloadScheduling(false)
            .otherTimeout(600)
            .timeoutSettingPreference("auto")
            .receiveRedirects(false)
            .sendRedirects(true)
            .synCookies(true)
            .udpOtherTimeout(30)
            .udpStreamTimeout(120)
            .build());

    }
}

resources:
  example:
    type: unifi:setting:USG
    properties:
      geoIpFiltering:
        block: block
        countries:
          - UK
          - CN
          - AU
        trafficDirection: both
      upnp:
        natPmpEnabled: true
        secureMode: true
        wanInterface: WAN
      dnsVerification:
        domain: example.com
        primaryDnsServer: 1.1.1.1
        secondaryDnsServer: 1.0.0.1
        settingPreference: manual
      tcpTimeouts:
        closeTimeout: 10
        establishedTimeout: 3600
        closeWaitTimeout: 20
        finWaitTimeout: 30
        lastAckTimeout: 30
        synRecvTimeout: 60
        synSentTimeout: 120
        timeWaitTimeout: 120
      arpCacheTimeout: custom
      arpCacheBaseReachable: 60 # DHCP Configuration
      broadcastPing: true
      dhcpdHostfileUpdate: true
      dhcpdUseDnsmasq: true
      dnsmasqAllServers: true # DHCP Relay Configuration
      dhcpRelay:
        agentsPackets: forward
        hopCount: 5
      dhcpRelayServers:
        - 10.1.2.3
        - 10.1.2.4
      echoServer: echo.example.com
      ftpModule: true
      greModule: true
      tftpModule: true # ICMP & LLDP Settings
      icmpTimeout: 20
      lldpEnableAll: true # MSS Clamp Settings
      mssClamp: auto
      mssClampMss: 1452 # Offload Settings
      offloadAccounting: true
      offloadL2Blocking: true
      offloadScheduling: false # Timeout Settings
      otherTimeout: 600
      timeoutSettingPreference: auto
      receiveRedirects: false
      sendRedirects: true
      synCookies: true # UDP Timeout Settings
      udpOtherTimeout: 30
      udpStreamTimeout: 120 # Specify the site (optional)
      #   # site = "default"

Create USG Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new USG(name: string, args?: USGArgs, opts?: CustomResourceOptions);

@overload
def USG(resource_name: str,
        args: Optional[USGArgs] = None,
        opts: Optional[ResourceOptions] = None)

@overload
def USG(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        arp_cache_base_reachable: Optional[int] = None,
        arp_cache_timeout: Optional[str] = None,
        broadcast_ping: Optional[bool] = None,
        dhcp_relay: Optional[USGDhcpRelayArgs] = None,
        dhcp_relay_servers: Optional[Sequence[str]] = None,
        dhcpd_hostfile_update: Optional[bool] = None,
        dhcpd_use_dnsmasq: Optional[bool] = None,
        dns_verification: Optional[USGDnsVerificationArgs] = None,
        dnsmasq_all_servers: Optional[bool] = None,
        echo_server: Optional[str] = None,
        ftp_module: Optional[bool] = None,
        geo_ip_filtering: Optional[USGGeoIpFilteringArgs] = None,
        gre_module: Optional[bool] = None,
        h323_module: Optional[bool] = None,
        icmp_timeout: Optional[int] = None,
        lldp_enable_all: Optional[bool] = None,
        mss_clamp: Optional[str] = None,
        mss_clamp_mss: Optional[int] = None,
        multicast_dns_enabled: Optional[bool] = None,
        offload_accounting: Optional[bool] = None,
        offload_l2_blocking: Optional[bool] = None,
        offload_sch: Optional[bool] = None,
        other_timeout: Optional[int] = None,
        pptp_module: Optional[bool] = None,
        receive_redirects: Optional[bool] = None,
        send_redirects: Optional[bool] = None,
        sip_module: Optional[bool] = None,
        site: Optional[str] = None,
        syn_cookies: Optional[bool] = None,
        tcp_timeouts: Optional[USGTcpTimeoutsArgs] = None,
        tftp_module: Optional[bool] = None,
        timeout_setting_preference: Optional[str] = None,
        udp_other_timeout: Optional[int] = None,
        udp_stream_timeout: Optional[int] = None,
        unbind_wan_monitors: Optional[bool] = None,
        upnp: Optional[USGUpnpArgs] = None)

func NewUSG(ctx *Context, name string, args *USGArgs, opts ...ResourceOption) (*USG, error)

public USG(string name, USGArgs? args = null, CustomResourceOptions? opts = null)

public USG(String name, USGArgs args)
public USG(String name, USGArgs args, CustomResourceOptions options)

type: unifi:setting:USG
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args USGArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args USGArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args USGArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args USGArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args USGArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var usgResource = new Unifi.Setting.USG("usgResource", new()
{
    ArpCacheBaseReachable = 0,
    ArpCacheTimeout = "string",
    BroadcastPing = false,
    DhcpRelay = new Unifi.Setting.Inputs.USGDhcpRelayArgs
    {
        AgentsPackets = "string",
        HopCount = 0,
        MaxSize = 0,
        Port = 0,
    },
    DhcpdHostfileUpdate = false,
    DhcpdUseDnsmasq = false,
    DnsVerification = new Unifi.Setting.Inputs.USGDnsVerificationArgs
    {
        Domain = "string",
        PrimaryDnsServer = "string",
        SecondaryDnsServer = "string",
        SettingPreference = "string",
    },
    DnsmasqAllServers = false,
    EchoServer = "string",
    FtpModule = false,
    GeoIpFiltering = new Unifi.Setting.Inputs.USGGeoIpFilteringArgs
    {
        Countries = new[]
        {
            "string",
        },
        Mode = "string",
        TrafficDirection = "string",
    },
    GreModule = false,
    H323Module = false,
    IcmpTimeout = 0,
    LldpEnableAll = false,
    MssClamp = "string",
    MssClampMss = 0,
    MulticastDnsEnabled = false,
    OffloadAccounting = false,
    OffloadL2Blocking = false,
    OffloadSch = false,
    OtherTimeout = 0,
    PptpModule = false,
    ReceiveRedirects = false,
    SendRedirects = false,
    SipModule = false,
    Site = "string",
    SynCookies = false,
    TcpTimeouts = new Unifi.Setting.Inputs.USGTcpTimeoutsArgs
    {
        CloseTimeout = 0,
        CloseWaitTimeout = 0,
        EstablishedTimeout = 0,
        FinWaitTimeout = 0,
        LastAckTimeout = 0,
        SynRecvTimeout = 0,
        SynSentTimeout = 0,
        TimeWaitTimeout = 0,
    },
    TftpModule = false,
    TimeoutSettingPreference = "string",
    UdpOtherTimeout = 0,
    UdpStreamTimeout = 0,
    UnbindWanMonitors = false,
    Upnp = new Unifi.Setting.Inputs.USGUpnpArgs
    {
        NatPmpEnabled = false,
        SecureMode = false,
        WanInterface = "string",
    },
});

