Docs Home
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
fortimanager.ObjectFirewallVip6DynamicMapping
Explore with Pulumi AI
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
Configure virtual IP for IPv6.
This resource is a sub resource for variable
dynamic_mappingof resourcefortimanager.ObjectFirewallVip6. Conflict and overwrite may occur if use both of them. The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
realservers:fortimanager_object_firewall_vip6_dynamic_mapping_realserversssl_cipher_suites:fortimanager_object_firewall_vip6_dynamic_mapping_sslciphersuites
Create ObjectFirewallVip6DynamicMapping Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectFirewallVip6DynamicMapping(name: string, args: ObjectFirewallVip6DynamicMappingArgs, opts?: CustomResourceOptions);@overload
def ObjectFirewallVip6DynamicMapping(resource_name: str,
args: ObjectFirewallVip6DynamicMappingInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectFirewallVip6DynamicMapping(resource_name: str,
opts: Optional[ResourceOptions] = None,
vip6: Optional[str] = None,
_scopes: Optional[Sequence[ObjectFirewallVip6DynamicMapping_ScopeArgs]] = None,
add_nat64_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
client_cert: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
empty_cert_action: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedip: Optional[str] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
object_firewall_vip6_dynamic_mapping_id: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallVip6DynamicMappingRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
user_agent_detect: Optional[str] = None,
uuid: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None)func NewObjectFirewallVip6DynamicMapping(ctx *Context, name string, args ObjectFirewallVip6DynamicMappingArgs, opts ...ResourceOption) (*ObjectFirewallVip6DynamicMapping, error)public ObjectFirewallVip6DynamicMapping(string name, ObjectFirewallVip6DynamicMappingArgs args, CustomResourceOptions? opts = null)public ObjectFirewallVip6DynamicMapping(String name, ObjectFirewallVip6DynamicMappingArgs args)
public ObjectFirewallVip6DynamicMapping(String name, ObjectFirewallVip6DynamicMappingArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallVip6DynamicMapping
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVip6DynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ObjectFirewallVip6DynamicMappingInitArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVip6DynamicMappingArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVip6DynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectFirewallVip6DynamicMappingArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectFirewallVip6DynamicMappingResource = new Fortimanager.ObjectFirewallVip6DynamicMapping("objectFirewallVip6DynamicMappingResource", new()
{
Vip6 = "string",
_scopes = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AddNat64Route = "string",
Adom = "string",
ArpReply = "string",
ClientCert = "string",
Color = 0,
Comment = "string",
DynamicSortSubtable = "string",
EmbeddedIpv4Address = "string",
EmptyCertAction = "string",
Extip = "string",
Extport = "string",
Fosid = 0,
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpRedirect = "string",
HttpsCookieSecure = "string",
Ipv4Mappedip = "string",
Ipv4Mappedport = "string",
LdbMethod = "string",
Mappedip = "string",
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitor = "string",
Nat64 = "string",
Nat66 = "string",
NatSourceVip = "string",
NdpReply = "string",
ObjectFirewallVip6DynamicMappingId = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
Protocol = "string",
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMappingRealserverArgs
{
ClientIp = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Status = "string",
TranslateHost = "string",
Weight = 0,
},
},
Scopetype = "string",
ServerType = "string",
SrcFilters = new[]
{
"string",
},
SrcVipFilter = "string",
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Type = "string",
UserAgentDetect = "string",
Uuid = "string",
WeblogicServer = "string",
WebsphereServer = "string",
});
example, err := fortimanager.NewObjectFirewallVip6DynamicMapping(ctx, "objectFirewallVip6DynamicMappingResource", &fortimanager.ObjectFirewallVip6DynamicMappingArgs{
Vip6: pulumi.String("string"),
_scopes: .ObjectFirewallVip6DynamicMapping_ScopeArray{
&.ObjectFirewallVip6DynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AddNat64Route: pulumi.String("string"),
Adom: pulumi.String("string"),
ArpReply: pulumi.String("string"),
ClientCert: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EmbeddedIpv4Address: pulumi.String("string"),
