Docs
PackagesFortios v0.0.5 published on Tuesday, Apr 9, 2024 by pulumiverse
fortios.firewall.Vip
Explore with Pulumi AI
Configure virtual IP for IPv4.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.firewall.Vip("trname", {
arpReply: "enable",
color: 0,
dnsMappingTtl: 0,
extintf: "any",
extip: "1.0.0.1-1.0.0.2",
extport: "0-65535",
fosid: 0,
httpCookieAge: 60,
httpCookieDomainFromHost: "disable",
httpCookieGeneration: 0,
httpCookieShare: "same-ip",
httpIpHeader: "disable",
httpMultiplex: "disable",
httpsCookieSecure: "disable",
ldbMethod: "static",
mappedips: [{
range: "3.0.0.0-3.0.0.1",
}],
mappedport: "0-65535",
maxEmbryonicConnections: 1000,
natSourceVip: "disable",
outlookWebAccess: "disable",
persistence: "none",
portforward: "disable",
portmappingType: "1-to-1",
protocol: "tcp",
sslAlgorithm: "high",
sslClientFallback: "enable",
sslClientRenegotiation: "secure",
sslClientSessionStateMax: 1000,
sslClientSessionStateTimeout: 30,
sslClientSessionStateType: "both",
sslDhBits: "2048",
sslHpkp: "disable",
sslHpkpAge: 5184000,
sslHpkpIncludeSubdomains: "disable",
sslHsts: "disable",
sslHstsAge: 5184000,
sslHstsIncludeSubdomains: "disable",
sslHttpLocationConversion: "disable",
sslHttpMatchHost: "enable",
sslMaxVersion: "tls-1.2",
sslMinVersion: "tls-1.1",
sslMode: "half",
sslPfs: "require",
sslSendEmptyFrags: "enable",
sslServerAlgorithm: "client",
sslServerMaxVersion: "client",
sslServerMinVersion: "client",
sslServerSessionStateMax: 100,
sslServerSessionStateTimeout: 60,
sslServerSessionStateType: "both",
type: "static-nat",
weblogicServer: "disable",
websphereServer: "disable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.firewall.Vip("trname",
arp_reply="enable",
color=0,
dns_mapping_ttl=0,
extintf="any",
extip="1.0.0.1-1.0.0.2",
extport="0-65535",
fosid=0,
http_cookie_age=60,
http_cookie_domain_from_host="disable",
http_cookie_generation=0,
http_cookie_share="same-ip",
http_ip_header="disable",
http_multiplex="disable",
https_cookie_secure="disable",
ldb_method="static",
mappedips=[fortios.firewall.VipMappedipArgs(
range="3.0.0.0-3.0.0.1",
)],
mappedport="0-65535",
max_embryonic_connections=1000,
nat_source_vip="disable",
outlook_web_access="disable",
persistence="none",
portforward="disable",
portmapping_type="1-to-1",
protocol="tcp",
ssl_algorithm="high",
ssl_client_fallback="enable",
ssl_client_renegotiation="secure",
ssl_client_session_state_max=1000,
ssl_client_session_state_timeout=30,
ssl_client_session_state_type="both",
ssl_dh_bits="2048",
ssl_hpkp="disable",
ssl_hpkp_age=5184000,
ssl_hpkp_include_subdomains="disable",
ssl_hsts="disable",
ssl_hsts_age=5184000,
ssl_hsts_include_subdomains="disable",
ssl_http_location_conversion="disable",
ssl_http_match_host="enable",
ssl_max_version="tls-1.2",
ssl_min_version="tls-1.1",
ssl_mode="half",
ssl_pfs="require",
ssl_send_empty_frags="enable",
ssl_server_algorithm="client",
ssl_server_max_version="client",
ssl_server_min_version="client",
ssl_server_session_state_max=100,
ssl_server_session_state_timeout=60,
ssl_server_session_state_type="both",
type="static-nat",
weblogic_server="disable",
websphere_server="disable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewVip(ctx, "trname", &firewall.VipArgs{
ArpReply: pulumi.String("enable"),
Color: pulumi.Int(0),
DnsMappingTtl: pulumi.Int(0),
Extintf: pulumi.String("any"),
Extip: pulumi.String("1.0.0.1-1.0.0.2"),
Extport: pulumi.String("0-65535"),
Fosid: pulumi.Int(0),
HttpCookieAge: pulumi.Int(60),
HttpCookieDomainFromHost: pulumi.String("disable"),
HttpCookieGeneration: pulumi.Int(0),
HttpCookieShare: pulumi.String("same-ip"),
HttpIpHeader: pulumi.String("disable"),
HttpMultiplex: pulumi.String("disable"),
HttpsCookieSecure: pulumi.String("disable"),
LdbMethod: pulumi.String("static"),
Mappedips: firewall.VipMappedipArray{
&firewall.VipMappedipArgs{
Range: pulumi.String("3.0.0.0-3.0.0.1"),
},
},
Mappedport: pulumi.String("0-65535"),
MaxEmbryonicConnections: pulumi.Int(1000),
NatSourceVip: pulumi.String("disable"),
OutlookWebAccess: pulumi.String("disable"),
Persistence: pulumi.String("none"),
Portforward: pulumi.String("disable"),
PortmappingType: pulumi.String("1-to-1"),
Protocol: pulumi.String("tcp"),
SslAlgorithm: pulumi.String("high"),
SslClientFallback: pulumi.String("enable"),
SslClientRenegotiation: pulumi.String("secure"),
SslClientSessionStateMax: pulumi.Int(1000),
SslClientSessionStateTimeout: pulumi.Int(30),
SslClientSessionStateType: pulumi.String("both"),
SslDhBits: pulumi.String("2048"),
SslHpkp: pulumi.String("disable"),
SslHpkpAge: pulumi.Int(5184000),
SslHpkpIncludeSubdomains: pulumi.String("disable"),
SslHsts: pulumi.String("disable"),
SslHstsAge: pulumi.Int(5184000),
SslHstsIncludeSubdomains: pulumi.String("disable"),
SslHttpLocationConversion: pulumi.String("disable"),
SslHttpMatchHost: pulumi.String("enable"),
SslMaxVersion: pulumi.String("tls-1.2"),
SslMinVersion: pulumi.String("tls-1.1"),
SslMode: pulumi.String("half"),
SslPfs: pulumi.String("require"),
SslSendEmptyFrags: pulumi.String("enable"),
SslServerAlgorithm: pulumi.String("client"),
SslServerMaxVersion: pulumi.String("client"),
SslServerMinVersion: pulumi.String("client"),
SslServerSessionStateMax: pulumi.Int(100),
SslServerSessionStateTimeout: pulumi.Int(60),
SslServerSessionStateType: pulumi.String("both"),
Type: pulumi.String("static-nat"),
WeblogicServer: pulumi.String("disable"),
WebsphereServer: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Firewall.Vip("trname", new()
{
ArpReply = "enable",
Color = 0,
DnsMappingTtl = 0,
Extintf = "any",
Extip = "1.0.0.1-1.0.0.2",
Extport = "0-65535",
Fosid = 0,
HttpCookieAge = 60,
HttpCookieDomainFromHost = "disable",
HttpCookieGeneration = 0,
HttpCookieShare = "same-ip",
HttpIpHeader = "disable",
HttpMultiplex = "disable",
HttpsCookieSecure = "disable",
LdbMethod = "static",
Mappedips = new[]
{
new Fortios.Firewall.Inputs.VipMappedipArgs
{
Range = "3.0.0.0-3.0.0.1",
},
},
Mappedport = "0-65535",