example, err := setting.NewUSG(ctx, "usgResource", &setting.USGArgs{
	ArpCacheBaseReachable: pulumi.Int(0),
	ArpCacheTimeout:       pulumi.String("string"),
	BroadcastPing:         pulumi.Bool(false),
	DhcpRelay: &setting.USGDhcpRelayArgs{
		AgentsPackets: pulumi.String("string"),
		HopCount:      pulumi.Int(0),
		MaxSize:       pulumi.Int(0),
		Port:          pulumi.Int(0),
	},
	DhcpdHostfileUpdate: pulumi.Bool(false),
	DhcpdUseDnsmasq:     pulumi.Bool(false),
	DnsVerification: &setting.USGDnsVerificationArgs{
		Domain:             pulumi.String("string"),
		PrimaryDnsServer:   pulumi.String("string"),
		SecondaryDnsServer: pulumi.String("string"),
		SettingPreference:  pulumi.String("string"),
	},
	DnsmasqAllServers: pulumi.Bool(false),
	EchoServer:        pulumi.String("string"),
	FtpModule:         pulumi.Bool(false),
	GeoIpFiltering: &setting.USGGeoIpFilteringArgs{
		Countries: pulumi.StringArray{
			pulumi.String("string"),
		},
		Mode:             pulumi.String("string"),
		TrafficDirection: pulumi.String("string"),
	},
	GreModule:           pulumi.Bool(false),
	H323Module:          pulumi.Bool(false),
	IcmpTimeout:         pulumi.Int(0),
	LldpEnableAll:       pulumi.Bool(false),
	MssClamp:            pulumi.String("string"),
	MssClampMss:         pulumi.Int(0),
	MulticastDnsEnabled: pulumi.Bool(false),
	OffloadAccounting:   pulumi.Bool(false),
	OffloadL2Blocking:   pulumi.Bool(false),
	OffloadSch:          pulumi.Bool(false),
	OtherTimeout:        pulumi.Int(0),
	PptpModule:          pulumi.Bool(false),
	ReceiveRedirects:    pulumi.Bool(false),
	SendRedirects:       pulumi.Bool(false),
	SipModule:           pulumi.Bool(false),
	Site:                pulumi.String("string"),
	SynCookies:          pulumi.Bool(false),
	TcpTimeouts: &setting.USGTcpTimeoutsArgs{
		CloseTimeout:       pulumi.Int(0),
		CloseWaitTimeout:   pulumi.Int(0),
		EstablishedTimeout: pulumi.Int(0),
		FinWaitTimeout:     pulumi.Int(0),
		LastAckTimeout:     pulumi.Int(0),
		SynRecvTimeout:     pulumi.Int(0),
		SynSentTimeout:     pulumi.Int(0),
		TimeWaitTimeout:    pulumi.Int(0),
	},
	TftpModule:               pulumi.Bool(false),
	TimeoutSettingPreference: pulumi.String("string"),
	UdpOtherTimeout:          pulumi.Int(0),
	UdpStreamTimeout:         pulumi.Int(0),
	UnbindWanMonitors:        pulumi.Bool(false),
	Upnp: &setting.USGUpnpArgs{
		NatPmpEnabled: pulumi.Bool(false),
		SecureMode:    pulumi.Bool(false),
		WanInterface:  pulumi.String("string"),
	},
})

var usgResource = new USG("usgResource", USGArgs.builder()
    .arpCacheBaseReachable(0)
    .arpCacheTimeout("string")
    .broadcastPing(false)
    .dhcpRelay(USGDhcpRelayArgs.builder()
        .agentsPackets("string")
        .hopCount(0)
        .maxSize(0)
        .port(0)
        .build())
    .dhcpdHostfileUpdate(false)
    .dhcpdUseDnsmasq(false)
    .dnsVerification(USGDnsVerificationArgs.builder()
        .domain("string")
        .primaryDnsServer("string")
        .secondaryDnsServer("string")
        .settingPreference("string")
        .build())
    .dnsmasqAllServers(false)
    .echoServer("string")
    .ftpModule(false)
    .geoIpFiltering(USGGeoIpFilteringArgs.builder()
        .countries("string")
        .mode("string")
        .trafficDirection("string")
        .build())
    .greModule(false)
    .h323Module(false)
    .icmpTimeout(0)
    .lldpEnableAll(false)
    .mssClamp("string")
    .mssClampMss(0)
    .multicastDnsEnabled(false)
    .offloadAccounting(false)
    .offloadL2Blocking(false)
    .offloadSch(false)
    .otherTimeout(0)
    .pptpModule(false)
    .receiveRedirects(false)
    .sendRedirects(false)
    .sipModule(false)
    .site("string")
    .synCookies(false)
    .tcpTimeouts(USGTcpTimeoutsArgs.builder()
        .closeTimeout(0)
        .closeWaitTimeout(0)
        .establishedTimeout(0)
        .finWaitTimeout(0)
        .lastAckTimeout(0)
        .synRecvTimeout(0)
        .synSentTimeout(0)
        .timeWaitTimeout(0)
        .build())
    .tftpModule(false)
    .timeoutSettingPreference("string")
    .udpOtherTimeout(0)
    .udpStreamTimeout(0)
    .unbindWanMonitors(false)
    .upnp(USGUpnpArgs.builder()
        .natPmpEnabled(false)
        .secureMode(false)
        .wanInterface("string")
        .build())
    .build());

usg_resource = unifi.setting.USG("usgResource",
    arp_cache_base_reachable=0,
    arp_cache_timeout="string",
    broadcast_ping=False,
    dhcp_relay={
        "agents_packets": "string",
        "hop_count": 0,
        "max_size": 0,
        "port": 0,
    },
    dhcpd_hostfile_update=False,
    dhcpd_use_dnsmasq=False,
    dns_verification={
        "domain": "string",
        "primary_dns_server": "string",
        "secondary_dns_server": "string",
        "setting_preference": "string",
    },
    dnsmasq_all_servers=False,
    echo_server="string",
    ftp_module=False,
    geo_ip_filtering={
        "countries": ["string"],
        "mode": "string",
        "traffic_direction": "string",
    },
    gre_module=False,
    h323_module=False,
    icmp_timeout=0,
    lldp_enable_all=False,
    mss_clamp="string",
    mss_clamp_mss=0,
    multicast_dns_enabled=False,
    offload_accounting=False,
    offload_l2_blocking=False,
    offload_sch=False,
    other_timeout=0,
    pptp_module=False,
    receive_redirects=False,
    send_redirects=False,
    sip_module=False,
    site="string",
    syn_cookies=False,
    tcp_timeouts={
        "close_timeout": 0,
        "close_wait_timeout": 0,
        "established_timeout": 0,
        "fin_wait_timeout": 0,
        "last_ack_timeout": 0,
        "syn_recv_timeout": 0,
        "syn_sent_timeout": 0,
        "time_wait_timeout": 0,
    },
    tftp_module=False,
    timeout_setting_preference="string",
    udp_other_timeout=0,
    udp_stream_timeout=0,
    unbind_wan_monitors=False,
    upnp={
        "nat_pmp_enabled": False,
        "secure_mode": False,
        "wan_interface": "string",
    })