EmptyCertAction: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Float64(0),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpRedirect: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv4Mappedip: pulumi.String("string"),
Ipv4Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
Mappedip: pulumi.String("string"),
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Nat64: pulumi.String("string"),
Nat66: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
NdpReply: pulumi.String("string"),
ObjectFirewallVip6DynamicMappingId: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
Protocol: pulumi.String("string"),
Realservers: .ObjectFirewallVip6DynamicMappingRealserverArray{
&.ObjectFirewallVip6DynamicMappingRealserverArgs{
ClientIp: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
Scopetype: pulumi.String("string"),
ServerType: pulumi.String("string"),
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVip6DynamicMappingSslCipherSuiteArray{
&.ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Type: pulumi.String("string"),
UserAgentDetect: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
var objectFirewallVip6DynamicMappingResource = new ObjectFirewallVip6DynamicMapping("objectFirewallVip6DynamicMappingResource", ObjectFirewallVip6DynamicMappingArgs.builder()
.vip6("string")
._scopes(ObjectFirewallVip6DynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.addNat64Route("string")
.adom("string")
.arpReply("string")
.clientCert("string")
.color(0)
.comment("string")
.dynamicSortSubtable("string")
.embeddedIpv4Address("string")
.emptyCertAction("string")
.extip("string")
.extport("string")
.fosid(0)
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpRedirect("string")
.httpsCookieSecure("string")
.ipv4Mappedip("string")
.ipv4Mappedport("string")
.ldbMethod("string")
.mappedip("string")
.mappedport("string")
.maxEmbryonicConnections(0)
.monitor("string")
.nat64("string")
.nat66("string")
.natSourceVip("string")
.ndpReply("string")
.objectFirewallVip6DynamicMappingId("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.protocol("string")
.realservers(ObjectFirewallVip6DynamicMappingRealserverArgs.builder()
.clientIp("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.status("string")
.translateHost("string")
.weight(0)
.build())
.scopetype("string")
.serverType("string")
.srcFilters("string")
.srcVipFilter("string")
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.type("string")
.userAgentDetect("string")
.uuid("string")
.weblogicServer("string")
.websphereServer("string")
.build());
object_firewall_vip6_dynamic_mapping_resource = fortimanager.ObjectFirewallVip6DynamicMapping("objectFirewallVip6DynamicMappingResource",
vip6="string",
_scopes=[{
"name": "string",
"vdom": "string",
}],
add_nat64_route="string",
adom="string",
arp_reply="string",
client_cert="string",
color=0,
comment="string",
dynamic_sort_subtable="string",
embedded_ipv4_address="string",
empty_cert_action="string",
extip="string",
extport="string",
fosid=0,
h2_support="string",
h3_support="string",
http_cookie_age=0,
http_cookie_domain="string",
http_cookie_domain_from_host="string",
http_cookie_generation=0,
http_cookie_path="string",
http_cookie_share="string",
http_ip_header="string",
http_ip_header_name="string",
http_multiplex="string",
http_redirect="string",
https_cookie_secure="string",
ipv4_mappedip="string",
ipv4_mappedport="string",
ldb_method="string",
mappedip="string",
mappedport="string",
max_embryonic_connections=0,
monitor="string",
nat64="string",
nat66="string",
nat_source_vip="string",
ndp_reply="string",
object_firewall_vip6_dynamic_mapping_id="string",
outlook_web_access="string",
persistence="string",
portforward="string",
protocol="string",
realservers=[{
"client_ip": "string",
"healthcheck": "string",
"holddown_interval": 0,
"http_host": "string",
"id": 0,
"ip": "string",
"max_connections": 0,
"monitor": "string",
"port": 0,
"status": "string",
"translate_host": "string",
"weight": 0,
}],
scopetype="string",
server_type="string",
src_filters=["string"],
src_vip_filter="string",
ssl_accept_ffdhe_groups="string",
ssl_algorithm="string",
ssl_certificate="string",
ssl_cipher_suites=[{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
ssl_client_fallback="string",
ssl_client_rekey_count=0,
ssl_client_renegotiation="string",
ssl_client_session_state_max=0,
ssl_client_session_state_timeout=0,
ssl_client_session_state_type="string",
ssl_dh_bits="string",
ssl_hpkp="string",
ssl_hpkp_age=0,
ssl_hpkp_backup="string",
ssl_hpkp_include_subdomains="string",