MaxEmbryonicConnections = 1000,
NatSourceVip = "disable",
OutlookWebAccess = "disable",
Persistence = "none",
Portforward = "disable",
PortmappingType = "1-to-1",
Protocol = "tcp",
SslAlgorithm = "high",
SslClientFallback = "enable",
SslClientRenegotiation = "secure",
SslClientSessionStateMax = 1000,
SslClientSessionStateTimeout = 30,
SslClientSessionStateType = "both",
SslDhBits = "2048",
SslHpkp = "disable",
SslHpkpAge = 5184000,
SslHpkpIncludeSubdomains = "disable",
SslHsts = "disable",
SslHstsAge = 5184000,
SslHstsIncludeSubdomains = "disable",
SslHttpLocationConversion = "disable",
SslHttpMatchHost = "enable",
SslMaxVersion = "tls-1.2",
SslMinVersion = "tls-1.1",
SslMode = "half",
SslPfs = "require",
SslSendEmptyFrags = "enable",
SslServerAlgorithm = "client",
SslServerMaxVersion = "client",
SslServerMinVersion = "client",
SslServerSessionStateMax = 100,
SslServerSessionStateTimeout = 60,
SslServerSessionStateType = "both",
Type = "static-nat",
WeblogicServer = "disable",
WebsphereServer = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.firewall.Vip;
import com.pulumi.fortios.firewall.VipArgs;
import com.pulumi.fortios.firewall.inputs.VipMappedipArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Vip("trname", VipArgs.builder()
.arpReply("enable")
.color(0)
.dnsMappingTtl(0)
.extintf("any")
.extip("1.0.0.1-1.0.0.2")
.extport("0-65535")
.fosid(0)
.httpCookieAge(60)
.httpCookieDomainFromHost("disable")
.httpCookieGeneration(0)
.httpCookieShare("same-ip")
.httpIpHeader("disable")
.httpMultiplex("disable")
.httpsCookieSecure("disable")
.ldbMethod("static")
.mappedips(VipMappedipArgs.builder()
.range("3.0.0.0-3.0.0.1")
.build())
.mappedport("0-65535")
.maxEmbryonicConnections(1000)
.natSourceVip("disable")
.outlookWebAccess("disable")
.persistence("none")
.portforward("disable")
.portmappingType("1-to-1")
.protocol("tcp")
.sslAlgorithm("high")
.sslClientFallback("enable")
.sslClientRenegotiation("secure")
.sslClientSessionStateMax(1000)
.sslClientSessionStateTimeout(30)
.sslClientSessionStateType("both")
.sslDhBits("2048")
.sslHpkp("disable")
.sslHpkpAge(5184000)
.sslHpkpIncludeSubdomains("disable")
.sslHsts("disable")
.sslHstsAge(5184000)
.sslHstsIncludeSubdomains("disable")
.sslHttpLocationConversion("disable")
.sslHttpMatchHost("enable")
.sslMaxVersion("tls-1.2")
.sslMinVersion("tls-1.1")
.sslMode("half")
.sslPfs("require")
.sslSendEmptyFrags("enable")
.sslServerAlgorithm("client")
.sslServerMaxVersion("client")
.sslServerMinVersion("client")
.sslServerSessionStateMax(100)
.sslServerSessionStateTimeout(60)
.sslServerSessionStateType("both")
.type("static-nat")
.weblogicServer("disable")
.websphereServer("disable")
.build());
}
}
resources:
trname:
type: fortios:firewall:Vip
properties:
arpReply: enable
color: 0
dnsMappingTtl: 0
extintf: any
extip: 1.0.0.1-1.0.0.2
extport: 0-65535
fosid: 0
httpCookieAge: 60
httpCookieDomainFromHost: disable
httpCookieGeneration: 0
httpCookieShare: same-ip
httpIpHeader: disable
httpMultiplex: disable
httpsCookieSecure: disable
ldbMethod: static
mappedips:
- range: 3.0.0.0-3.0.0.1
mappedport: 0-65535
maxEmbryonicConnections: 1000
natSourceVip: disable
outlookWebAccess: disable
persistence: none
portforward: disable
portmappingType: 1-to-1
protocol: tcp
sslAlgorithm: high
sslClientFallback: enable
sslClientRenegotiation: secure
sslClientSessionStateMax: 1000
sslClientSessionStateTimeout: 30
sslClientSessionStateType: both
sslDhBits: '2048'
sslHpkp: disable
sslHpkpAge: 5.184e+06
sslHpkpIncludeSubdomains: disable
sslHsts: disable
sslHstsAge: 5.184e+06
sslHstsIncludeSubdomains: disable
sslHttpLocationConversion: disable
sslHttpMatchHost: enable
sslMaxVersion: tls-1.2
sslMinVersion: tls-1.1
sslMode: half
sslPfs: require
sslSendEmptyFrags: enable
sslServerAlgorithm: client
sslServerMaxVersion: client
sslServerMinVersion: client
sslServerSessionStateMax: 100
sslServerSessionStateTimeout: 60
sslServerSessionStateType: both
type: static-nat
weblogicServer: disable
websphereServer: disable
Create Vip Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vip(name: string, args?: VipArgs, opts?: CustomResourceOptions);@overload
def Vip(resource_name: str,
args: Optional[VipArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Vip(resource_name: str,
opts: Optional[ResourceOptions] = None,
add_nat46_route: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[int] = None,
comment: Optional[str] = None,
dns_mapping_ttl: Optional[int] = None,
dynamic_sort_subtable: Optional[str] = None,
extaddrs: Optional[Sequence[VipExtaddrArgs]] = None,
extintf: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[int] = None,
get_all_tables: Optional[str] = None,
gratuitous_arp_interval: Optional[int] = None,
gslb_domain_name: Optional[str] = None,
gslb_hostname: Optional[str] = None,
gslb_public_ips: Optional[Sequence[VipGslbPublicIpArgs]] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[int] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[int] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_multiplex_max_concurrent_request: Optional[int] = None,
http_multiplex_max_request: Optional[int] = None,
http_multiplex_ttl: Optional[int] = None,
http_redirect: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv6_mappedip: Optional[str] = None,
ipv6_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mapped_addr: Optional[str] = None,
mappedips: Optional[Sequence[VipMappedipArgs]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[int] = None,
monitors: Optional[Sequence[VipMonitorArgs]] = None,
name: Optional[str] = None,
nat44: Optional[str] = None,
nat46: Optional[str] = None,
nat_source_vip: Optional[str] = None,
one_click_gslb_server: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
portmapping_type: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[VipQuicArgs] = None,
realservers: Optional[Sequence[VipRealserverArgs]] = None,
server_type: Optional[str] = None,
services: Optional[Sequence[VipServiceArgs]] = None,