const usgResource = new unifi.setting.USG("usgResource", {
    arpCacheBaseReachable: 0,
    arpCacheTimeout: "string",
    broadcastPing: false,
    dhcpRelay: {
        agentsPackets: "string",
        hopCount: 0,
        maxSize: 0,
        port: 0,
    },
    dhcpdHostfileUpdate: false,
    dhcpdUseDnsmasq: false,
    dnsVerification: {
        domain: "string",
        primaryDnsServer: "string",
        secondaryDnsServer: "string",
        settingPreference: "string",
    },
    dnsmasqAllServers: false,
    echoServer: "string",
    ftpModule: false,
    geoIpFiltering: {
        countries: ["string"],
        mode: "string",
        trafficDirection: "string",
    },
    greModule: false,
    h323Module: false,
    icmpTimeout: 0,
    lldpEnableAll: false,
    mssClamp: "string",
    mssClampMss: 0,
    multicastDnsEnabled: false,
    offloadAccounting: false,
    offloadL2Blocking: false,
    offloadSch: false,
    otherTimeout: 0,
    pptpModule: false,
    receiveRedirects: false,
    sendRedirects: false,
    sipModule: false,
    site: "string",
    synCookies: false,
    tcpTimeouts: {
        closeTimeout: 0,
        closeWaitTimeout: 0,
        establishedTimeout: 0,
        finWaitTimeout: 0,
        lastAckTimeout: 0,
        synRecvTimeout: 0,
        synSentTimeout: 0,
        timeWaitTimeout: 0,
    },
    tftpModule: false,
    timeoutSettingPreference: "string",
    udpOtherTimeout: 0,
    udpStreamTimeout: 0,
    unbindWanMonitors: false,
    upnp: {
        natPmpEnabled: false,
        secureMode: false,
        wanInterface: "string",
    },
});

type: unifi:setting:USG
properties:
    arpCacheBaseReachable: 0
    arpCacheTimeout: string
    broadcastPing: false
    dhcpRelay:
        agentsPackets: string
        hopCount: 0
        maxSize: 0
        port: 0
    dhcpdHostfileUpdate: false
    dhcpdUseDnsmasq: false
    dnsVerification:
        domain: string
        primaryDnsServer: string
        secondaryDnsServer: string
        settingPreference: string
    dnsmasqAllServers: false
    echoServer: string
    ftpModule: false
    geoIpFiltering:
        countries:
            - string
        mode: string
        trafficDirection: string
    greModule: false
    h323Module: false
    icmpTimeout: 0
    lldpEnableAll: false
    mssClamp: string
    mssClampMss: 0
    multicastDnsEnabled: false
    offloadAccounting: false
    offloadL2Blocking: false
    offloadSch: false
    otherTimeout: 0
    pptpModule: false
    receiveRedirects: false
    sendRedirects: false
    sipModule: false
    site: string
    synCookies: false
    tcpTimeouts:
        closeTimeout: 0
        closeWaitTimeout: 0
        establishedTimeout: 0
        finWaitTimeout: 0
        lastAckTimeout: 0
        synRecvTimeout: 0
        synSentTimeout: 0
        timeWaitTimeout: 0
    tftpModule: false
    timeoutSettingPreference: string
    udpOtherTimeout: 0
    udpStreamTimeout: 0
    unbindWanMonitors: false
    upnp:
        natPmpEnabled: false
        secureMode: false
        wanInterface: string

USG Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The USG resource accepts the following input properties:

ArpCacheBaseReachable int

The base reachable timeout (in seconds) for ARP cache entries. This controls how long the gateway considers a MAC-to-IP mapping valid without needing to refresh it. Higher values reduce network traffic but may cause stale entries if devices change IP addresses frequently.

ArpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

BroadcastPing bool

Enable responding to broadcast ping requests (ICMP echo requests sent to the broadcast address). When enabled, the gateway will respond to pings sent to the broadcast address of the network (e.g., 192.168.1.255). This can be useful for network diagnostics but may also be used in certain denial-of-service attacks.

DhcpRelay Pulumiverse.Unifi.Setting.Inputs.USGDhcpRelay

Advanced DHCP relay configuration settings. Controls how the gateway forwards DHCP requests to external servers and manages DHCP relay agent behavior. Use this block to fine-tune DHCP relay functionality beyond simply specifying relay servers.

DhcpRelayServers List<string>

List of up to 5 DHCP relay servers (specified by IP address) that will receive forwarded DHCP requests. This is useful when you want to use external DHCP servers instead of the built-in DHCP server on the USG/UDM. When configured, the gateway will forward DHCP discovery packets from clients to these external servers, allowing centralized IP address management across multiple networks. Example: ['192.168.1.5', '192.168.2.5']

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

DhcpdHostfileUpdate bool

Enable updating the gateway's host files with DHCP client information. When enabled, the gateway will automatically add entries to its host file for each DHCP client, allowing hostname resolution for devices that receive IP addresses via DHCP. This improves name resolution on the local network.

DhcpdUseDnsmasq bool

Use dnsmasq for DHCP services instead of the default DHCP server. Dnsmasq provides integrated DNS and DHCP functionality with additional features like DNS caching, DHCP static leases, and local domain name resolution. This can improve DNS resolution performance and provide more flexible DHCP options.

DnsVerification Pulumiverse.Unifi.Setting.Inputs.USGDnsVerification

DNS verification settings for validating DNS responses. This feature helps detect and prevent DNS spoofing attacks by verifying DNS responses against trusted DNS servers. When configured, the gateway can compare DNS responses with those from known trusted servers to identify potential tampering or poisoning attempts. Requires controller version 8.5 or later.

DnsmasqAllServers bool

When enabled, dnsmasq will query all configured DNS servers simultaneously and use the fastest response. This can improve DNS resolution speed but may increase DNS traffic. By default, dnsmasq queries servers sequentially, only trying the next server if the current one fails to respond.

EchoServer string

The hostname or IP address of a server to use for network echo tests. Echo tests send packets to this server and measure response times to evaluate network connectivity and performance. This can be used for network diagnostics and monitoring.

FtpModule bool

Enable the FTP (File Transfer Protocol) helper module. This module allows the gateway to properly handle FTP connections through NAT by tracking the control channel and dynamically opening required data ports. Without this helper, passive FTP connections may fail when clients are behind NAT.

GeoIpFiltering Pulumiverse.Unifi.Setting.Inputs.USGGeoIpFiltering

Geographic IP filtering configuration that allows blocking or allowing traffic based on country of origin. This feature uses IP geolocation databases to identify the country associated with IP addresses and apply filtering rules. Useful for implementing country-specific access policies or blocking traffic from high-risk regions. Requires controller version 7.0 or later.

GreModule bool

Enable the GRE (Generic Routing Encapsulation) protocol helper module. This module allows proper handling of GRE tunneling protocol through the gateway's firewall. GRE is commonly used for VPN tunnels and other encapsulation needs. Required if you plan to use PPTP VPNs (see pptp_module).

H323Module bool

Enable the H.323 protocol helper module. H.323 is a standard for multimedia communications (audio, video, and data) over packet-based networks. This helper allows H.323-based applications like video conferencing systems to work properly through NAT by tracking connection details and opening required ports.

IcmpTimeout int

ICMP timeout in seconds for connection tracking. This controls how long the gateway maintains state information for ICMP (ping) packets in its connection tracking table. Higher values maintain ICMP connection state longer, while lower values reclaim resources more quickly but may affect some diagnostic tools.

LldpEnableAll bool

Enable Link Layer Discovery Protocol (LLDP) on all interfaces. LLDP is a vendor-neutral protocol that allows network devices to advertise their identity, capabilities, and neighbors on a local network. When enabled, the gateway will both send and receive LLDP packets, facilitating network discovery and management tools.

MssClamp string

TCP Maximum Segment Size (MSS) clamping mode. MSS clamping adjusts the maximum segment size of TCP packets to prevent fragmentation issues when packets traverse networks with different MTU sizes. Valid values include:

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

MssClampMss int

Custom TCP Maximum Segment Size (MSS) value in bytes. This value is used when mss_clamp is set to custom. The MSS value should typically be set to the path MTU minus 40 bytes (for IPv4) or minus 60 bytes (for IPv6) to account for TCP/IP header overhead. Valid values range from 100 to 9999, with common values being 1460 (for standard 1500 MTU) or 1400 (for VPN tunnels).

MulticastDnsEnabled bool

Enable multicast DNS (mDNS/Bonjour/Avahi) forwarding across VLANs. This allows devices to discover services (like printers, Chromecasts, Apple devices, etc.) even when they are on different networks or VLANs. When enabled, the gateway will forward mDNS packets between networks, facilitating cross-VLAN service discovery. Note: This setting is not supported on UniFi OS v7+ as it has been replaced by mDNS settings in the network configuration.

OffloadAccounting bool

Enable hardware accounting offload. When enabled, the gateway will use hardware acceleration for traffic accounting functions, reducing CPU load and potentially improving throughput for high-traffic environments. This setting may not be supported on all hardware models.

OffloadL2Blocking bool

Enable hardware offload for Layer 2 (L2) blocking functions. When enabled, the gateway will use hardware acceleration for blocking traffic at the data link layer (MAC address level), which can improve performance when implementing MAC-based filtering or isolation. This setting may not be supported on all hardware models.

OffloadSch bool

Enable hardware scheduling offload. When enabled, the gateway will use hardware acceleration for packet scheduling functions, which can improve QoS (Quality of Service) performance and throughput for prioritized traffic. This setting may not be supported on all hardware models and may affect other hardware offload capabilities.

OtherTimeout int

Timeout (in seconds) for connection tracking of protocols other than TCP, UDP, and ICMP. This controls how long the gateway maintains state information for connections using other protocols. Higher values maintain connection state longer, while lower values reclaim resources more quickly but may affect some applications using non-standard protocols.

PptpModule bool

Enable the PPTP (Point-to-Point Tunneling Protocol) helper module. This module allows PPTP VPN connections to work properly through the gateway's firewall and NAT. PPTP uses GRE for tunneling, so the gre_module must also be enabled for PPTP to function correctly. Note that PPTP has known security vulnerabilities and more secure VPN protocols are generally recommended.

ReceiveRedirects bool

Enable accepting ICMP redirect messages. ICMP redirects are messages sent by routers to inform hosts of better routes to specific destinations. When enabled, the gateway will update its routing table based on these messages. While useful for route optimization, this can potentially be exploited for man-in-the-middle attacks, so it's often disabled in security-sensitive environments.

SendRedirects bool

Enable sending ICMP redirect messages. When enabled, the gateway will send ICMP redirect messages to hosts on the local network to inform them of better routes to specific destinations. This can help optimize network traffic but is typically only needed when the gateway has multiple interfaces on the same subnet or in complex routing scenarios.

SipModule bool

Enable the SIP (Session Initiation Protocol) helper module. SIP is used for initiating, maintaining, and terminating real-time sessions for voice, video, and messaging applications (VoIP, video conferencing). This helper allows SIP-based applications to work correctly through NAT by tracking SIP connections and dynamically opening the necessary ports for media streams.

Site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

SynCookies bool

Enable SYN cookies to protect against SYN flood attacks. SYN cookies are a technique that helps mitigate TCP SYN flood attacks by avoiding the need to track incomplete connections in a backlog queue. When enabled, the gateway can continue to establish legitimate connections even when under a SYN flood attack. This is a recommended security setting for internet-facing gateways.

TcpTimeouts Pulumiverse.Unifi.Setting.Inputs.USGTcpTimeouts

TCP connection timeout settings for various TCP connection states. These settings control how long the gateway maintains state information for TCP connections in different states before removing them from the connection tracking table. Proper timeout values balance resource usage with connection reliability. These settings are particularly relevant when timeout_setting_preference is set to manual.

TftpModule bool

Enable the TFTP (Trivial File Transfer Protocol) helper module. This module allows TFTP connections to work properly through the gateway's firewall and NAT. TFTP is commonly used for firmware updates, configuration file transfers, and network booting of devices. The helper tracks TFTP connections and ensures return traffic is properly handled.

TimeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

When set to manual, you should specify values for the various timeout settings like tcp_timeouts, udp_stream_timeout, udp_other_timeout, icmp_timeout, and other_timeout. Requires controller version 7.0 or later.

UdpOtherTimeout int

Timeout (in seconds) for general UDP connections. Since UDP is connectionless, this timeout determines how long the gateway maintains state information for UDP packets that don't match the criteria for stream connections. This applies to most short-lived UDP communications like DNS queries. Lower values free resources more quickly but may affect some applications that expect longer session persistence.

UdpStreamTimeout int

Timeout (in seconds) for UDP stream connections. This applies to UDP traffic patterns that resemble ongoing streams, such as VoIP calls, video streaming, or online gaming. The gateway identifies these based on traffic patterns and maintains state information longer than for regular UDP traffic. Higher values improve reliability for streaming applications but consume more connection tracking resources.