ssl_hpkp_primary="string",
ssl_hpkp_report_uri="string",
ssl_hsts="string",
ssl_hsts_age=0,
ssl_hsts_include_subdomains="string",
ssl_http_location_conversion="string",
ssl_http_match_host="string",
ssl_max_version="string",
ssl_min_version="string",
ssl_mode="string",
ssl_pfs="string",
ssl_send_empty_frags="string",
ssl_server_algorithm="string",
ssl_server_max_version="string",
ssl_server_min_version="string",
ssl_server_renegotiation="string",
ssl_server_session_state_max=0,
ssl_server_session_state_timeout=0,
ssl_server_session_state_type="string",
type="string",
user_agent_detect="string",
uuid="string",
weblogic_server="string",
websphere_server="string")
const objectFirewallVip6DynamicMappingResource = new fortimanager.ObjectFirewallVip6DynamicMapping("objectFirewallVip6DynamicMappingResource", {
vip6: "string",
_scopes: [{
name: "string",
vdom: "string",
}],
addNat64Route: "string",
adom: "string",
arpReply: "string",
clientCert: "string",
color: 0,
comment: "string",
dynamicSortSubtable: "string",
embeddedIpv4Address: "string",
emptyCertAction: "string",
extip: "string",
extport: "string",
fosid: 0,
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpRedirect: "string",
httpsCookieSecure: "string",
ipv4Mappedip: "string",
ipv4Mappedport: "string",
ldbMethod: "string",
mappedip: "string",
mappedport: "string",
maxEmbryonicConnections: 0,
monitor: "string",
nat64: "string",
nat66: "string",
natSourceVip: "string",
ndpReply: "string",
objectFirewallVip6DynamicMappingId: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
protocol: "string",
realservers: [{
clientIp: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
status: "string",
translateHost: "string",
weight: 0,
}],
scopetype: "string",
serverType: "string",
srcFilters: ["string"],
srcVipFilter: "string",
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
type: "string",
userAgentDetect: "string",
uuid: "string",
weblogicServer: "string",
websphereServer: "string",
});
type: fortimanager:ObjectFirewallVip6DynamicMapping
properties:
_scopes:
- name: string
vdom: string
addNat64Route: string
adom: string
arpReply: string
clientCert: string
color: 0
comment: string
dynamicSortSubtable: string
embeddedIpv4Address: string
emptyCertAction: string
extip: string
extport: string
fosid: 0
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpRedirect: string
httpsCookieSecure: string
ipv4Mappedip: string
ipv4Mappedport: string
ldbMethod: string
mappedip: string
mappedport: string
maxEmbryonicConnections: 0
monitor: string
nat64: string
nat66: string
natSourceVip: string
ndpReply: string
objectFirewallVip6DynamicMappingId: string
outlookWebAccess: string
persistence: string
portforward: string
protocol: string
realservers:
- clientIp: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
status: string
translateHost: string
weight: 0
scopetype: string
serverType: string
srcFilters:
- string
srcVipFilter: string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
type: string
userAgentDetect: string
uuid: string
vip6: string
weblogicServer: string
websphereServer: string
ObjectFirewallVip6DynamicMapping Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectFirewallVip6DynamicMapping resource accepts the following input properties:
- Vip6
This property is required. string - Vip6.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters List<string> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - User
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Vip6
This property is required. string - Vip6.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
[]Object
Firewall Vip6Dynamic Mapping Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters []string - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - User
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes []ObjectFirewall Vip6Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- vip6
This property is required. String - Vip6.
- _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert String - Enable/disable requesting client certificate. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert StringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent StringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip6
This property is required. string - Vip6.
- _
scopes ObjectFirewall Vip6Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip string
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Object
Firewall Vip6Dynamic Mapping Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters string[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip6
This property is required. str - Vip6.