src_filters: Optional[Sequence[VipSrcFilterArgs]] = None,
srcintf_filters: Optional[Sequence[VipSrcintfFilterArgs]] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[VipSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[int] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[int] = None,
ssl_client_session_state_timeout: Optional[int] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[int] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[int] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[VipSslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[int] = None,
ssl_server_session_state_timeout: Optional[int] = None,
ssl_server_session_state_type: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None)func NewVip(ctx *Context, name string, args *VipArgs, opts ...ResourceOption) (*Vip, error)public Vip(string name, VipArgs? args = null, CustomResourceOptions? opts = null)type: fortios:firewall:Vip
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VipArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VipArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VipArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VipArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VipArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vipResource = new Fortios.Firewall.Vip("vipResource", new()
{
AddNat46Route = "string",
ArpReply = "string",
Color = 0,
Comment = "string",
DnsMappingTtl = 0,
DynamicSortSubtable = "string",
Extaddrs = new[]
{
new Fortios.Firewall.Inputs.VipExtaddrArgs
{
Name = "string",
},
},
Extintf = "string",
Extip = "string",
Extport = "string",
Fosid = 0,
GetAllTables = "string",
GratuitousArpInterval = 0,
GslbDomainName = "string",
GslbHostname = "string",
GslbPublicIps = new[]
{
new Fortios.Firewall.Inputs.VipGslbPublicIpArgs
{
Index = 0,
Ip = "string",
},
},
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpMultiplexMaxConcurrentRequest = 0,
HttpMultiplexMaxRequest = 0,
HttpMultiplexTtl = 0,
HttpRedirect = "string",
HttpSupportedMaxVersion = "string",
HttpsCookieSecure = "string",
Ipv6Mappedip = "string",
Ipv6Mappedport = "string",
LdbMethod = "string",
MappedAddr = "string",
Mappedips = new[]
{
new Fortios.Firewall.Inputs.VipMappedipArgs
{
Range = "string",
},
},
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitors = new[]
{
new Fortios.Firewall.Inputs.VipMonitorArgs
{
Name = "string",
},
},
Name = "string",
Nat44 = "string",
Nat46 = "string",
NatSourceVip = "string",
OneClickGslbServer = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
PortmappingType = "string",
Protocol = "string",
Quic = new Fortios.Firewall.Inputs.VipQuicArgs
{
AckDelayExponent = 0,
ActiveConnectionIdLimit = 0,
ActiveMigration = "string",
GreaseQuicBit = "string",
MaxAckDelay = 0,
MaxDatagramFrameSize = 0,
MaxIdleTimeout = 0,
MaxUdpPayloadSize = 0,
},
Realservers = new[]
{
new Fortios.Firewall.Inputs.VipRealserverArgs
{
Address = "string",
ClientIp = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Status = "string",
TranslateHost = "string",
Type = "string",
Weight = 0,
},
},
ServerType = "string",
Services = new[]
{
new Fortios.Firewall.Inputs.VipServiceArgs
{
Name = "string",
},
},
SrcFilters = new[]
{
new Fortios.Firewall.Inputs.VipSrcFilterArgs
{
Range = "string",
},
},
SrcintfFilters = new[]
{
new Fortios.Firewall.Inputs.VipSrcintfFilterArgs
{
InterfaceName = "string",
},
},
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortios.Firewall.Inputs.VipSslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = "string",
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerCipherSuites = new[]
{
new Fortios.Firewall.Inputs.VipSslServerCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = "string",
},
},
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Status = "string",
Type = "string",
Uuid = "string",
Vdomparam = "string",
WeblogicServer = "string",
WebsphereServer = "string",
});
example, err := firewall.NewVip(ctx, "vipResource", &firewall.VipArgs{
AddNat46Route: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Int(0),
Comment: pulumi.String("string"),
DnsMappingTtl: pulumi.Int(0),
DynamicSortSubtable: pulumi.String("string"),
Extaddrs: firewall.VipExtaddrArray{
&firewall.VipExtaddrArgs{
Name: pulumi.String("string"),
},
},
Extintf: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Int(0),
GetAllTables: pulumi.String("string"),
GratuitousArpInterval: pulumi.Int(0),
GslbDomainName: pulumi.String("string"),
GslbHostname: pulumi.String("string"),
GslbPublicIps: firewall.VipGslbPublicIpArray{
&firewall.VipGslbPublicIpArgs{
Index: pulumi.Int(0),
Ip: pulumi.String("string"),
},
},
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Int(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Int(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpMultiplexMaxConcurrentRequest: pulumi.Int(0),
HttpMultiplexMaxRequest: pulumi.Int(0),
HttpMultiplexTtl: pulumi.Int(0),
HttpRedirect: pulumi.String("string"),
HttpSupportedMaxVersion: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv6Mappedip: pulumi.String("string"),
Ipv6Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
MappedAddr: pulumi.String("string"),
Mappedips: firewall.VipMappedipArray{
&firewall.VipMappedipArgs{
Range: pulumi.String("string"),
},
},
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Int(0),
Monitors: firewall.VipMonitorArray{
&firewall.VipMonitorArgs{
Name: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Nat44: pulumi.String("string"),
Nat46: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
OneClickGslbServer: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
PortmappingType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Quic: &firewall.VipQuicArgs{
AckDelayExponent: pulumi.Int(0),
ActiveConnectionIdLimit: pulumi.Int(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Int(0),
MaxDatagramFrameSize: pulumi.Int(0),
MaxIdleTimeout: pulumi.Int(0),
MaxUdpPayloadSize: pulumi.Int(0),
},
Realservers: firewall.VipRealserverArray{
&firewall.VipRealserverArgs{
Address: pulumi.String("string"),
ClientIp: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Int(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Int(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Int(0),
Monitor: pulumi.String("string"),
Port: pulumi.Int(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
ServerType: pulumi.String("string"),
Services: firewall.VipServiceArray{
&firewall.VipServiceArgs{
Name: pulumi.String("string"),
},
},
SrcFilters: firewall.VipSrcFilterArray{
&firewall.VipSrcFilterArgs{
Range: pulumi.String("string"),
},
},
SrcintfFilters: firewall.VipSrcintfFilterArray{
&firewall.VipSrcintfFilterArgs{
InterfaceName: pulumi.String("string"),
},
},
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: firewall.VipSslCipherSuiteArray{
&firewall.VipSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Int(0),
Versions: pulumi.String("string"),
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Int(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Int(0),
SslClientSessionStateTimeout: pulumi.Int(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Int(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Int(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerCipherSuites: firewall.VipSslServerCipherSuiteArray{
&firewall.VipSslServerCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Int(0),
Versions: pulumi.String("string"),
},
},
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Int(0),
SslServerSessionStateTimeout: pulumi.Int(0),
SslServerSessionStateType: pulumi.String("string"),
Status: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
var vipResource = new Vip("vipResource", VipArgs.builder()
.addNat46Route("string")
.arpReply("string")
.color(0)
.comment("string")
.dnsMappingTtl(0)
.dynamicSortSubtable("string")
.extaddrs(VipExtaddrArgs.builder()
.name("string")
.build())
.extintf("string")
.extip("string")
.extport("string")
.fosid(0)
.getAllTables("string")
.gratuitousArpInterval(0)
.gslbDomainName("string")
.gslbHostname("string")
.gslbPublicIps(VipGslbPublicIpArgs.builder()
.index(0)
.ip("string")
.build())
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpMultiplexMaxConcurrentRequest(0)
.httpMultiplexMaxRequest(0)
.httpMultiplexTtl(0)
.httpRedirect("string")
.httpSupportedMaxVersion("string")
.httpsCookieSecure("string")
.ipv6Mappedip("string")
.ipv6Mappedport("string")
.ldbMethod("string")
.mappedAddr("string")
.mappedips(VipMappedipArgs.builder()
.range("string")
.build())
.mappedport("string")
.maxEmbryonicConnections(0)
.monitors(VipMonitorArgs.builder()
.name("string")
.build())
.name("string")
.nat44("string")
.nat46("string")
.natSourceVip("string")
.oneClickGslbServer("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.portmappingType("string")
.protocol("string")
.quic(VipQuicArgs.builder()
.ackDelayExponent(0)
.activeConnectionIdLimit(0)
.activeMigration("string")
.greaseQuicBit("string")
.maxAckDelay(0)
.maxDatagramFrameSize(0)
.maxIdleTimeout(0)
.maxUdpPayloadSize(0)
.build())
.realservers(VipRealserverArgs.builder()
.address("string")
.clientIp("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.status("string")
.translateHost("string")
.type("string")
.weight(0)
.build())
.serverType("string")
.services(VipServiceArgs.builder()
.name("string")
.build())
.srcFilters(VipSrcFilterArgs.builder()
.range("string")
.build())
.srcintfFilters(VipSrcintfFilterArgs.builder()
.interfaceName("string")
.build())
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(VipSslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerCipherSuites(VipSslServerCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.status("string")
.type("string")
.uuid("string")
.vdomparam("string")
.weblogicServer("string")
.websphereServer("string")
.build());
vip_resource = fortios.firewall.Vip("vipResource",
add_nat46_route="string",
arp_reply="string",
color=0,
comment="string",
dns_mapping_ttl=0,
dynamic_sort_subtable="string",
extaddrs=[fortios.firewall.VipExtaddrArgs(
name="string",
)],
extintf="string",
extip="string",
extport="string",
fosid=0,
get_all_tables="string",
gratuitous_arp_interval=0,
gslb_domain_name="string",
gslb_hostname="string",
gslb_public_ips=[fortios.firewall.VipGslbPublicIpArgs(
index=0,
ip="string",
)],
h2_support="string",
h3_support="string",
http_cookie_age=0,
http_cookie_domain="string",
http_cookie_domain_from_host="string",
http_cookie_generation=0,
http_cookie_path="string",
http_cookie_share="string",
http_ip_header="string",
http_ip_header_name="string",
http_multiplex="string",
http_multiplex_max_concurrent_request=0,
http_multiplex_max_request=0,
http_multiplex_ttl=0,
http_redirect="string",
http_supported_max_version="string",
https_cookie_secure="string",
ipv6_mappedip="string",
ipv6_mappedport="string",
ldb_method="string",
mapped_addr="string",
mappedips=[fortios.firewall.VipMappedipArgs(
range="string",
)],
mappedport="string",
max_embryonic_connections=0,
monitors=[fortios.firewall.VipMonitorArgs(
name="string",
)],
name="string",
nat44="string",
nat46="string",
nat_source_vip="string",
one_click_gslb_server="string",
outlook_web_access="string",
persistence="string",
portforward="string",
portmapping_type="string",
protocol="string",
quic=fortios.firewall.VipQuicArgs(
ack_delay_exponent=0,
active_connection_id_limit=0,
active_migration="string",
grease_quic_bit="string",
max_ack_delay=0,
max_datagram_frame_size=0,
max_idle_timeout=0,
max_udp_payload_size=0,
),
realservers=[fortios.firewall.VipRealserverArgs(
address="string",
client_ip="string",
healthcheck="string",
holddown_interval=0,
http_host="string",
id=0,
ip="string",
max_connections=0,
monitor="string",
port=0,
status="string",
translate_host="string",
type="string",
weight=0,
)],
server_type="string",
services=[fortios.firewall.VipServiceArgs(
name="string",
)],
src_filters=[fortios.firewall.VipSrcFilterArgs(
range="string",
)],
srcintf_filters=[fortios.firewall.VipSrcintfFilterArgs(
interface_name="string",
)],
ssl_accept_ffdhe_groups="string",
ssl_algorithm="string",
ssl_certificate="string",
ssl_cipher_suites=[fortios.firewall.VipSslCipherSuiteArgs(
cipher="string",
priority=0,
versions="string",
)],
ssl_client_fallback="string",
ssl_client_rekey_count=0,
ssl_client_renegotiation="string",
ssl_client_session_state_max=0,
ssl_client_session_state_timeout=0,
ssl_client_session_state_type="string",
ssl_dh_bits="string",
ssl_hpkp="string",
ssl_hpkp_age=0,
ssl_hpkp_backup="string",
ssl_hpkp_include_subdomains="string",
ssl_hpkp_primary="string",
ssl_hpkp_report_uri="string",
ssl_hsts="string",
ssl_hsts_age=0,
ssl_hsts_include_subdomains="string",
ssl_http_location_conversion="string",
ssl_http_match_host="string",
ssl_max_version="string",
ssl_min_version="string",
ssl_mode="string",
ssl_pfs="string",
ssl_send_empty_frags="string",
ssl_server_algorithm="string",
ssl_server_cipher_suites=[fortios.firewall.VipSslServerCipherSuiteArgs(
cipher="string",
priority=0,
versions="string",
)],
ssl_server_max_version="string",
ssl_server_min_version="string",
ssl_server_renegotiation="string",
ssl_server_session_state_max=0,
ssl_server_session_state_timeout=0,
ssl_server_session_state_type="string",
status="string",
type="string",
uuid="string",
vdomparam="string",
weblogic_server="string",
websphere_server="string")
const vipResource = new fortios.firewall.Vip("vipResource", {
addNat46Route: "string",
arpReply: "string",
color: 0,
comment: "string",
dnsMappingTtl: 0,
dynamicSortSubtable: "string",
extaddrs: [{
name: "string",
}],
extintf: "string",
extip: "string",
extport: "string",
fosid: 0,
getAllTables: "string",
gratuitousArpInterval: 0,
gslbDomainName: "string",
gslbHostname: "string",
gslbPublicIps: [{
index: 0,
ip: "string",
}],
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpMultiplexMaxConcurrentRequest: 0,
httpMultiplexMaxRequest: 0,
httpMultiplexTtl: 0,
httpRedirect: "string",
httpSupportedMaxVersion: "string",
httpsCookieSecure: "string",
ipv6Mappedip: "string",
ipv6Mappedport: "string",
ldbMethod: "string",
mappedAddr: "string",
mappedips: [{
range: "string",
}],
mappedport: "string",
maxEmbryonicConnections: 0,
monitors: [{
name: "string",
}],
name: "string",
nat44: "string",
nat46: "string",
natSourceVip: "string",
oneClickGslbServer: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
portmappingType: "string",
protocol: "string",
quic: {
ackDelayExponent: 0,
activeConnectionIdLimit: 0,
activeMigration: "string",
greaseQuicBit: "string",
maxAckDelay: 0,
maxDatagramFrameSize: 0,
maxIdleTimeout: 0,
maxUdpPayloadSize: 0,
},
realservers: [{
address: "string",
clientIp: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
status: "string",
translateHost: "string",
type: "string",
weight: 0,
}],
serverType: "string",
services: [{
name: "string",
}],
srcFilters: [{
range: "string",
}],
srcintfFilters: [{
interfaceName: "string",
}],
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: "string",
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerCipherSuites: [{
cipher: "string",
priority: 0,
versions: "string",
}],
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
status: "string",
type: "string",
uuid: "string",
vdomparam: "string",
weblogicServer: "string",
websphereServer: "string",
});
type: fortios:firewall:Vip
properties:
addNat46Route: string
arpReply: string
color: 0
comment: string
dnsMappingTtl: 0
dynamicSortSubtable: string
extaddrs:
- name: string
extintf: string
extip: string
extport: string
fosid: 0
getAllTables: string
gratuitousArpInterval: 0
gslbDomainName: string
gslbHostname: string
gslbPublicIps:
- index: 0
ip: string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpMultiplexMaxConcurrentRequest: 0
httpMultiplexMaxRequest: 0
httpMultiplexTtl: 0
httpRedirect: string
httpSupportedMaxVersion: string
httpsCookieSecure: string
ipv6Mappedip: string
ipv6Mappedport: string
ldbMethod: string
mappedAddr: string
mappedips:
- range: string
mappedport: string
maxEmbryonicConnections: 0
monitors:
- name: string
name: string
nat44: string
nat46: string
natSourceVip: string
oneClickGslbServer: string
outlookWebAccess: string
persistence: string
portforward: string
portmappingType: string
protocol: string
quic:
ackDelayExponent: 0
activeConnectionIdLimit: 0
activeMigration: string
greaseQuicBit: string
maxAckDelay: 0
maxDatagramFrameSize: 0
maxIdleTimeout: 0
maxUdpPayloadSize: 0
realservers:
- address: string
clientIp: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
status: string
translateHost: string
type: string
weight: 0
serverType: string
services:
- name: string
srcFilters:
- range: string
srcintfFilters:
- interfaceName: string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
priority: 0
versions: string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerCipherSuites:
- cipher: string
priority: 0
versions: string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
status: string
type: string
uuid: string
vdomparam: string
weblogicServer: string
websphereServer: string
Vip Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Vip resource accepts the following input properties:
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping intTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Extaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Extaddr> - External FQDN address name. The structure of
extaddrblock is documented below. - Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arp intInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- Gslb
Public List<Pulumiverse.Ips Fortios. Firewall. Inputs. Vip Gslb Public Ip> - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Multiplex intMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex intMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex intTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Mappedip> - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual IP name.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Quic
Pulumiverse.
Fortios. Firewall. Inputs. Vip Quic - QUIC setting. The structure of
quicblock is documented below. - Realservers
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Service> - Service name. The structure of
serviceblock is documented below. - Src
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip Src Filter> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Srcintf
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip Srcintf Filter> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<Pulumiverse.Suites Fortios. Firewall. Inputs. Vip Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server List<Pulumiverse.Cipher Suites Fortios. Firewall. Inputs. Vip Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Enable/disable VIP. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping intTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Extaddrs
[]Vip
Extaddr Args - External FQDN address name. The structure of
extaddrblock is documented below. - Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arp intInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- Gslb
Public []VipIps Gslb Public Ip Args - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Multiplex intMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex intMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex intTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips
[]Vip
Mappedip Args - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
[]Vip
Monitor Args - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual IP name.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Quic
Vip
Quic Args - QUIC setting. The structure of
quicblock is documented below. - Realservers
[]Vip
Realserver Args - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Services
[]Vip
Service Args - Service name. The structure of
serviceblock is documented below. - Src
Filters []VipSrc Filter Args - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Srcintf
Filters []VipSrcintf Filter Args - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []VipSuites Ssl Cipher Suite Args - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server []VipCipher Suites Ssl Server Cipher Suite Args - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Enable/disable VIP. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Integer
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping IntegerTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
List<Vip
Extaddr> - External FQDN address name. The structure of
extaddrblock is documented below. - extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Integer
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp IntegerInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- gslb
Public List<VipIps Gslb Public Ip> - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Integer
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Integer
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex IntegerMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex IntegerMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex IntegerTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips
List<Vip
Mappedip> - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic IntegerConnections - Maximum number of incomplete connections.
- monitors
List<Vip
Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual IP name.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic - QUIC setting. The structure of
quicblock is documented below. - realservers
List<Vip
Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
List<Vip
Service> - Service name. The structure of
serviceblock is documented below. - src
Filters List<VipSrc Filter> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters List<VipSrcintf Filter> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<VipSuites Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client IntegerRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client IntegerSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client IntegerSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp IntegerAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts IntegerAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<VipCipher Suites Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server IntegerSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server IntegerSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Enable/disable VIP. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dns
Mapping numberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
Vip
Extaddr[] - External FQDN address name. The structure of
extaddrblock is documented below. - extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp numberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- gslb
Public VipIps Gslb Public Ip[] - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex numberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex numberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex numberTtl - Time-to-live for idle connections to servers.
- http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr string - Mapped FQDN address name.
- mappedips
Vip
Mappedip[] - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitors
Vip
Monitor[] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name string
- Virtual IP name.
- nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic - QUIC setting. The structure of
quicblock is documented below. - realservers
Vip
Realserver[] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
Vip
Service[] - Service name. The structure of
serviceblock is documented below. - src
Filters VipSrc Filter[] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters VipSrcintf Filter[] - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher VipSuites Ssl Cipher Suite[] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server VipCipher Suites Ssl Server Cipher Suite[] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status string
- Enable/disable VIP. Valid values:
disable,enable. - type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add_
nat46_ strroute - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color int
- Color of icon on the GUI.
- comment str
- Comment.
- dns_
mapping_ intttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
Sequence[Vip
Extaddr Args] - External FQDN address name. The structure of
extaddrblock is documented below. - extintf str
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid int
- Custom defined ID.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous_
arp_ intinterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb_
domain_ strname - Domain to use when integrating with FortiGSLB.
- gslb_
hostname str - Hostname to use within the configured FortiGSLB domain.
- gslb_
public_ Sequence[Vipips Gslb Public Ip Args] - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http_
multiplex_ intmax_ concurrent_ request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http_
multiplex_ intmax_ request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http_
multiplex_ intttl - Time-to-live for idle connections to servers.
- http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6_
mappedip str - Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6_
mappedport str - IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped_
addr str - Mapped FQDN address name.
- mappedips
Sequence[Vip
Mappedip Args] - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ intconnections - Maximum number of incomplete connections.
- monitors
Sequence[Vip
Monitor Args] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name str
- Virtual IP name.
- nat44 str
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 str
- Enable/disable NAT46. Valid values:
disable,enable. - nat_
source_ strvip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one_
click_ strgslb_ server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping_
type str - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic Args - QUIC setting. The structure of
quicblock is documented below. - realservers
Sequence[Vip
Realserver Args] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
Sequence[Vip
Service Args] - Service name. The structure of
serviceblock is documented below. - src_
filters Sequence[VipSrc Filter Args] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf_
filters Sequence[VipSrcintf Filter Args] - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Vipsuites Ssl Cipher Suite Args] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ intrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl_
client_ intsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ intsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ intage - Number of seconds the client should honour the HPKP setting.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ intage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client.
- ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client.
- ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl_
server_ Sequence[Vipcipher_ suites Ssl Server Cipher Suite Args] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl_
server_ intsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ intsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status str
- Enable/disable VIP. Valid values:
disable,enable. - type str
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping NumberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs List<Property Map>
- External FQDN address name. The structure of
extaddrblock is documented below. - extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp NumberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- gslb
Public List<Property Map>Ips - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex NumberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex NumberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex NumberTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<Property Map>
- IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitors List<Property Map>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual IP name.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic Property Map
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Property Map>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services List<Property Map>
- Service name. The structure of
serviceblock is documented below. - src
Filters List<Property Map> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters List<Property Map> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Property Map>Cipher Suites - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Enable/disable VIP. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the Vip resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Vip Resource
Get an existing Vip resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VipState, opts?: CustomResourceOptions): Vip@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_nat46_route: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[int] = None,
comment: Optional[str] = None,
dns_mapping_ttl: Optional[int] = None,
dynamic_sort_subtable: Optional[str] = None,
extaddrs: Optional[Sequence[VipExtaddrArgs]] = None,
extintf: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[int] = None,
get_all_tables: Optional[str] = None,
gratuitous_arp_interval: Optional[int] = None,
gslb_domain_name: Optional[str] = None,
gslb_hostname: Optional[str] = None,
gslb_public_ips: Optional[Sequence[VipGslbPublicIpArgs]] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[int] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[int] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_multiplex_max_concurrent_request: Optional[int] = None,
http_multiplex_max_request: Optional[int] = None,
http_multiplex_ttl: Optional[int] = None,
http_redirect: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv6_mappedip: Optional[str] = None,
ipv6_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mapped_addr: Optional[str] = None,
mappedips: Optional[Sequence[VipMappedipArgs]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[int] = None,
monitors: Optional[Sequence[VipMonitorArgs]] = None,
name: Optional[str] = None,
nat44: Optional[str] = None,
nat46: Optional[str] = None,
nat_source_vip: Optional[str] = None,
one_click_gslb_server: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
portmapping_type: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[VipQuicArgs] = None,
realservers: Optional[Sequence[VipRealserverArgs]] = None,
server_type: Optional[str] = None,
services: Optional[Sequence[VipServiceArgs]] = None,
src_filters: Optional[Sequence[VipSrcFilterArgs]] = None,
srcintf_filters: Optional[Sequence[VipSrcintfFilterArgs]] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[VipSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[int] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[int] = None,
ssl_client_session_state_timeout: Optional[int] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[int] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[int] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[VipSslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[int] = None,
ssl_server_session_state_timeout: Optional[int] = None,
ssl_server_session_state_type: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
vdomparam: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None) -> Vipfunc GetVip(ctx *Context, name string, id IDInput, state *VipState, opts ...ResourceOption) (*Vip, error)public static Vip Get(string name, Input<string> id, VipState? state, CustomResourceOptions? opts = null)public static Vip get(String name, Output<String> id, VipState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping intTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Extaddrs
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Extaddr> - External FQDN address name. The structure of
extaddrblock is documented below. - Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arp intInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- Gslb
Public List<Pulumiverse.Ips Fortios. Firewall. Inputs. Vip Gslb Public Ip> - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Multiplex intMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex intMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex intTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Mappedip> - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual IP name.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Quic
Pulumiverse.
Fortios. Firewall. Inputs. Vip Quic - QUIC setting. The structure of
quicblock is documented below. - Realservers
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Services
List<Pulumiverse.
Fortios. Firewall. Inputs. Vip Service> - Service name. The structure of
serviceblock is documented below. - Src
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip Src Filter> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Srcintf
Filters List<Pulumiverse.Fortios. Firewall. Inputs. Vip Srcintf Filter> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<Pulumiverse.Suites Fortios. Firewall. Inputs. Vip Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server List<Pulumiverse.Cipher Suites Fortios. Firewall. Inputs. Vip Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Enable/disable VIP. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color int
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping intTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Extaddrs
[]Vip
Extaddr Args - External FQDN address name. The structure of
extaddrblock is documented below. - Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid int
- Custom defined ID.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arp intInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- Gslb
Public []VipIps Gslb Public Ip Args - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - Http
Multiplex intMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex intMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex intTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips
[]Vip
Mappedip Args - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic intConnections - Maximum number of incomplete connections.
- Monitors
[]Vip
Monitor Args - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - Name string
- Virtual IP name.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Quic
Vip
Quic Args - QUIC setting. The structure of
quicblock is documented below. - Realservers
[]Vip
Realserver Args - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - Services
[]Vip
Service Args - Service name. The structure of
serviceblock is documented below. - Src
Filters []VipSrc Filter Args - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - Srcintf
Filters []VipSrcintf Filter Args - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []VipSuites Ssl Cipher Suite Args - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client intRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - Ssl
Client intSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client intSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp intAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts intAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - Ssl
Server []VipCipher Suites Ssl Server Cipher Suite Args - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - Ssl
Server intSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server intSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Enable/disable VIP. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Integer
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping IntegerTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
List<Vip
Extaddr> - External FQDN address name. The structure of
extaddrblock is documented below. - extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Integer
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp IntegerInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- gslb
Public List<VipIps Gslb Public Ip> - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Integer
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Integer
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex IntegerMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex IntegerMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex IntegerTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips
List<Vip
Mappedip> - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic IntegerConnections - Maximum number of incomplete connections.
- monitors
List<Vip
Monitor> - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual IP name.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic - QUIC setting. The structure of
quicblock is documented below. - realservers
List<Vip
Realserver> - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
List<Vip
Service> - Service name. The structure of
serviceblock is documented below. - src
Filters List<VipSrc Filter> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters List<VipSrcintf Filter> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<VipSuites Ssl Cipher Suite> - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client IntegerRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client IntegerSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client IntegerSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp IntegerAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts IntegerAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<VipCipher Suites Ssl Server Cipher Suite> - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server IntegerSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server IntegerSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Enable/disable VIP. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dns
Mapping numberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
Vip
Extaddr[] - External FQDN address name. The structure of
extaddrblock is documented below. - extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp numberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- gslb
Public VipIps Gslb Public Ip[] - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex numberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex numberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex numberTtl - Time-to-live for idle connections to servers.
- http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr string - Mapped FQDN address name.
- mappedips
Vip
Mappedip[] - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitors
Vip
Monitor[] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name string
- Virtual IP name.
- nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic - QUIC setting. The structure of
quicblock is documented below. - realservers
Vip
Realserver[] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
Vip
Service[] - Service name. The structure of
serviceblock is documented below. - src
Filters VipSrc Filter[] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters VipSrcintf Filter[] - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher VipSuites Ssl Cipher Suite[] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server VipCipher Suites Ssl Server Cipher Suite[] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status string
- Enable/disable VIP. Valid values:
disable,enable. - type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add_
nat46_ strroute - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color int
- Color of icon on the GUI.
- comment str
- Comment.
- dns_
mapping_ intttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs
Sequence[Vip
Extaddr Args] - External FQDN address name. The structure of
extaddrblock is documented below. - extintf str
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid int
- Custom defined ID.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous_
arp_ intinterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb_
domain_ strname - Domain to use when integrating with FortiGSLB.
- gslb_
hostname str - Hostname to use within the configured FortiGSLB domain.
- gslb_
public_ Sequence[Vipips Gslb Public Ip Args] - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - int
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - int
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http_
multiplex_ intmax_ concurrent_ request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http_
multiplex_ intmax_ request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http_
multiplex_ intttl - Time-to-live for idle connections to servers.
- http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6_
mappedip str - Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6_
mappedport str - IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped_
addr str - Mapped FQDN address name.
- mappedips
Sequence[Vip
Mappedip Args] - IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ intconnections - Maximum number of incomplete connections.
- monitors
Sequence[Vip
Monitor Args] - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name str
- Virtual IP name.
- nat44 str
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 str
- Enable/disable NAT46. Valid values:
disable,enable. - nat_
source_ strvip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one_
click_ strgslb_ server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping_
type str - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic
Vip
Quic Args - QUIC setting. The structure of
quicblock is documented below. - realservers
Sequence[Vip
Realserver Args] - Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services
Sequence[Vip
Service Args] - Service name. The structure of
serviceblock is documented below. - src_
filters Sequence[VipSrc Filter Args] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf_
filters Sequence[VipSrcintf Filter Args] - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Vipsuites Ssl Cipher Suite Args] - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ intrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl_
client_ intsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ intsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ intage - Number of seconds the client should honour the HPKP setting.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ intage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client.
- ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client.
- ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl_
server_ Sequence[Vipcipher_ suites Ssl Server Cipher Suite Args] - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl_
server_ intsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ intsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status str
- Enable/disable VIP. Valid values:
disable,enable. - type str
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping NumberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- extaddrs List<Property Map>
- External FQDN address name. The structure of
extaddrblock is documented below. - extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arp NumberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- gslb
Public List<Property Map>Ips - Publicly accessible IP addresses for the FortiGSLB service. The structure of
gslb_public_ipsblock is documented below. - h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
enable,disable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
enable,disable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
enable,disable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
enable,disable. - http
Multiplex NumberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex NumberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex NumberTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
enable,disable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<Property Map>
- IP address or address range on the destination network to which the external IP address is mapped. The structure of
mappedipblock is documented below. - mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitors List<Property Map>
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of
monitorblock is documented below. - name String
- Virtual IP name.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - quic Property Map
- QUIC setting. The structure of
quicblock is documented below. - realservers List<Property Map>
- Select the real servers that this server load balancing VIP will distribute traffic to. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,imaps,pop3s,smtps,ssl,tcp,udp,ip. - services List<Property Map>
- Service name. The structure of
serviceblock is documented below. - src
Filters List<Property Map> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of
src_filterblock is documented below. - srcintf
Filters List<Property Map> - Interfaces to which the VIP applies. Separate the names with spaces. The structure of
srcintf_filterblock is documented below. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
enable,disable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
allow,deny,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
enable,disable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
enable,disable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client.
- ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client.
- ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
enable,disable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom,client. - ssl
Server List<Property Map>Cipher Suites - SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
enable,disable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Enable/disable VIP. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Supporting Types
VipExtaddr, VipExtaddrArgs
- Name string
- Address name.
- Name string
- Address name.
- name String
- Address name.
- name string
- Address name.
- name str
- Address name.
- name String
- Address name.
VipGslbPublicIp, VipGslbPublicIpArgs
VipMappedip, VipMappedipArgs
- Range string
- Mapped IP range.
- Range string
- Mapped IP range.
- range String
- Mapped IP range.
- range string
- Mapped IP range.
- range str
- Mapped IP range.
- range String
- Mapped IP range.
VipMonitor, VipMonitorArgs
- Name string
- Health monitor name.
- Name string
- Health monitor name.
- name String
- Health monitor name.
- name string
- Health monitor name.
- name str
- Health monitor name.
- name String
- Health monitor name.
VipQuic, VipQuicArgs
- Ack
Delay intExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection intId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - Max
Ack intDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram intFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle intTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp intPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- Ack
Delay intExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection intId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - Max
Ack intDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram intFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle intTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp intPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay IntegerExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection IntegerId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack IntegerDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram IntegerFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle IntegerTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp IntegerPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay numberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection numberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration string - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack numberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram numberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle numberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp numberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack_
delay_ intexponent - ACK delay exponent (1 - 20, default = 3).
- active_
connection_ intid_ limit - Active connection ID limit (1 - 8, default = 2).
- active_
migration str - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease_
quic_ strbit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max_
ack_ intdelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max_
datagram_ intframe_ size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max_
idle_ inttimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max_
udp_ intpayload_ size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay NumberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection NumberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
enable,disable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
enable,disable. - max
Ack NumberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram NumberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle NumberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp NumberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
VipRealserver, VipRealserverArgs
- Address string
- Dynamic address of the real server.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval int - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id int
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections int - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - Type string
- Type of address. Valid values:
ip,address. - Weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Address string
- Dynamic address of the real server.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval int - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id int
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections int - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - Type string
- Type of address. Valid values:
ip,address. - Weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address String
- Dynamic address of the real server.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Integer - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Integer
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Integer - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Integer
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - type String
- Type of address. Valid values:
ip,address. - weight Integer
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address string
- Dynamic address of the real server.
- client
Ip string - Only clients in this IP range can connect to this real server.
- healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- max
Connections number - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - type string
- Type of address. Valid values:
ip,address. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address str
- Dynamic address of the real server.
- client_
ip str - Only clients in this IP range can connect to this real server.
- healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval int - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id int
- Real server ID.
- ip str
- IP address of the real server.
- max_
connections int - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port int
- Port for communicating with the real server. Required if port forwarding is enabled.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - type str
- Type of address. Valid values:
ip,address. - weight int
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address String
- Dynamic address of the real server.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Number - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
enable,disable. - type String
- Type of address. Valid values:
ip,address. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
VipService, VipServiceArgs
- Name string
- Service name.
- Name string
- Service name.
- name String
- Service name.
- name string
- Service name.
- name str
- Service name.
- name String
- Service name.
VipSrcFilter, VipSrcFilterArgs
- Range string
- Source-filter range.
- Range string
- Source-filter range.
- range String
- Source-filter range.
- range string
- Source-filter range.
- range str
- Source-filter range.
- range String
- Source-filter range.
VipSrcintfFilter, VipSrcintfFilterArgs
- Interface
Name string - Interface name.
- Interface
Name string - Interface name.
- interface
Name String - Interface name.
- interface
Name string - Interface name.
- interface_
name str - Interface name.
- interface
Name String - Interface name.
VipSslCipherSuite, VipSslCipherSuiteArgs
VipSslServerCipherSuite, VipSslServerCipherSuiteArgs
Import
Firewall Vip can be imported using any of these accepted formats:
$ pulumi import fortios:firewall/vip:Vip labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:firewall/vip:Vip labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortiosTerraform Provider.