UnbindWanMonitors bool

Unbind WAN monitors to prevent unnecessary traffic. When enabled, the gateway will stop certain monitoring processes that periodically check WAN connectivity. This can reduce unnecessary traffic on metered connections or in environments where the monitoring traffic might trigger security alerts. However, disabling these monitors may affect the gateway's ability to detect and respond to WAN connectivity issues. Requires controller version 9.0 or later.

Upnp Pulumiverse.Unifi.Setting.Inputs.USGUpnp

UPNP (Universal Plug and Play) configuration settings. UPNP allows compatible applications and devices to automatically configure port forwarding rules on the gateway without manual intervention. This is commonly used by gaming consoles, media servers, VoIP applications, and other network services that require incoming connections.

ArpCacheBaseReachable int

ArpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

BroadcastPing bool

DhcpRelay USGDhcpRelayArgs

DhcpRelayServers []string

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

DhcpdHostfileUpdate bool

DhcpdUseDnsmasq bool

DnsVerification USGDnsVerificationArgs

DnsmasqAllServers bool

EchoServer string

FtpModule bool

GeoIpFiltering USGGeoIpFilteringArgs

GreModule bool

H323Module bool

IcmpTimeout int

LldpEnableAll bool

MssClamp string

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

MssClampMss int

MulticastDnsEnabled bool

OffloadAccounting bool

OffloadL2Blocking bool

OffloadSch bool

OtherTimeout int

PptpModule bool

ReceiveRedirects bool

SendRedirects bool

SipModule bool

Site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

SynCookies bool

TcpTimeouts USGTcpTimeoutsArgs

TftpModule bool

TimeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

UdpOtherTimeout int

UdpStreamTimeout int

UnbindWanMonitors bool

Upnp USGUpnpArgs

arpCacheBaseReachable Integer

arpCacheTimeout String

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing Boolean

dhcpRelay USGDhcpRelay

dhcpRelayServers List<String>

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate Boolean

dhcpdUseDnsmasq Boolean

dnsVerification USGDnsVerification

dnsmasqAllServers Boolean

echoServer String

ftpModule Boolean

geoIpFiltering USGGeoIpFiltering

greModule Boolean

h323Module Boolean

icmpTimeout Integer

lldpEnableAll Boolean

mssClamp String

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss Integer

multicastDnsEnabled Boolean

offloadAccounting Boolean

offloadL2Blocking Boolean

offloadSch Boolean

otherTimeout Integer

pptpModule Boolean

receiveRedirects Boolean

sendRedirects Boolean

sipModule Boolean

site String

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies Boolean

tcpTimeouts USGTcpTimeouts

tftpModule Boolean

timeoutSettingPreference String

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout Integer

udpStreamTimeout Integer

unbindWanMonitors Boolean

upnp USGUpnp

arpCacheBaseReachable number

arpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing boolean

dhcpRelay USGDhcpRelay

dhcpRelayServers string[]

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate boolean

dhcpdUseDnsmasq boolean

dnsVerification USGDnsVerification

dnsmasqAllServers boolean

echoServer string

ftpModule boolean

geoIpFiltering USGGeoIpFiltering

greModule boolean

h323Module boolean

icmpTimeout number

lldpEnableAll boolean

mssClamp string

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss number

multicastDnsEnabled boolean

offloadAccounting boolean

offloadL2Blocking boolean

offloadSch boolean

otherTimeout number

pptpModule boolean

receiveRedirects boolean

sendRedirects boolean

sipModule boolean

site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies boolean

tcpTimeouts USGTcpTimeouts

tftpModule boolean

timeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout number

udpStreamTimeout number

unbindWanMonitors boolean

upnp USGUpnp

arp_cache_base_reachable int

arp_cache_timeout str

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcast_ping bool

dhcp_relay USGDhcpRelayArgs

dhcp_relay_servers Sequence[str]

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpd_hostfile_update bool

dhcpd_use_dnsmasq bool

dns_verification USGDnsVerificationArgs

dnsmasq_all_servers bool

echo_server str

ftp_module bool

geo_ip_filtering USGGeoIpFilteringArgs

gre_module bool

h323_module bool

icmp_timeout int

lldp_enable_all bool

mss_clamp str

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mss_clamp_mss int

multicast_dns_enabled bool

offload_accounting bool

offload_l2_blocking bool

offload_sch bool

other_timeout int

pptp_module bool

receive_redirects bool

send_redirects bool

sip_module bool

site str

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

syn_cookies bool

tcp_timeouts USGTcpTimeoutsArgs

tftp_module bool

timeout_setting_preference str

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udp_other_timeout int

udp_stream_timeout int

unbind_wan_monitors bool

upnp USGUpnpArgs

arpCacheBaseReachable Number

arpCacheTimeout String

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing Boolean

dhcpRelay Property Map

dhcpRelayServers List<String>

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate Boolean

dhcpdUseDnsmasq Boolean

dnsVerification Property Map

dnsmasqAllServers Boolean

echoServer String

ftpModule Boolean

geoIpFiltering Property Map

greModule Boolean

h323Module Boolean

icmpTimeout Number

lldpEnableAll Boolean

mssClamp String

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss Number

multicastDnsEnabled Boolean

offloadAccounting Boolean

offloadL2Blocking Boolean

offloadSch Boolean

otherTimeout Number

pptpModule Boolean

receiveRedirects Boolean

sendRedirects Boolean

sipModule Boolean

site String

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies Boolean

tcpTimeouts Property Map

tftpModule Boolean

timeoutSettingPreference String

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout Number

udpStreamTimeout Number

unbindWanMonitors Boolean

upnp Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the USG resource produces the following output properties:

GeoIpFilteringEnabled bool: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
Id string: The provider-assigned unique ID for this managed resource.
UpnpEnabled bool: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

GeoIpFilteringEnabled bool: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
Id string: The provider-assigned unique ID for this managed resource.
UpnpEnabled bool: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

geoIpFilteringEnabled Boolean: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
id String: The provider-assigned unique ID for this managed resource.
upnpEnabled Boolean: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

geoIpFilteringEnabled boolean: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
id string: The provider-assigned unique ID for this managed resource.
upnpEnabled boolean: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

geo_ip_filtering_enabled bool: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
id str: The provider-assigned unique ID for this managed resource.
upnp_enabled bool: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

geoIpFilteringEnabled Boolean: Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based
id String: The provider-assigned unique ID for this managed resource.
upnpEnabled Boolean: Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

Look up Existing USG Resource

Get an existing USG resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: USGState, opts?: CustomResourceOptions): USG

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arp_cache_base_reachable: Optional[int] = None,
        arp_cache_timeout: Optional[str] = None,
        broadcast_ping: Optional[bool] = None,
        dhcp_relay: Optional[USGDhcpRelayArgs] = None,
        dhcp_relay_servers: Optional[Sequence[str]] = None,
        dhcpd_hostfile_update: Optional[bool] = None,
        dhcpd_use_dnsmasq: Optional[bool] = None,
        dns_verification: Optional[USGDnsVerificationArgs] = None,
        dnsmasq_all_servers: Optional[bool] = None,
        echo_server: Optional[str] = None,
        ftp_module: Optional[bool] = None,
        geo_ip_filtering: Optional[USGGeoIpFilteringArgs] = None,
        geo_ip_filtering_enabled: Optional[bool] = None,
        gre_module: Optional[bool] = None,
        h323_module: Optional[bool] = None,
        icmp_timeout: Optional[int] = None,
        lldp_enable_all: Optional[bool] = None,
        mss_clamp: Optional[str] = None,
        mss_clamp_mss: Optional[int] = None,
        multicast_dns_enabled: Optional[bool] = None,
        offload_accounting: Optional[bool] = None,
        offload_l2_blocking: Optional[bool] = None,
        offload_sch: Optional[bool] = None,
        other_timeout: Optional[int] = None,
        pptp_module: Optional[bool] = None,
        receive_redirects: Optional[bool] = None,
        send_redirects: Optional[bool] = None,
        sip_module: Optional[bool] = None,
        site: Optional[str] = None,
        syn_cookies: Optional[bool] = None,
        tcp_timeouts: Optional[USGTcpTimeoutsArgs] = None,
        tftp_module: Optional[bool] = None,
        timeout_setting_preference: Optional[str] = None,
        udp_other_timeout: Optional[int] = None,
        udp_stream_timeout: Optional[int] = None,
        unbind_wan_monitors: Optional[bool] = None,
        upnp: Optional[USGUpnpArgs] = None,
        upnp_enabled: Optional[bool] = None) -> USG

func GetUSG(ctx *Context, name string, id IDInput, state *USGState, opts ...ResourceOption) (*USG, error)

public static USG Get(string name, Input<string> id, USGState? state, CustomResourceOptions? opts = null)

public static USG get(String name, Output<String> id, USGState state, CustomResourceOptions options)

resources:  _:    type: unifi:setting:USG    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ArpCacheBaseReachable int

ArpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

BroadcastPing bool

DhcpRelay Pulumiverse.Unifi.Setting.Inputs.USGDhcpRelay

DhcpRelayServers List<string>

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

DhcpdHostfileUpdate bool

DhcpdUseDnsmasq bool

DnsVerification Pulumiverse.Unifi.Setting.Inputs.USGDnsVerification

DnsmasqAllServers bool

EchoServer string

FtpModule bool

GeoIpFiltering Pulumiverse.Unifi.Setting.Inputs.USGGeoIpFiltering

GeoIpFilteringEnabled bool

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

GreModule bool

H323Module bool

IcmpTimeout int

LldpEnableAll bool

MssClamp string

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

MssClampMss int

MulticastDnsEnabled bool

OffloadAccounting bool

OffloadL2Blocking bool

OffloadSch bool

OtherTimeout int

PptpModule bool

ReceiveRedirects bool

SendRedirects bool

SipModule bool

Site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

SynCookies bool

TcpTimeouts Pulumiverse.Unifi.Setting.Inputs.USGTcpTimeouts

TftpModule bool

TimeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

UdpOtherTimeout int

UdpStreamTimeout int

UnbindWanMonitors bool

Upnp Pulumiverse.Unifi.Setting.Inputs.USGUpnp

UpnpEnabled bool

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

ArpCacheBaseReachable int

ArpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

BroadcastPing bool

DhcpRelay USGDhcpRelayArgs

DhcpRelayServers []string

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

DhcpdHostfileUpdate bool

DhcpdUseDnsmasq bool

DnsVerification USGDnsVerificationArgs

DnsmasqAllServers bool

EchoServer string

FtpModule bool

GeoIpFiltering USGGeoIpFilteringArgs

GeoIpFilteringEnabled bool

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

GreModule bool

H323Module bool

IcmpTimeout int

LldpEnableAll bool

MssClamp string

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

MssClampMss int

MulticastDnsEnabled bool

OffloadAccounting bool

OffloadL2Blocking bool

OffloadSch bool

OtherTimeout int

PptpModule bool

ReceiveRedirects bool

SendRedirects bool

SipModule bool

Site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

SynCookies bool

TcpTimeouts USGTcpTimeoutsArgs

TftpModule bool

TimeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

UdpOtherTimeout int

UdpStreamTimeout int

UnbindWanMonitors bool

Upnp USGUpnpArgs

UpnpEnabled bool

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

arpCacheBaseReachable Integer

arpCacheTimeout String

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing Boolean

dhcpRelay USGDhcpRelay

dhcpRelayServers List<String>

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate Boolean

dhcpdUseDnsmasq Boolean

dnsVerification USGDnsVerification

dnsmasqAllServers Boolean

echoServer String

ftpModule Boolean

geoIpFiltering USGGeoIpFiltering

geoIpFilteringEnabled Boolean

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

greModule Boolean

h323Module Boolean

icmpTimeout Integer

lldpEnableAll Boolean

mssClamp String

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss Integer

multicastDnsEnabled Boolean

offloadAccounting Boolean

offloadL2Blocking Boolean

offloadSch Boolean

otherTimeout Integer

pptpModule Boolean

receiveRedirects Boolean

sendRedirects Boolean

sipModule Boolean

site String

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies Boolean

tcpTimeouts USGTcpTimeouts

tftpModule Boolean

timeoutSettingPreference String

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout Integer

udpStreamTimeout Integer

unbindWanMonitors Boolean

upnp USGUpnp

upnpEnabled Boolean

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

arpCacheBaseReachable number

arpCacheTimeout string

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing boolean

dhcpRelay USGDhcpRelay

dhcpRelayServers string[]

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate boolean

dhcpdUseDnsmasq boolean

dnsVerification USGDnsVerification

dnsmasqAllServers boolean

echoServer string

ftpModule boolean

geoIpFiltering USGGeoIpFiltering

geoIpFilteringEnabled boolean

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

greModule boolean

h323Module boolean

icmpTimeout number

lldpEnableAll boolean

mssClamp string

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss number

multicastDnsEnabled boolean

offloadAccounting boolean

offloadL2Blocking boolean

offloadSch boolean

otherTimeout number

pptpModule boolean

receiveRedirects boolean

sendRedirects boolean

sipModule boolean

site string

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies boolean

tcpTimeouts USGTcpTimeouts

tftpModule boolean

timeoutSettingPreference string

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout number

udpStreamTimeout number

unbindWanMonitors boolean

upnp USGUpnp

upnpEnabled boolean

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

arp_cache_base_reachable int

arp_cache_timeout str

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcast_ping bool

dhcp_relay USGDhcpRelayArgs

dhcp_relay_servers Sequence[str]

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpd_hostfile_update bool

dhcpd_use_dnsmasq bool

dns_verification USGDnsVerificationArgs

dnsmasq_all_servers bool

echo_server str

ftp_module bool

geo_ip_filtering USGGeoIpFilteringArgs

geo_ip_filtering_enabled bool

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

gre_module bool

h323_module bool

icmp_timeout int

lldp_enable_all bool

mss_clamp str

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mss_clamp_mss int

multicast_dns_enabled bool

offload_accounting bool

offload_l2_blocking bool

offload_sch bool

other_timeout int

pptp_module bool

receive_redirects bool

send_redirects bool

sip_module bool

site str

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

syn_cookies bool

tcp_timeouts USGTcpTimeoutsArgs

tftp_module bool

timeout_setting_preference str

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udp_other_timeout int

udp_stream_timeout int

unbind_wan_monitors bool

upnp USGUpnpArgs

upnp_enabled bool

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

arpCacheBaseReachable Number

arpCacheTimeout String

The timeout strategy for ARP cache entries. Valid values are:

normal - Use system default timeouts
min-dhcp-lease - Set ARP timeout to match the minimum DHCP lease time
custom - Use the custom timeout value specified in arp_cache_base_reachable

This setting determines how long MAC-to-IP mappings are stored in the ARP cache before being refreshed.

broadcastPing Boolean

dhcpRelay Property Map

dhcpRelayServers List<String>

Deprecated: This attribute is deprecated and will be removed in a future release. dhcp_relay.servers attribute will be introduced as a replacement.

dhcpdHostfileUpdate Boolean

dhcpdUseDnsmasq Boolean

dnsVerification Property Map

dnsmasqAllServers Boolean

echoServer String

ftpModule Boolean

geoIpFiltering Property Map

geoIpFilteringEnabled Boolean

Whether Geo IP Filtering is enabled. When enabled, the gateway will apply the specified country-based

greModule Boolean

h323Module Boolean

icmpTimeout Number

lldpEnableAll Boolean

mssClamp String

auto - Automatically determine appropriate MSS values based on interface MTUs
custom - Use the custom MSS value specified in mss_clamp_mss
disabled - Do not perform MSS clamping

This setting is particularly important for VPN connections and networks with non-standard MTU sizes.

mssClampMss Number

multicastDnsEnabled Boolean

offloadAccounting Boolean

offloadL2Blocking Boolean

offloadSch Boolean

otherTimeout Number

pptpModule Boolean

receiveRedirects Boolean

sendRedirects Boolean

sipModule Boolean

site String

The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.

synCookies Boolean

tcpTimeouts Property Map

tftpModule Boolean

timeoutSettingPreference String

Determines how connection timeout values are configured. Valid values are:

auto - The gateway will automatically determine appropriate timeout values based on system defaults
manual - Use the manually specified timeout values for various connection types

udpOtherTimeout Number

udpStreamTimeout Number

unbindWanMonitors Boolean

upnp Property Map

upnpEnabled Boolean

Whether UPNP is enabled. When enabled, the gateway will automatically forward ports for UPNP-compatible devices

Supporting Types

USGDhcpRelay, USGDhcpRelayArgs

AgentsPackets string

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

HopCount int

Maximum number of relay agents that can forward the DHCP packet before it is discarded. This prevents DHCP packets from being forwarded indefinitely in complex network topologies. Valid values range from 1 to 255, with lower values recommended for simpler networks.

MaxSize int

Maximum size (in bytes) of DHCP relay packets that will be forwarded. Packets exceeding this size will be truncated or dropped. Valid values range from 64 to 1400 bytes. The default is typically sufficient for most DHCP implementations, but may need adjustment if using extensive DHCP options or vendor-specific information.

Port int

UDP port number for the DHCP relay service to listen on. The standard DHCP server port is 67, but this can be customized if needed for specific network configurations. Valid values range from 1 to 65535. Ensure this doesn't conflict with other services running on the gateway.

AgentsPackets string

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

HopCount int

MaxSize int

Port int

agentsPackets String

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

hopCount Integer

maxSize Integer

port Integer

agentsPackets string

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

hopCount number

maxSize number

port number

agents_packets str

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

hop_count int

max_size int

port int

agentsPackets String

Specifies how to handle DHCP relay agent information in packets. Valid values are:

append - Add relay agent information to packets that may already contain it
discard - Drop packets that already contain relay agent information
forward - Forward packets regardless of relay agent information
replace - Replace existing relay agent information with the gateway's information

hopCount Number

maxSize Number

port Number

USGDnsVerification, USGDnsVerificationArgs

Domain string

The domain name to use for DNS verification tests. The gateway will query this domain when testing DNS server responses. This should be a reliable domain that is unlikely to change frequently. Required when setting_preference is set to manual.

PrimaryDnsServer string

The IP address of the primary trusted DNS server to use for verification. DNS responses will be compared against responses from this server to detect potential DNS spoofing. Required when setting_preference is set to manual. Must be a valid IPv4 address.

SecondaryDnsServer string

The IP address of the secondary trusted DNS server to use for verification. This server will be used if the primary server is unavailable. Optional even when setting_preference is set to manual. Must be a valid IPv4 address if specified.

SettingPreference string

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

Domain string

PrimaryDnsServer string

SecondaryDnsServer string

SettingPreference string

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

domain String

primaryDnsServer String

secondaryDnsServer String

settingPreference String

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

domain string

primaryDnsServer string

secondaryDnsServer string

settingPreference string

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

domain str

primary_dns_server str

secondary_dns_server str

setting_preference str

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

domain String

primaryDnsServer String

secondaryDnsServer String

settingPreference String

Determines how DNS verification servers are configured. Valid values are:

auto - The gateway will automatically select DNS servers for verification
manual - Use the manually specified primary_dns_server and optionally secondary_dns_server

When set to manual, you must also specify primary_dns_server and domain values.

USGGeoIpFiltering, USGGeoIpFilteringArgs

Countries List<string>

List of two-letter ISO 3166-1 alpha-2 country codes to block or allow, depending on the block setting. Must contain at least one country code when geo IP filtering is enabled. Country codes are case-insensitive but are typically written in uppercase.

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

Mode string

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

TrafficDirection string

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

This setting is useful for creating more granular filtering policies. For example, you might want to block incoming traffic from certain countries while still allowing outgoing connections to those same countries.

Countries []string

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

Mode string

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

TrafficDirection string

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

countries List<String>

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

mode String

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

trafficDirection String

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

countries string[]

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

mode string

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

trafficDirection string

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

countries Sequence[str]

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

mode str

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

traffic_direction str

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

countries List<String>

Examples:

['US', 'CA', 'MX'] - United States, Canada, and Mexico
['CN', 'RU', 'IR'] - China, Russia, and Iran
['GB', 'DE', 'FR'] - United Kingdom, Germany, and France

mode String

Specifies whether the selected countries should be blocked or allowed. Valid values are:

block (default) - Traffic from the specified countries will be blocked, while traffic from all other countries will be allowed
allow - Only traffic from the specified countries will be allowed, while traffic from all other countries will be blocked

This setting effectively determines whether the countries list functions as a blocklist or an allowlist.

trafficDirection String

Specifies which traffic direction the geo IP filtering applies to. Valid values are:

both (default) - Filters traffic in both directions (incoming and outgoing)
ingress - Filters only incoming traffic (from WAN to LAN)
egress - Filters only outgoing traffic (from LAN to WAN)

USGTcpTimeouts, USGTcpTimeoutsArgs

CloseTimeout int: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
CloseWaitTimeout int: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
EstablishedTimeout int: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
FinWaitTimeout int: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
LastAckTimeout int: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
SynRecvTimeout int: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
SynSentTimeout int: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
TimeWaitTimeout int: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

CloseTimeout int: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
CloseWaitTimeout int: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
EstablishedTimeout int: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
FinWaitTimeout int: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
LastAckTimeout int: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
SynRecvTimeout int: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
SynSentTimeout int: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
TimeWaitTimeout int: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

closeTimeout Integer: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
closeWaitTimeout Integer: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
establishedTimeout Integer: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
finWaitTimeout Integer: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
lastAckTimeout Integer: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
synRecvTimeout Integer: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
synSentTimeout Integer: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
timeWaitTimeout Integer: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

closeTimeout number: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
closeWaitTimeout number: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
establishedTimeout number: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
finWaitTimeout number: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
lastAckTimeout number: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
synRecvTimeout number: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
synSentTimeout number: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
timeWaitTimeout number: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

close_timeout int: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
close_wait_timeout int: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
established_timeout int: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
fin_wait_timeout int: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
last_ack_timeout int: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
syn_recv_timeout int: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
syn_sent_timeout int: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
time_wait_timeout int: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

closeTimeout Number: Timeout (in seconds) for TCP connections in the CLOSE state. The CLOSE state occurs when a connection is being terminated but may still have packets in transit. Lower values reclaim resources more quickly, while higher values ensure all packets are properly processed during connection termination.
closeWaitTimeout Number: Timeout (in seconds) for TCP connections in the CLOSE_WAIT state. The CLOSE_WAIT state occurs when the remote end has initiated connection termination, but the local application hasn't closed the connection yet. This timeout prevents resources from being held indefinitely if a local application fails to properly close its connection.
establishedTimeout Number: Timeout (in seconds) for TCP connections in the ESTABLISHED state. This is the most important TCP timeout as it determines how long idle but established connections are maintained in the connection tracking table. Higher values (e.g., 86400 = 24 hours) are suitable for long-lived connections, while lower values conserve resources but may cause issues with applications that maintain idle connections.
finWaitTimeout Number: Timeout (in seconds) for TCP connections in the FIN_WAIT state. The FIN_WAIT states occur during the normal TCP connection termination process after a FIN packet has been sent. This timeout prevents resources from being held if the connection termination process doesn't complete properly.
lastAckTimeout Number: Timeout (in seconds) for TCP connections in the LAST_ACK state. The LAST_ACK state occurs during connection termination when the remote end has sent a FIN, the local end has responded with a FIN and ACK, and is waiting for the final ACK from the remote end to complete the connection termination.
synRecvTimeout Number: Timeout (in seconds) for TCP connections in the SYN_RECV state. This state occurs during connection establishment after receiving a SYN packet and sending a SYN-ACK, but before receiving the final ACK to complete the three-way handshake. A lower timeout helps mitigate SYN flood attacks by releasing resources for incomplete connections more quickly.
synSentTimeout Number: Timeout (in seconds) for TCP connections in the SYN_SENT state. This state occurs during connection establishment after sending a SYN packet but before receiving a SYN-ACK response. This timeout determines how long the system will wait for a response to connection attempts before giving up.
timeWaitTimeout Number: Timeout (in seconds) for TCP connections in the TIME_WAIT state. The TIME_WAIT state occurs after a connection has been closed but is maintained to ensure any delayed packets are properly handled. The standard recommendation is 2 minutes (120 seconds), but can be reduced in high-connection environments to free resources more quickly at the risk of potential connection issues if delayed packets arrive.

USGUpnp, USGUpnpArgs

NatPmpEnabled bool

Enable NAT-PMP (NAT Port Mapping Protocol) support alongside UPNP. NAT-PMP is Apple's alternative to UPNP, providing similar automatic port mapping capabilities. When enabled, Apple devices like Macs, iPhones, and iPads can automatically configure port forwarding for services like AirPlay, FaceTime, iMessage, and other Apple services. Defaults to false.

SecureMode bool

Enable secure mode for UPNP. In secure mode, the gateway only forwards ports to the device that specifically requested them, enhancing security. This prevents malicious applications from redirecting ports to different devices than intended. It's strongly recommended to enable this setting when using UPNP to minimize security risks. Defaults to false.

WanInterface string

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

This setting is particularly relevant for dual-WAN setups where you may want to direct UPNP traffic through a specific WAN connection. If your gateway only has a single WAN interface, use the default WAN setting.

NatPmpEnabled bool

SecureMode bool

WanInterface string

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

natPmpEnabled Boolean

secureMode Boolean

wanInterface String

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

natPmpEnabled boolean

secureMode boolean

wanInterface string

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

nat_pmp_enabled bool

secure_mode bool

wan_interface str

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

natPmpEnabled Boolean

secureMode Boolean

wanInterface String

Specify which WAN interface to use for UPNP service. Valid values are:

WAN (default) - Use the primary WAN interface for UPNP port forwarding
WAN2 - Use the secondary WAN interface for UPNP port forwarding (if available)

Package Details

Repository: unifi pulumiverse/pulumi-unifi
License: Apache-2.0
Notes: This Pulumi package is based on the unifi Terraform Provider.

Viewing docs for Unifi v0.2.0
published on Tuesday, Feb 17, 2026 by Pulumiverse

Schema (JSON)

pulumiverse/pulumi-unifi

On this page

On this page

Example Usage

Create USG Resource

Constructor syntax

Parameters

Constructor example

USG Resource Properties

Inputs

Outputs

Look up Existing USG Resource

Supporting Types

USGDhcpRelay, USGDhcpRelayArgs

USGDnsVerification, USGDnsVerificationArgs

USGGeoIpFiltering, USGGeoIpFilteringArgs

USGTcpTimeouts, USGTcpTimeoutsArgs

USGUpnp, USGUpnpArgs

Package Details

On this page

On this page