- _
scopes Sequence[ObjectFirewall Vip6Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client_
cert str - Enable/disable requesting client certificate. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty_
cert_ straction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip str
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Nat-Source-Vip. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object_
firewall_ strvip6_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Sequence[Object
Firewall Vip6Dynamic Mapping Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src_
filters Sequence[str] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user_
agent_ strdetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip6
This property is required. String - Vip6.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert String - Enable/disable requesting client certificate. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert StringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent StringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectFirewallVip6DynamicMapping resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectFirewallVip6DynamicMapping Resource
Get an existing ObjectFirewallVip6DynamicMapping resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectFirewallVip6DynamicMappingState, opts?: CustomResourceOptions): ObjectFirewallVip6DynamicMapping@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_scopes: Optional[Sequence[ObjectFirewallVip6DynamicMapping_ScopeArgs]] = None,
add_nat64_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
client_cert: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
empty_cert_action: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedip: Optional[str] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
object_firewall_vip6_dynamic_mapping_id: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallVip6DynamicMappingRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
user_agent_detect: Optional[str] = None,
uuid: Optional[str] = None,
vip6: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None) -> ObjectFirewallVip6DynamicMappingfunc GetObjectFirewallVip6DynamicMapping(ctx *Context, name string, id IDInput, state *ObjectFirewallVip6DynamicMappingState, opts ...ResourceOption) (*ObjectFirewallVip6DynamicMapping, error)public static ObjectFirewallVip6DynamicMapping Get(string name, Input<string> id, ObjectFirewallVip6DynamicMappingState? state, CustomResourceOptions? opts = null)public static ObjectFirewallVip6DynamicMapping get(String name, Output<String> id, ObjectFirewallVip6DynamicMappingState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectFirewallVip6DynamicMapping get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters List<string> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - User
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vip6 string
- Vip6.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
[]Object
Firewall Vip6Dynamic Mapping Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters []string - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - User
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vip6 string
- Vip6.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes []ObjectFirewall Vip6Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert String - Enable/disable requesting client certificate. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert StringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent StringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip6 String
- Vip6.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes ObjectFirewall Vip6Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert string - Enable/disable requesting client certificate. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert stringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip string
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall stringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Object
Firewall Vip6Dynamic Mapping Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters string[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent stringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip6 string
- Vip6.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes Sequence[ObjectFirewall Vip6Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client_
cert str - Enable/disable requesting client certificate. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty_
cert_ straction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip str
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Nat-Source-Vip. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object_
firewall_ strvip6_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Sequence[Object
Firewall Vip6Dynamic Mapping Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src_
filters Sequence[str] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user_
agent_ strdetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip6 str
- Vip6.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - client
Cert String - Enable/disable requesting client certificate. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - empty
Cert StringAction - Action for an empty client certificate. Valid values:
accept,block,accept-unmanageable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - user
Agent StringDetect - Enable/disable detecting device type by HTTP user-agent if no client certificate is provided. Valid values:
disable,enable. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip6 String
- Vip6.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Supporting Types
ObjectFirewallVip6DynamicMappingRealserver, ObjectFirewallVip6DynamicMappingRealserverArgs
, ObjectFirewallVip6DynamicMappingRealserverArgs
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port double
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval float64 - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections float64 - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port float64
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Double
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip string - Only clients in this IP range can connect to this real server.
- healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- max
Connections number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client_
ip str - Only clients in this IP range can connect to this real server.
- healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval float - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- max_
connections float - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port float
- Port for communicating with the real server. Required if port forwarding is enabled.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallVip6DynamicMappingSslCipherSuite, ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs
, ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallVip6DynamicMapping_Scope, ObjectFirewallVip6DynamicMapping_ScopeArgs
, ObjectFirewallVip6DynamicMapping_ScopeArgs
Import
ObjectFirewall Vip6DynamicMapping can be imported using any of these accepted formats:
Set import_options = [“vip6=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectFirewallVip6DynamicMapping:ObjectFirewallVip6DynamicMapping labelname {{_scope.name}}.{{_scope.vdom}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev