1. Packages
  2. Fortios
  3. API Docs
  4. firewall
  5. Vip6
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.firewall.Vip6

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure virtual IP for IPv6.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.firewall.Vip6("trname", {
        arpReply: "enable",
        color: 0,
        extip: "2001:1:1:12::100",
        extport: "0-65535",
        fosid: 0,
        httpCookieAge: 60,
        httpCookieDomainFromHost: "disable",
        httpCookieGeneration: 0,
        httpCookieShare: "same-ip",
        httpIpHeader: "disable",
        httpMultiplex: "disable",
        httpsCookieSecure: "disable",
        ldbMethod: "static",
        mappedip: "2001:1:1:12::200",
        mappedport: "0-65535",
        maxEmbryonicConnections: 1000,
        outlookWebAccess: "disable",
        persistence: "none",
        portforward: "disable",
        protocol: "tcp",
        sslAlgorithm: "high",
        sslClientFallback: "enable",
        sslClientRenegotiation: "secure",
        sslClientSessionStateMax: 1000,
        sslClientSessionStateTimeout: 30,
        sslClientSessionStateType: "both",
        sslDhBits: "2048",
        sslHpkp: "disable",
        sslHpkpAge: 5184000,
        sslHpkpIncludeSubdomains: "disable",
        sslHsts: "disable",
        sslHstsAge: 5184000,
        sslHstsIncludeSubdomains: "disable",
        sslHttpLocationConversion: "disable",
        sslHttpMatchHost: "enable",
        sslMaxVersion: "tls-1.2",
        sslMinVersion: "tls-1.1",
        sslMode: "half",
        sslPfs: "require",
        sslSendEmptyFrags: "enable",
        sslServerAlgorithm: "client",
        sslServerMaxVersion: "client",
        sslServerMinVersion: "client",
        sslServerSessionStateMax: 100,
        sslServerSessionStateTimeout: 60,
        sslServerSessionStateType: "both",
        type: "static-nat",
        weblogicServer: "disable",
        websphereServer: "disable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.firewall.Vip6("trname",
        arp_reply="enable",
        color=0,
        extip="2001:1:1:12::100",
        extport="0-65535",
        fosid=0,
        http_cookie_age=60,
        http_cookie_domain_from_host="disable",
        http_cookie_generation=0,
        http_cookie_share="same-ip",
        http_ip_header="disable",
        http_multiplex="disable",
        https_cookie_secure="disable",
        ldb_method="static",
        mappedip="2001:1:1:12::200",
        mappedport="0-65535",
        max_embryonic_connections=1000,
        outlook_web_access="disable",
        persistence="none",
        portforward="disable",
        protocol="tcp",
        ssl_algorithm="high",
        ssl_client_fallback="enable",
        ssl_client_renegotiation="secure",
        ssl_client_session_state_max=1000,
        ssl_client_session_state_timeout=30,
        ssl_client_session_state_type="both",
        ssl_dh_bits="2048",
        ssl_hpkp="disable",
        ssl_hpkp_age=5184000,
        ssl_hpkp_include_subdomains="disable",
        ssl_hsts="disable",
        ssl_hsts_age=5184000,
        ssl_hsts_include_subdomains="disable",
        ssl_http_location_conversion="disable",
        ssl_http_match_host="enable",
        ssl_max_version="tls-1.2",
        ssl_min_version="tls-1.1",
        ssl_mode="half",
        ssl_pfs="require",
        ssl_send_empty_frags="enable",
        ssl_server_algorithm="client",
        ssl_server_max_version="client",
        ssl_server_min_version="client",
        ssl_server_session_state_max=100,
        ssl_server_session_state_timeout=60,
        ssl_server_session_state_type="both",
        type="static-nat",
        weblogic_server="disable",
        websphere_server="disable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := firewall.NewVip6(ctx, "trname", &firewall.Vip6Args{
    			ArpReply:                     pulumi.String("enable"),
    			Color:                        pulumi.Int(0),
    			Extip:                        pulumi.String("2001:1:1:12::100"),
    			Extport:                      pulumi.String("0-65535"),
    			Fosid:                        pulumi.Int(0),
    			HttpCookieAge:                pulumi.Int(60),
    			HttpCookieDomainFromHost:     pulumi.String("disable"),
    			HttpCookieGeneration:         pulumi.Int(0),
    			HttpCookieShare:              pulumi.String("same-ip"),
    			HttpIpHeader:                 pulumi.String("disable"),
    			HttpMultiplex:                pulumi.String("disable"),
    			HttpsCookieSecure:            pulumi.String("disable"),
    			LdbMethod:                    pulumi.String("static"),
    			Mappedip:                     pulumi.String("2001:1:1:12::200"),
    			Mappedport:                   pulumi.String("0-65535"),
    			MaxEmbryonicConnections:      pulumi.Int(1000),
    			OutlookWebAccess:             pulumi.String("disable"),
    			Persistence:                  pulumi.String("none"),
    			Portforward:                  pulumi.String("disable"),
    			Protocol:                     pulumi.String("tcp"),
    			SslAlgorithm:                 pulumi.String("high"),
    			SslClientFallback:            pulumi.String("enable"),
    			SslClientRenegotiation:       pulumi.String("secure"),
    			SslClientSessionStateMax:     pulumi.Int(1000),
    			SslClientSessionStateTimeout: pulumi.Int(30),
    			SslClientSessionStateType:    pulumi.String("both"),
    			SslDhBits:                    pulumi.String("2048"),
    			SslHpkp:                      pulumi.String("disable"),
    			SslHpkpAge:                   pulumi.Int(5184000),
    			SslHpkpIncludeSubdomains:     pulumi.String("disable"),
    			SslHsts:                      pulumi.String("disable"),
    			SslHstsAge:                   pulumi.Int(5184000),
    			SslHstsIncludeSubdomains:     pulumi.String("disable"),
    			SslHttpLocationConversion:    pulumi.String("disable"),
    			SslHttpMatchHost:             pulumi.String("enable"),
    			SslMaxVersion:                pulumi.String("tls-1.2"),
    			SslMinVersion:                pulumi.String("tls-1.1"),
    			SslMode:                      pulumi.String("half"),
    			SslPfs:                       pulumi.String("require"),
    			SslSendEmptyFrags:            pulumi.String("enable"),
    			SslServerAlgorithm:           pulumi.String("client"),
    			SslServerMaxVersion:          pulumi.String("client"),
    			SslServerMinVersion:          pulumi.String("client"),
    			SslServerSessionStateMax:     pulumi.Int(100),
    			SslServerSessionStateTimeout: pulumi.Int(60),
    			SslServerSessionStateType:    pulumi.String("both"),
    			Type:                         pulumi.String("static-nat"),
    			WeblogicServer:               pulumi.String("disable"),
    			WebsphereServer:              pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Firewall.Vip6("trname", new()
        {
            ArpReply = "enable",
            Color = 0,
            Extip = "2001:1:1:12::100",
            Extport = "0-65535",
            Fosid = 0,
            HttpCookieAge = 60,
            HttpCookieDomainFromHost = "disable",
            HttpCookieGeneration = 0,
            HttpCookieShare = "same-ip",
            HttpIpHeader = "disable",
            HttpMultiplex = "disable",
            HttpsCookieSecure = "disable",
            LdbMethod = "static",
            Mappedip = "2001:1:1:12::200",
            Mappedport = "0-65535",
            MaxEmbryonicConnections = 1000,
            OutlookWebAccess = "disable",
            Persistence = "none",
            Portforward = "disable",
            Protocol = "tcp",
            SslAlgorithm = "high",
            SslClientFallback = "enable",
            SslClientRenegotiation = "secure",
            SslClientSessionStateMax = 1000,
            SslClientSessionStateTimeout = 30,
            SslClientSessionStateType = "both",
            SslDhBits = "2048",
            SslHpkp = "disable",
            SslHpkpAge = 5184000,
            SslHpkpIncludeSubdomains = "disable",
            SslHsts = "disable",
            SslHstsAge = 5184000,
            SslHstsIncludeSubdomains = "disable",
            SslHttpLocationConversion = "disable",
            SslHttpMatchHost = "enable",
            SslMaxVersion = "tls-1.2",
            SslMinVersion = "tls-1.1",
            SslMode = "half",
            SslPfs = "require",
            SslSendEmptyFrags = "enable",
            SslServerAlgorithm = "client",
            SslServerMaxVersion = "client",
            SslServerMinVersion = "client",
            SslServerSessionStateMax = 100,
            SslServerSessionStateTimeout = 60,
            SslServerSessionStateType = "both",
            Type = "static-nat",
            WeblogicServer = "disable",
            WebsphereServer = "disable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.firewall.Vip6;
    import com.pulumi.fortios.firewall.Vip6Args;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Vip6("trname", Vip6Args.builder()
                .arpReply("enable")
                .color(0)
                .extip("2001:1:1:12::100")
                .extport("0-65535")
                .fosid(0)
                .httpCookieAge(60)
                .httpCookieDomainFromHost("disable")
                .httpCookieGeneration(0)
                .httpCookieShare("same-ip")
                .httpIpHeader("disable")
                .httpMultiplex("disable")
                .httpsCookieSecure("disable")
                .ldbMethod("static")
                .mappedip("2001:1:1:12::200")
                .mappedport("0-65535")
                .maxEmbryonicConnections(1000)
                .outlookWebAccess("disable")
                .persistence("none")
                .portforward("disable")
                .protocol("tcp")
                .sslAlgorithm("high")
                .sslClientFallback("enable")
                .sslClientRenegotiation("secure")
                .sslClientSessionStateMax(1000)
                .sslClientSessionStateTimeout(30)
                .sslClientSessionStateType("both")
                .sslDhBits("2048")
                .sslHpkp("disable")
                .sslHpkpAge(5184000)
                .sslHpkpIncludeSubdomains("disable")
                .sslHsts("disable")
                .sslHstsAge(5184000)
                .sslHstsIncludeSubdomains("disable")
                .sslHttpLocationConversion("disable")
                .sslHttpMatchHost("enable")
                .sslMaxVersion("tls-1.2")
                .sslMinVersion("tls-1.1")
                .sslMode("half")
                .sslPfs("require")
                .sslSendEmptyFrags("enable")
                .sslServerAlgorithm("client")
                .sslServerMaxVersion("client")
                .sslServerMinVersion("client")
                .sslServerSessionStateMax(100)
                .sslServerSessionStateTimeout(60)
                .sslServerSessionStateType("both")
                .type("static-nat")
                .weblogicServer("disable")
                .websphereServer("disable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:firewall:Vip6
        properties:
          arpReply: enable
          color: 0
          extip: 2001:1:1:12::100
          extport: 0-65535
          fosid: 0
          httpCookieAge: 60
          httpCookieDomainFromHost: disable
          httpCookieGeneration: 0
          httpCookieShare: same-ip
          httpIpHeader: disable
          httpMultiplex: disable
          httpsCookieSecure: disable
          ldbMethod: static
          mappedip: 2001:1:1:12::200
          mappedport: 0-65535
          maxEmbryonicConnections: 1000
          outlookWebAccess: disable
          persistence: none
          portforward: disable
          protocol: tcp
          sslAlgorithm: high
          sslClientFallback: enable
          sslClientRenegotiation: secure
          sslClientSessionStateMax: 1000
          sslClientSessionStateTimeout: 30
          sslClientSessionStateType: both
          sslDhBits: '2048'
          sslHpkp: disable
          sslHpkpAge: 5.184e+06
          sslHpkpIncludeSubdomains: disable
          sslHsts: disable
          sslHstsAge: 5.184e+06
          sslHstsIncludeSubdomains: disable
          sslHttpLocationConversion: disable
          sslHttpMatchHost: enable
          sslMaxVersion: tls-1.2
          sslMinVersion: tls-1.1
          sslMode: half
          sslPfs: require
          sslSendEmptyFrags: enable
          sslServerAlgorithm: client
          sslServerMaxVersion: client
          sslServerMinVersion: client
          sslServerSessionStateMax: 100
          sslServerSessionStateTimeout: 60
          sslServerSessionStateType: both
          type: static-nat
          weblogicServer: disable
          websphereServer: disable
    

    Create Vip6 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Vip6(name: string, args: Vip6Args, opts?: CustomResourceOptions);
    @overload
    def Vip6(resource_name: str,
             args: Vip6Args,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Vip6(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             extip: Optional[str] = None,
             mappedip: Optional[str] = None,
             add_nat64_route: Optional[str] = None,
             arp_reply: Optional[str] = None,
             color: Optional[int] = None,
             comment: Optional[str] = None,
             dynamic_sort_subtable: Optional[str] = None,
             embedded_ipv4_address: Optional[str] = None,
             extport: Optional[str] = None,
             fosid: Optional[int] = None,
             get_all_tables: Optional[str] = None,
             h2_support: Optional[str] = None,
             h3_support: Optional[str] = None,
             http_cookie_age: Optional[int] = None,
             http_cookie_domain: Optional[str] = None,
             http_cookie_domain_from_host: Optional[str] = None,
             http_cookie_generation: Optional[int] = None,
             http_cookie_path: Optional[str] = None,
             http_cookie_share: Optional[str] = None,
             http_ip_header: Optional[str] = None,
             http_ip_header_name: Optional[str] = None,
             http_multiplex: Optional[str] = None,
             http_redirect: Optional[str] = None,
             https_cookie_secure: Optional[str] = None,
             ipv4_mappedip: Optional[str] = None,
             ipv4_mappedport: Optional[str] = None,
             ldb_method: Optional[str] = None,
             mappedport: Optional[str] = None,
             max_embryonic_connections: Optional[int] = None,
             monitors: Optional[Sequence[Vip6MonitorArgs]] = None,
             name: Optional[str] = None,
             nat64: Optional[str] = None,
             nat66: Optional[str] = None,
             nat_source_vip: Optional[str] = None,
             ndp_reply: Optional[str] = None,
             outlook_web_access: Optional[str] = None,
             persistence: Optional[str] = None,
             portforward: Optional[str] = None,
             protocol: Optional[str] = None,
             quic: Optional[Vip6QuicArgs] = None,
             realservers: Optional[Sequence[Vip6RealserverArgs]] = None,
             server_type: Optional[str] = None,
             src_filters: Optional[Sequence[Vip6SrcFilterArgs]] = None,
             src_vip_filter: Optional[str] = None,
             ssl_accept_ffdhe_groups: Optional[str] = None,
             ssl_algorithm: Optional[str] = None,
             ssl_certificate: Optional[str] = None,
             ssl_cipher_suites: Optional[Sequence[Vip6SslCipherSuiteArgs]] = None,
             ssl_client_fallback: Optional[str] = None,
             ssl_client_rekey_count: Optional[int] = None,
             ssl_client_renegotiation: Optional[str] = None,
             ssl_client_session_state_max: Optional[int] = None,
             ssl_client_session_state_timeout: Optional[int] = None,
             ssl_client_session_state_type: Optional[str] = None,
             ssl_dh_bits: Optional[str] = None,
             ssl_hpkp: Optional[str] = None,
             ssl_hpkp_age: Optional[int] = None,
             ssl_hpkp_backup: Optional[str] = None,
             ssl_hpkp_include_subdomains: Optional[str] = None,
             ssl_hpkp_primary: Optional[str] = None,
             ssl_hpkp_report_uri: Optional[str] = None,
             ssl_hsts: Optional[str] = None,
             ssl_hsts_age: Optional[int] = None,
             ssl_hsts_include_subdomains: Optional[str] = None,
             ssl_http_location_conversion: Optional[str] = None,
             ssl_http_match_host: Optional[str] = None,
             ssl_max_version: Optional[str] = None,
             ssl_min_version: Optional[str] = None,
             ssl_mode: Optional[str] = None,
             ssl_pfs: Optional[str] = None,
             ssl_send_empty_frags: Optional[str] = None,
             ssl_server_algorithm: Optional[str] = None,
             ssl_server_cipher_suites: Optional[Sequence[Vip6SslServerCipherSuiteArgs]] = None,
             ssl_server_max_version: Optional[str] = None,
             ssl_server_min_version: Optional[str] = None,
             ssl_server_renegotiation: Optional[str] = None,
             ssl_server_session_state_max: Optional[int] = None,
             ssl_server_session_state_timeout: Optional[int] = None,
             ssl_server_session_state_type: Optional[str] = None,
             type: Optional[str] = None,
             uuid: Optional[str] = None,
             vdomparam: Optional[str] = None,
             weblogic_server: Optional[str] = None,
             websphere_server: Optional[str] = None)
    func NewVip6(ctx *Context, name string, args Vip6Args, opts ...ResourceOption) (*Vip6, error)
    public Vip6(string name, Vip6Args args, CustomResourceOptions? opts = null)
    public Vip6(String name, Vip6Args args)
    public Vip6(String name, Vip6Args args, CustomResourceOptions options)
    
    type: fortios:firewall:Vip6
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args Vip6Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args Vip6Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args Vip6Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args Vip6Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args Vip6Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var vip6Resource = new Fortios.Firewall.Vip6("vip6Resource", new()
    {
        Extip = "string",
        Mappedip = "string",
        AddNat64Route = "string",
        ArpReply = "string",
        Color = 0,
        Comment = "string",
        DynamicSortSubtable = "string",
        EmbeddedIpv4Address = "string",
        Extport = "string",
        Fosid = 0,
        GetAllTables = "string",
        H2Support = "string",
        H3Support = "string",
        HttpCookieAge = 0,
        HttpCookieDomain = "string",
        HttpCookieDomainFromHost = "string",
        HttpCookieGeneration = 0,
        HttpCookiePath = "string",
        HttpCookieShare = "string",
        HttpIpHeader = "string",
        HttpIpHeaderName = "string",
        HttpMultiplex = "string",
        HttpRedirect = "string",
        HttpsCookieSecure = "string",
        Ipv4Mappedip = "string",
        Ipv4Mappedport = "string",
        LdbMethod = "string",
        Mappedport = "string",
        MaxEmbryonicConnections = 0,
        Monitors = new[]
        {
            new Fortios.Firewall.Inputs.Vip6MonitorArgs
            {
                Name = "string",
            },
        },
        Name = "string",
        Nat64 = "string",
        Nat66 = "string",
        NatSourceVip = "string",
        NdpReply = "string",
        OutlookWebAccess = "string",
        Persistence = "string",
        Portforward = "string",
        Protocol = "string",
        Quic = new Fortios.Firewall.Inputs.Vip6QuicArgs
        {
            AckDelayExponent = 0,
            ActiveConnectionIdLimit = 0,
            ActiveMigration = "string",
            GreaseQuicBit = "string",
            MaxAckDelay = 0,
            MaxDatagramFrameSize = 0,
            MaxIdleTimeout = 0,
            MaxUdpPayloadSize = 0,
        },
        Realservers = new[]
        {
            new Fortios.Firewall.Inputs.Vip6RealserverArgs
            {
                ClientIp = "string",
                Healthcheck = "string",
                HolddownInterval = 0,
                HttpHost = "string",
                Id = 0,
                Ip = "string",
                MaxConnections = 0,
                Monitor = "string",
                Port = 0,
                Status = "string",
                TranslateHost = "string",
                Weight = 0,
            },
        },
        ServerType = "string",
        SrcFilters = new[]
        {
            new Fortios.Firewall.Inputs.Vip6SrcFilterArgs
            {
                Range = "string",
            },
        },
        SrcVipFilter = "string",
        SslAcceptFfdheGroups = "string",
        SslAlgorithm = "string",
        SslCertificate = "string",
        SslCipherSuites = new[]
        {
            new Fortios.Firewall.Inputs.Vip6SslCipherSuiteArgs
            {
                Cipher = "string",
                Priority = 0,
                Versions = "string",
            },
        },
        SslClientFallback = "string",
        SslClientRekeyCount = 0,
        SslClientRenegotiation = "string",
        SslClientSessionStateMax = 0,
        SslClientSessionStateTimeout = 0,
        SslClientSessionStateType = "string",
        SslDhBits = "string",
        SslHpkp = "string",
        SslHpkpAge = 0,
        SslHpkpBackup = "string",
        SslHpkpIncludeSubdomains = "string",
        SslHpkpPrimary = "string",
        SslHpkpReportUri = "string",
        SslHsts = "string",
        SslHstsAge = 0,
        SslHstsIncludeSubdomains = "string",
        SslHttpLocationConversion = "string",
        SslHttpMatchHost = "string",
        SslMaxVersion = "string",
        SslMinVersion = "string",
        SslMode = "string",
        SslPfs = "string",
        SslSendEmptyFrags = "string",
        SslServerAlgorithm = "string",
        SslServerCipherSuites = new[]
        {
            new Fortios.Firewall.Inputs.Vip6SslServerCipherSuiteArgs
            {
                Cipher = "string",
                Priority = 0,
                Versions = "string",
            },
        },
        SslServerMaxVersion = "string",
        SslServerMinVersion = "string",
        SslServerRenegotiation = "string",
        SslServerSessionStateMax = 0,
        SslServerSessionStateTimeout = 0,
        SslServerSessionStateType = "string",
        Type = "string",
        Uuid = "string",
        Vdomparam = "string",
        WeblogicServer = "string",
        WebsphereServer = "string",
    });
    
    example, err := firewall.NewVip6(ctx, "vip6Resource", &firewall.Vip6Args{
    	Extip:                    pulumi.String("string"),
    	Mappedip:                 pulumi.String("string"),
    	AddNat64Route:            pulumi.String("string"),
    	ArpReply:                 pulumi.String("string"),
    	Color:                    pulumi.Int(0),
    	Comment:                  pulumi.String("string"),
    	DynamicSortSubtable:      pulumi.String("string"),
    	EmbeddedIpv4Address:      pulumi.String("string"),
    	Extport:                  pulumi.String("string"),
    	Fosid:                    pulumi.Int(0),
    	GetAllTables:             pulumi.String("string"),
    	H2Support:                pulumi.String("string"),
    	H3Support:                pulumi.String("string"),
    	HttpCookieAge:            pulumi.Int(0),
    	HttpCookieDomain:         pulumi.String("string"),
    	HttpCookieDomainFromHost: pulumi.String("string"),
    	HttpCookieGeneration:     pulumi.Int(0),
    	HttpCookiePath:           pulumi.String("string"),
    	HttpCookieShare:          pulumi.String("string"),
    	HttpIpHeader:             pulumi.String("string"),
    	HttpIpHeaderName:         pulumi.String("string"),
    	HttpMultiplex:            pulumi.String("string"),
    	HttpRedirect:             pulumi.String("string"),
    	HttpsCookieSecure:        pulumi.String("string"),
    	Ipv4Mappedip:             pulumi.String("string"),
    	Ipv4Mappedport:           pulumi.String("string"),
    	LdbMethod:                pulumi.String("string"),
    	Mappedport:               pulumi.String("string"),
    	MaxEmbryonicConnections:  pulumi.Int(0),
    	Monitors: firewall.Vip6MonitorArray{
    		&firewall.Vip6MonitorArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Name:             pulumi.String("string"),
    	Nat64:            pulumi.String("string"),
    	Nat66:            pulumi.String("string"),
    	NatSourceVip:     pulumi.String("string"),
    	NdpReply:         pulumi.String("string"),
    	OutlookWebAccess: pulumi.String("string"),
    	Persistence:      pulumi.String("string"),
    	Portforward:      pulumi.String("string"),
    	Protocol:         pulumi.String("string"),
    	Quic: &firewall.Vip6QuicArgs{
    		AckDelayExponent:        pulumi.Int(0),
    		ActiveConnectionIdLimit: pulumi.Int(0),
    		ActiveMigration:         pulumi.String("string"),
    		GreaseQuicBit:           pulumi.String("string"),
    		MaxAckDelay:             pulumi.Int(0),
    		MaxDatagramFrameSize:    pulumi.Int(0),
    		MaxIdleTimeout:          pulumi.Int(0),
    		MaxUdpPayloadSize:       pulumi.Int(0),
    	},
    	Realservers: firewall.Vip6RealserverArray{
    		&firewall.Vip6RealserverArgs{
    			ClientIp:         pulumi.String("string"),
    			Healthcheck:      pulumi.String("string"),
    			HolddownInterval: pulumi.Int(0),
    			HttpHost:         pulumi.String("string"),
    			Id:               pulumi.Int(0),
    			Ip:               pulumi.String("string"),
    			MaxConnections:   pulumi.Int(0),
    			Monitor:          pulumi.String("string"),
    			Port:             pulumi.Int(0),
    			Status:           pulumi.String("string"),
    			TranslateHost:    pulumi.String("string"),
    			Weight:           pulumi.Int(0),
    		},
    	},
    	ServerType: pulumi.String("string"),
    	SrcFilters: firewall.Vip6SrcFilterArray{
    		&firewall.Vip6SrcFilterArgs{
    			Range: pulumi.String("string"),
    		},
    	},
    	SrcVipFilter:         pulumi.String("string"),
    	SslAcceptFfdheGroups: pulumi.String("string"),
    	SslAlgorithm:         pulumi.String("string"),
    	SslCertificate:       pulumi.String("string"),
    	SslCipherSuites: firewall.Vip6SslCipherSuiteArray{
    		&firewall.Vip6SslCipherSuiteArgs{
    			Cipher:   pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Versions: pulumi.String("string"),
    		},
    	},
    	SslClientFallback:            pulumi.String("string"),
    	SslClientRekeyCount:          pulumi.Int(0),
    	SslClientRenegotiation:       pulumi.String("string"),
    	SslClientSessionStateMax:     pulumi.Int(0),
    	SslClientSessionStateTimeout: pulumi.Int(0),
    	SslClientSessionStateType:    pulumi.String("string"),
    	SslDhBits:                    pulumi.String("string"),
    	SslHpkp:                      pulumi.String("string"),
    	SslHpkpAge:                   pulumi.Int(0),
    	SslHpkpBackup:                pulumi.String("string"),
    	SslHpkpIncludeSubdomains:     pulumi.String("string"),
    	SslHpkpPrimary:               pulumi.String("string"),
    	SslHpkpReportUri:             pulumi.String("string"),
    	SslHsts:                      pulumi.String("string"),
    	SslHstsAge:                   pulumi.Int(0),
    	SslHstsIncludeSubdomains:     pulumi.String("string"),
    	SslHttpLocationConversion:    pulumi.String("string"),
    	SslHttpMatchHost:             pulumi.String("string"),
    	SslMaxVersion:                pulumi.String("string"),
    	SslMinVersion:                pulumi.String("string"),
    	SslMode:                      pulumi.String("string"),
    	SslPfs:                       pulumi.String("string"),
    	SslSendEmptyFrags:            pulumi.String("string"),
    	SslServerAlgorithm:           pulumi.String("string"),
    	SslServerCipherSuites: firewall.Vip6SslServerCipherSuiteArray{
    		&firewall.Vip6SslServerCipherSuiteArgs{
    			Cipher:   pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Versions: pulumi.String("string"),
    		},
    	},
    	SslServerMaxVersion:          pulumi.String("string"),
    	SslServerMinVersion:          pulumi.String("string"),
    	SslServerRenegotiation:       pulumi.String("string"),
    	SslServerSessionStateMax:     pulumi.Int(0),
    	SslServerSessionStateTimeout: pulumi.Int(0),
    	SslServerSessionStateType:    pulumi.String("string"),
    	Type:                         pulumi.String("string"),
    	Uuid:                         pulumi.String("string"),
    	Vdomparam:                    pulumi.String("string"),
    	WeblogicServer:               pulumi.String("string"),
    	WebsphereServer:              pulumi.String("string"),
    })
    
    var vip6Resource = new Vip6("vip6Resource", Vip6Args.builder()
        .extip("string")
        .mappedip("string")
        .addNat64Route("string")
        .arpReply("string")
        .color(0)
        .comment("string")
        .dynamicSortSubtable("string")
        .embeddedIpv4Address("string")
        .extport("string")
        .fosid(0)
        .getAllTables("string")
        .h2Support("string")
        .h3Support("string")
        .httpCookieAge(0)
        .httpCookieDomain("string")
        .httpCookieDomainFromHost("string")
        .httpCookieGeneration(0)
        .httpCookiePath("string")
        .httpCookieShare("string")
        .httpIpHeader("string")
        .httpIpHeaderName("string")
        .httpMultiplex("string")
        .httpRedirect("string")
        .httpsCookieSecure("string")
        .ipv4Mappedip("string")
        .ipv4Mappedport("string")
        .ldbMethod("string")
        .mappedport("string")
        .maxEmbryonicConnections(0)
        .monitors(Vip6MonitorArgs.builder()
            .name("string")
            .build())
        .name("string")
        .nat64("string")
        .nat66("string")
        .natSourceVip("string")
        .ndpReply("string")
        .outlookWebAccess("string")
        .persistence("string")
        .portforward("string")
        .protocol("string")
        .quic(Vip6QuicArgs.builder()
            .ackDelayExponent(0)
            .activeConnectionIdLimit(0)
            .activeMigration("string")
            .greaseQuicBit("string")
            .maxAckDelay(0)
            .maxDatagramFrameSize(0)
            .maxIdleTimeout(0)
            .maxUdpPayloadSize(0)
            .build())
        .realservers(Vip6RealserverArgs.builder()
            .clientIp("string")
            .healthcheck("string")
            .holddownInterval(0)
            .httpHost("string")
            .id(0)
            .ip("string")
            .maxConnections(0)
            .monitor("string")
            .port(0)
            .status("string")
            .translateHost("string")
            .weight(0)
            .build())
        .serverType("string")
        .srcFilters(Vip6SrcFilterArgs.builder()
            .range("string")
            .build())
        .srcVipFilter("string")
        .sslAcceptFfdheGroups("string")
        .sslAlgorithm("string")
        .sslCertificate("string")
        .sslCipherSuites(Vip6SslCipherSuiteArgs.builder()
            .cipher("string")
            .priority(0)
            .versions("string")
            .build())
        .sslClientFallback("string")
        .sslClientRekeyCount(0)
        .sslClientRenegotiation("string")
        .sslClientSessionStateMax(0)
        .sslClientSessionStateTimeout(0)
        .sslClientSessionStateType("string")
        .sslDhBits("string")
        .sslHpkp("string")
        .sslHpkpAge(0)
        .sslHpkpBackup("string")
        .sslHpkpIncludeSubdomains("string")
        .sslHpkpPrimary("string")
        .sslHpkpReportUri("string")
        .sslHsts("string")
        .sslHstsAge(0)
        .sslHstsIncludeSubdomains("string")
        .sslHttpLocationConversion("string")
        .sslHttpMatchHost("string")
        .sslMaxVersion("string")
        .sslMinVersion("string")
        .sslMode("string")
        .sslPfs("string")
        .sslSendEmptyFrags("string")
        .sslServerAlgorithm("string")
        .sslServerCipherSuites(Vip6SslServerCipherSuiteArgs.builder()
            .cipher("string")
            .priority(0)
            .versions("string")
            .build())
        .sslServerMaxVersion("string")
        .sslServerMinVersion("string")
        .sslServerRenegotiation("string")
        .sslServerSessionStateMax(0)
        .sslServerSessionStateTimeout(0)
        .sslServerSessionStateType("string")
        .type("string")
        .uuid("string")
        .vdomparam("string")
        .weblogicServer("string")
        .websphereServer("string")
        .build());
    
    vip6_resource = fortios.firewall.Vip6("vip6Resource",
        extip="string",
        mappedip="string",
        add_nat64_route="string",
        arp_reply="string",
        color=0,
        comment="string",
        dynamic_sort_subtable="string",
        embedded_ipv4_address="string",
        extport="string",
        fosid=0,
        get_all_tables="string",
        h2_support="string",
        h3_support="string",
        http_cookie_age=0,
        http_cookie_domain="string",
        http_cookie_domain_from_host="string",
        http_cookie_generation=0,
        http_cookie_path="string",
        http_cookie_share="string",
        http_ip_header="string",
        http_ip_header_name="string",
        http_multiplex="string",
        http_redirect="string",
        https_cookie_secure="string",
        ipv4_mappedip="string",
        ipv4_mappedport="string",
        ldb_method="string",
        mappedport="string",
        max_embryonic_connections=0,
        monitors=[{
            "name": "string",
        }],
        name="string",
        nat64="string",
        nat66="string",
        nat_source_vip="string",
        ndp_reply="string",
        outlook_web_access="string",
        persistence="string",
        portforward="string",
        protocol="string",
        quic={
            "ack_delay_exponent": 0,
            "active_connection_id_limit": 0,
            "active_migration": "string",
            "grease_quic_bit": "string",
            "max_ack_delay": 0,
            "max_datagram_frame_size": 0,
            "max_idle_timeout": 0,
            "max_udp_payload_size": 0,
        },
        realservers=[{
            "client_ip": "string",
            "healthcheck": "string",
            "holddown_interval": 0,
            "http_host": "string",
            "id": 0,
            "ip": "string",
            "max_connections": 0,
            "monitor": "string",
            "port": 0,
            "status": "string",
            "translate_host": "string",
            "weight": 0,
        }],
        server_type="string",
        src_filters=[{
            "range": "string",
        }],
        src_vip_filter="string",
        ssl_accept_ffdhe_groups="string",
        ssl_algorithm="string",
        ssl_certificate="string",
        ssl_cipher_suites=[{
            "cipher": "string",
            "priority": 0,
            "versions": "string",
        }],
        ssl_client_fallback="string",
        ssl_client_rekey_count=0,
        ssl_client_renegotiation="string",
        ssl_client_session_state_max=0,
        ssl_client_session_state_timeout=0,
        ssl_client_session_state_type="string",
        ssl_dh_bits="string",
        ssl_hpkp="string",
        ssl_hpkp_age=0,
        ssl_hpkp_backup="string",
        ssl_hpkp_include_subdomains="string",
        ssl_hpkp_primary="string",
        ssl_hpkp_report_uri="string",
        ssl_hsts="string",
        ssl_hsts_age=0,
        ssl_hsts_include_subdomains="string",
        ssl_http_location_conversion="string",
        ssl_http_match_host="string",
        ssl_max_version="string",
        ssl_min_version="string",
        ssl_mode="string",
        ssl_pfs="string",
        ssl_send_empty_frags="string",
        ssl_server_algorithm="string",
        ssl_server_cipher_suites=[{
            "cipher": "string",
            "priority": 0,
            "versions": "string",
        }],
        ssl_server_max_version="string",
        ssl_server_min_version="string",
        ssl_server_renegotiation="string",
        ssl_server_session_state_max=0,
        ssl_server_session_state_timeout=0,
        ssl_server_session_state_type="string",
        type="string",
        uuid="string",
        vdomparam="string",
        weblogic_server="string",
        websphere_server="string")
    
    const vip6Resource = new fortios.firewall.Vip6("vip6Resource", {
        extip: "string",
        mappedip: "string",
        addNat64Route: "string",
        arpReply: "string",
        color: 0,
        comment: "string",
        dynamicSortSubtable: "string",
        embeddedIpv4Address: "string",
        extport: "string",
        fosid: 0,
        getAllTables: "string",
        h2Support: "string",
        h3Support: "string",
        httpCookieAge: 0,
        httpCookieDomain: "string",
        httpCookieDomainFromHost: "string",
        httpCookieGeneration: 0,
        httpCookiePath: "string",
        httpCookieShare: "string",
        httpIpHeader: "string",
        httpIpHeaderName: "string",
        httpMultiplex: "string",
        httpRedirect: "string",
        httpsCookieSecure: "string",
        ipv4Mappedip: "string",
        ipv4Mappedport: "string",
        ldbMethod: "string",
        mappedport: "string",
        maxEmbryonicConnections: 0,
        monitors: [{
            name: "string",
        }],
        name: "string",
        nat64: "string",
        nat66: "string",
        natSourceVip: "string",
        ndpReply: "string",
        outlookWebAccess: "string",
        persistence: "string",
        portforward: "string",
        protocol: "string",
        quic: {
            ackDelayExponent: 0,
            activeConnectionIdLimit: 0,
            activeMigration: "string",
            greaseQuicBit: "string",
            maxAckDelay: 0,
            maxDatagramFrameSize: 0,
            maxIdleTimeout: 0,
            maxUdpPayloadSize: 0,
        },
        realservers: [{
            clientIp: "string",
            healthcheck: "string",
            holddownInterval: 0,
            httpHost: "string",
            id: 0,
            ip: "string",
            maxConnections: 0,
            monitor: "string",
            port: 0,
            status: "string",
            translateHost: "string",
            weight: 0,
        }],
        serverType: "string",
        srcFilters: [{
            range: "string",
        }],
        srcVipFilter: "string",
        sslAcceptFfdheGroups: "string",
        sslAlgorithm: "string",
        sslCertificate: "string",
        sslCipherSuites: [{
            cipher: "string",
            priority: 0,
            versions: "string",
        }],
        sslClientFallback: "string",
        sslClientRekeyCount: 0,
        sslClientRenegotiation: "string",
        sslClientSessionStateMax: 0,
        sslClientSessionStateTimeout: 0,
        sslClientSessionStateType: "string",
        sslDhBits: "string",
        sslHpkp: "string",
        sslHpkpAge: 0,
        sslHpkpBackup: "string",
        sslHpkpIncludeSubdomains: "string",
        sslHpkpPrimary: "string",
        sslHpkpReportUri: "string",
        sslHsts: "string",
        sslHstsAge: 0,
        sslHstsIncludeSubdomains: "string",
        sslHttpLocationConversion: "string",
        sslHttpMatchHost: "string",
        sslMaxVersion: "string",
        sslMinVersion: "string",
        sslMode: "string",
        sslPfs: "string",
        sslSendEmptyFrags: "string",
        sslServerAlgorithm: "string",
        sslServerCipherSuites: [{
            cipher: "string",
            priority: 0,
            versions: "string",
        }],
        sslServerMaxVersion: "string",
        sslServerMinVersion: "string",
        sslServerRenegotiation: "string",
        sslServerSessionStateMax: 0,
        sslServerSessionStateTimeout: 0,
        sslServerSessionStateType: "string",
        type: "string",
        uuid: "string",
        vdomparam: "string",
        weblogicServer: "string",
        websphereServer: "string",
    });
    
    type: fortios:firewall:Vip6
    properties:
        addNat64Route: string
        arpReply: string
        color: 0
        comment: string
        dynamicSortSubtable: string
        embeddedIpv4Address: string
        extip: string
        extport: string
        fosid: 0
        getAllTables: string
        h2Support: string
        h3Support: string
        httpCookieAge: 0
        httpCookieDomain: string
        httpCookieDomainFromHost: string
        httpCookieGeneration: 0
        httpCookiePath: string
        httpCookieShare: string
        httpIpHeader: string
        httpIpHeaderName: string
        httpMultiplex: string
        httpRedirect: string
        httpsCookieSecure: string
        ipv4Mappedip: string
        ipv4Mappedport: string
        ldbMethod: string
        mappedip: string
        mappedport: string
        maxEmbryonicConnections: 0
        monitors:
            - name: string
        name: string
        nat64: string
        nat66: string
        natSourceVip: string
        ndpReply: string
        outlookWebAccess: string
        persistence: string
        portforward: string
        protocol: string
        quic:
            ackDelayExponent: 0
            activeConnectionIdLimit: 0
            activeMigration: string
            greaseQuicBit: string
            maxAckDelay: 0
            maxDatagramFrameSize: 0
            maxIdleTimeout: 0
            maxUdpPayloadSize: 0
        realservers:
            - clientIp: string
              healthcheck: string
              holddownInterval: 0
              httpHost: string
              id: 0
              ip: string
              maxConnections: 0
              monitor: string
              port: 0
              status: string
              translateHost: string
              weight: 0
        serverType: string
        srcFilters:
            - range: string
        srcVipFilter: string
        sslAcceptFfdheGroups: string
        sslAlgorithm: string
        sslCertificate: string
        sslCipherSuites:
            - cipher: string
              priority: 0
              versions: string
        sslClientFallback: string
        sslClientRekeyCount: 0
        sslClientRenegotiation: string
        sslClientSessionStateMax: 0
        sslClientSessionStateTimeout: 0
        sslClientSessionStateType: string
        sslDhBits: string
        sslHpkp: string
        sslHpkpAge: 0
        sslHpkpBackup: string
        sslHpkpIncludeSubdomains: string
        sslHpkpPrimary: string
        sslHpkpReportUri: string
        sslHsts: string
        sslHstsAge: 0
        sslHstsIncludeSubdomains: string
        sslHttpLocationConversion: string
        sslHttpMatchHost: string
        sslMaxVersion: string
        sslMinVersion: string
        sslMode: string
        sslPfs: string
        sslSendEmptyFrags: string
        sslServerAlgorithm: string
        sslServerCipherSuites:
            - cipher: string
              priority: 0
              versions: string
        sslServerMaxVersion: string
        sslServerMinVersion: string
        sslServerRenegotiation: string
        sslServerSessionStateMax: 0
        sslServerSessionStateTimeout: 0
        sslServerSessionStateType: string
        type: string
        uuid: string
        vdomparam: string
        weblogicServer: string
        websphereServer: string
    

    Vip6 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Vip6 resource accepts the following input properties:

    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Mappedip string
    Mapped IP address range in the format startIP-endIP.
    AddNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmbeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    Ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors List<Pulumiverse.Fortios.Firewall.Inputs.Vip6Monitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual ip6 name.
    Nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    Nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    NatSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    NdpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable port forwarding. Valid values: disable, enable.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    Quic Pulumiverse.Fortios.Firewall.Inputs.Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    Realservers List<Pulumiverse.Fortios.Firewall.Inputs.Vip6Realserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    SrcFilters List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SrcFilter>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of minutes the web browser should keep HPKP.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Type string
    Configure a static NAT or server load balance VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Mappedip string
    Mapped IP address range in the format startIP-endIP.
    AddNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmbeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    Ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors []Vip6MonitorArgs
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual ip6 name.
    Nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    Nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    NatSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    NdpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable port forwarding. Valid values: disable, enable.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    Quic Vip6QuicArgs
    QUIC setting. The structure of quic block is documented below.
    Realservers []Vip6RealserverArgs
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    SrcFilters []Vip6SrcFilterArgs
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites []Vip6SslCipherSuiteArgs
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of minutes the web browser should keep HPKP.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites []Vip6SslServerCipherSuiteArgs
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Type string
    Configure a static NAT or server load balance VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    mappedip String
    Mapped IP address range in the format startIP-endIP.
    addNat64Route String
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Integer
    Color of icon on the GUI.
    comment String
    Comment.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address String
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Integer
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Integer
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Integer
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip String
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport String
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Integer
    Maximum number of incomplete connections.
    monitors List<Vip6Monitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual ip6 name.
    nat64 String
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 String
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip String
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply String
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable port forwarding. Valid values: disable, enable.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    realservers List<Vip6Realserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters List<Vip6SrcFilter>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter String
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Vip6SslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Integer
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Integer
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Integer
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Integer
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Integer
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Vip6SslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Integer
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Integer
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type String
    Configure a static NAT or server load balance VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    mappedip string
    Mapped IP address range in the format startIP-endIP.
    addNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color number
    Color of icon on the GUI.
    comment string
    Comment.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid number
    Custom defined ID.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections number
    Maximum number of incomplete connections.
    monitors Vip6Monitor[]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name string
    Virtual ip6 name.
    nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward string
    Enable port forwarding. Valid values: disable, enable.
    protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    realservers Vip6Realserver[]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters Vip6SrcFilter[]
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites Vip6SslCipherSuite[]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge number
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri string
    URL to report HPKP violations to.
    sslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    sslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites Vip6SslServerCipherSuite[]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type string
    Configure a static NAT or server load balance VIP.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    extip str
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    mappedip str
    Mapped IP address range in the format startIP-endIP.
    add_nat64_route str
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arp_reply str
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color int
    Color of icon on the GUI.
    comment str
    Comment.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embedded_ipv4_address str
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extport str
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid int
    Custom defined ID.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2_support str
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3_support str
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    http_cookie_age int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    http_cookie_domain str
    Domain that HTTP cookie persistence should apply to.
    http_cookie_domain_from_host str
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    http_cookie_generation int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    http_cookie_path str
    Limit HTTP cookie persistence to the specified path.
    http_cookie_share str
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    http_ip_header str
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    http_ip_header_name str
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    http_multiplex str
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    http_redirect str
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    https_cookie_secure str
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4_mappedip str
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4_mappedport str
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldb_method str
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedport str
    Port number range on the destination network to which the external port number range is mapped.
    max_embryonic_connections int
    Maximum number of incomplete connections.
    monitors Sequence[Vip6MonitorArgs]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name str
    Virtual ip6 name.
    nat64 str
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 str
    Enable/disable DNAT66. Valid values: disable, enable.
    nat_source_vip str
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndp_reply str
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlook_web_access str
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence str
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward str
    Enable port forwarding. Valid values: disable, enable.
    protocol str
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6QuicArgs
    QUIC setting. The structure of quic block is documented below.
    realservers Sequence[Vip6RealserverArgs]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    server_type str
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    src_filters Sequence[Vip6SrcFilterArgs]
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    src_vip_filter str
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    ssl_accept_ffdhe_groups str
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    ssl_algorithm str
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    ssl_certificate str
    The name of the SSL certificate to use for SSL acceleration.
    ssl_cipher_suites Sequence[Vip6SslCipherSuiteArgs]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    ssl_client_fallback str
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    ssl_client_rekey_count int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    ssl_client_renegotiation str
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    ssl_client_session_state_max int
    Maximum number of client to FortiGate SSL session states to keep.
    ssl_client_session_state_timeout int
    Number of minutes to keep client to FortiGate SSL session state.
    ssl_client_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    ssl_dh_bits str
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    ssl_hpkp str
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    ssl_hpkp_age int
    Number of minutes the web browser should keep HPKP.
    ssl_hpkp_backup str
    Certificate to generate backup HPKP pin from.
    ssl_hpkp_include_subdomains str
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    ssl_hpkp_primary str
    Certificate to generate primary HPKP pin from.
    ssl_hpkp_report_uri str
    URL to report HPKP violations to.
    ssl_hsts str
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    ssl_hsts_age int
    Number of seconds the client should honour the HSTS setting.
    ssl_hsts_include_subdomains str
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    ssl_http_location_conversion str
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    ssl_http_match_host str
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    ssl_max_version str
    Highest SSL/TLS version acceptable from a client.
    ssl_min_version str
    Lowest SSL/TLS version acceptable from a client.
    ssl_mode str
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    ssl_pfs str
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    ssl_server_algorithm str
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    ssl_server_cipher_suites Sequence[Vip6SslServerCipherSuiteArgs]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    ssl_server_max_version str
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_min_version str
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_renegotiation str
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    ssl_server_session_state_max int
    Maximum number of FortiGate to Server SSL session states to keep.
    ssl_server_session_state_timeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    ssl_server_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type str
    Configure a static NAT or server load balance VIP.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogic_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphere_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    mappedip String
    Mapped IP address range in the format startIP-endIP.
    addNat64Route String
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Number
    Color of icon on the GUI.
    comment String
    Comment.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address String
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Number
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip String
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport String
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Number
    Maximum number of incomplete connections.
    monitors List<Property Map>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual ip6 name.
    nat64 String
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 String
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip String
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply String
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable port forwarding. Valid values: disable, enable.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Property Map
    QUIC setting. The structure of quic block is documented below.
    realservers List<Property Map>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters List<Property Map>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter String
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Property Map>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Number
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Property Map>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type String
    Configure a static NAT or server load balance VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Vip6 resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Vip6 Resource

    Get an existing Vip6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: Vip6State, opts?: CustomResourceOptions): Vip6
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            add_nat64_route: Optional[str] = None,
            arp_reply: Optional[str] = None,
            color: Optional[int] = None,
            comment: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            embedded_ipv4_address: Optional[str] = None,
            extip: Optional[str] = None,
            extport: Optional[str] = None,
            fosid: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            h2_support: Optional[str] = None,
            h3_support: Optional[str] = None,
            http_cookie_age: Optional[int] = None,
            http_cookie_domain: Optional[str] = None,
            http_cookie_domain_from_host: Optional[str] = None,
            http_cookie_generation: Optional[int] = None,
            http_cookie_path: Optional[str] = None,
            http_cookie_share: Optional[str] = None,
            http_ip_header: Optional[str] = None,
            http_ip_header_name: Optional[str] = None,
            http_multiplex: Optional[str] = None,
            http_redirect: Optional[str] = None,
            https_cookie_secure: Optional[str] = None,
            ipv4_mappedip: Optional[str] = None,
            ipv4_mappedport: Optional[str] = None,
            ldb_method: Optional[str] = None,
            mappedip: Optional[str] = None,
            mappedport: Optional[str] = None,
            max_embryonic_connections: Optional[int] = None,
            monitors: Optional[Sequence[Vip6MonitorArgs]] = None,
            name: Optional[str] = None,
            nat64: Optional[str] = None,
            nat66: Optional[str] = None,
            nat_source_vip: Optional[str] = None,
            ndp_reply: Optional[str] = None,
            outlook_web_access: Optional[str] = None,
            persistence: Optional[str] = None,
            portforward: Optional[str] = None,
            protocol: Optional[str] = None,
            quic: Optional[Vip6QuicArgs] = None,
            realservers: Optional[Sequence[Vip6RealserverArgs]] = None,
            server_type: Optional[str] = None,
            src_filters: Optional[Sequence[Vip6SrcFilterArgs]] = None,
            src_vip_filter: Optional[str] = None,
            ssl_accept_ffdhe_groups: Optional[str] = None,
            ssl_algorithm: Optional[str] = None,
            ssl_certificate: Optional[str] = None,
            ssl_cipher_suites: Optional[Sequence[Vip6SslCipherSuiteArgs]] = None,
            ssl_client_fallback: Optional[str] = None,
            ssl_client_rekey_count: Optional[int] = None,
            ssl_client_renegotiation: Optional[str] = None,
            ssl_client_session_state_max: Optional[int] = None,
            ssl_client_session_state_timeout: Optional[int] = None,
            ssl_client_session_state_type: Optional[str] = None,
            ssl_dh_bits: Optional[str] = None,
            ssl_hpkp: Optional[str] = None,
            ssl_hpkp_age: Optional[int] = None,
            ssl_hpkp_backup: Optional[str] = None,
            ssl_hpkp_include_subdomains: Optional[str] = None,
            ssl_hpkp_primary: Optional[str] = None,
            ssl_hpkp_report_uri: Optional[str] = None,
            ssl_hsts: Optional[str] = None,
            ssl_hsts_age: Optional[int] = None,
            ssl_hsts_include_subdomains: Optional[str] = None,
            ssl_http_location_conversion: Optional[str] = None,
            ssl_http_match_host: Optional[str] = None,
            ssl_max_version: Optional[str] = None,
            ssl_min_version: Optional[str] = None,
            ssl_mode: Optional[str] = None,
            ssl_pfs: Optional[str] = None,
            ssl_send_empty_frags: Optional[str] = None,
            ssl_server_algorithm: Optional[str] = None,
            ssl_server_cipher_suites: Optional[Sequence[Vip6SslServerCipherSuiteArgs]] = None,
            ssl_server_max_version: Optional[str] = None,
            ssl_server_min_version: Optional[str] = None,
            ssl_server_renegotiation: Optional[str] = None,
            ssl_server_session_state_max: Optional[int] = None,
            ssl_server_session_state_timeout: Optional[int] = None,
            ssl_server_session_state_type: Optional[str] = None,
            type: Optional[str] = None,
            uuid: Optional[str] = None,
            vdomparam: Optional[str] = None,
            weblogic_server: Optional[str] = None,
            websphere_server: Optional[str] = None) -> Vip6
    func GetVip6(ctx *Context, name string, id IDInput, state *Vip6State, opts ...ResourceOption) (*Vip6, error)
    public static Vip6 Get(string name, Input<string> id, Vip6State? state, CustomResourceOptions? opts = null)
    public static Vip6 get(String name, Output<String> id, Vip6State state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmbeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    Ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    Mappedip string
    Mapped IP address range in the format startIP-endIP.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors List<Pulumiverse.Fortios.Firewall.Inputs.Vip6Monitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual ip6 name.
    Nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    Nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    NatSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    NdpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable port forwarding. Valid values: disable, enable.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    Quic Pulumiverse.Fortios.Firewall.Inputs.Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    Realservers List<Pulumiverse.Fortios.Firewall.Inputs.Vip6Realserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    SrcFilters List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SrcFilter>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of minutes the web browser should keep HPKP.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites List<Pulumiverse.Fortios.Firewall.Inputs.Vip6SslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Type string
    Configure a static NAT or server load balance VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    AddNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    ArpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    Color int
    Color of icon on the GUI.
    Comment string
    Comment.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EmbeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    Extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    Extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    Fosid int
    Custom defined ID.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    H2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    H3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    HttpCookieAge int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    HttpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    HttpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    HttpCookieGeneration int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    HttpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    HttpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    HttpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    HttpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    HttpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    HttpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    HttpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    Ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    Ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    LdbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    Mappedip string
    Mapped IP address range in the format startIP-endIP.
    Mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    MaxEmbryonicConnections int
    Maximum number of incomplete connections.
    Monitors []Vip6MonitorArgs
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    Name string
    Virtual ip6 name.
    Nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    Nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    NatSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    NdpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    OutlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    Persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    Portforward string
    Enable port forwarding. Valid values: disable, enable.
    Protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    Quic Vip6QuicArgs
    QUIC setting. The structure of quic block is documented below.
    Realservers []Vip6RealserverArgs
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    ServerType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    SrcFilters []Vip6SrcFilterArgs
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    SrcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    SslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    SslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    SslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    SslCipherSuites []Vip6SslCipherSuiteArgs
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    SslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    SslClientRekeyCount int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    SslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    SslClientSessionStateMax int
    Maximum number of client to FortiGate SSL session states to keep.
    SslClientSessionStateTimeout int
    Number of minutes to keep client to FortiGate SSL session state.
    SslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    SslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    SslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    SslHpkpAge int
    Number of minutes the web browser should keep HPKP.
    SslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    SslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    SslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    SslHpkpReportUri string
    URL to report HPKP violations to.
    SslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    SslHstsAge int
    Number of seconds the client should honour the HSTS setting.
    SslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    SslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    SslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    SslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    SslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    SslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    SslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    SslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    SslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    SslServerCipherSuites []Vip6SslServerCipherSuiteArgs
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    SslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    SslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    SslServerSessionStateMax int
    Maximum number of FortiGate to Server SSL session states to keep.
    SslServerSessionStateTimeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    SslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    Type string
    Configure a static NAT or server load balance VIP.
    Uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WeblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    WebsphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat64Route String
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Integer
    Color of icon on the GUI.
    comment String
    Comment.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address String
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Integer
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Integer
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Integer
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip String
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport String
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedip String
    Mapped IP address range in the format startIP-endIP.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Integer
    Maximum number of incomplete connections.
    monitors List<Vip6Monitor>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual ip6 name.
    nat64 String
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 String
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip String
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply String
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable port forwarding. Valid values: disable, enable.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    realservers List<Vip6Realserver>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters List<Vip6SrcFilter>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter String
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Vip6SslCipherSuite>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Integer
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Integer
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Integer
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Integer
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Integer
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Vip6SslServerCipherSuite>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Integer
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Integer
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type String
    Configure a static NAT or server load balance VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat64Route string
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply string
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color number
    Color of icon on the GUI.
    comment string
    Comment.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address string
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extip string
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport string
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid number
    Custom defined ID.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support string
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support string
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain string
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost string
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath string
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare string
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader string
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName string
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex string
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect string
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure string
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip string
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport string
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod string
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedip string
    Mapped IP address range in the format startIP-endIP.
    mappedport string
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections number
    Maximum number of incomplete connections.
    monitors Vip6Monitor[]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name string
    Virtual ip6 name.
    nat64 string
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 string
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip string
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply string
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess string
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence string
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward string
    Enable port forwarding. Valid values: disable, enable.
    protocol string
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6Quic
    QUIC setting. The structure of quic block is documented below.
    realservers Vip6Realserver[]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType string
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters Vip6SrcFilter[]
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter string
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups string
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm string
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate string
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites Vip6SslCipherSuite[]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback string
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation string
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits string
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp string
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge number
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup string
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains string
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary string
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri string
    URL to report HPKP violations to.
    sslHsts string
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains string
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion string
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost string
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion string
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion string
    Lowest SSL/TLS version acceptable from a client.
    sslMode string
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs string
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags string
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm string
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites Vip6SslServerCipherSuite[]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion string
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion string
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation string
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType string
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type string
    Configure a static NAT or server load balance VIP.
    uuid string
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer string
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    add_nat64_route str
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arp_reply str
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color int
    Color of icon on the GUI.
    comment str
    Comment.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embedded_ipv4_address str
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extip str
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport str
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid int
    Custom defined ID.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2_support str
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3_support str
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    http_cookie_age int
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    http_cookie_domain str
    Domain that HTTP cookie persistence should apply to.
    http_cookie_domain_from_host str
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    http_cookie_generation int
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    http_cookie_path str
    Limit HTTP cookie persistence to the specified path.
    http_cookie_share str
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    http_ip_header str
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    http_ip_header_name str
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    http_multiplex str
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    http_redirect str
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    https_cookie_secure str
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4_mappedip str
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4_mappedport str
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldb_method str
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedip str
    Mapped IP address range in the format startIP-endIP.
    mappedport str
    Port number range on the destination network to which the external port number range is mapped.
    max_embryonic_connections int
    Maximum number of incomplete connections.
    monitors Sequence[Vip6MonitorArgs]
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name str
    Virtual ip6 name.
    nat64 str
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 str
    Enable/disable DNAT66. Valid values: disable, enable.
    nat_source_vip str
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndp_reply str
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlook_web_access str
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence str
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward str
    Enable port forwarding. Valid values: disable, enable.
    protocol str
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Vip6QuicArgs
    QUIC setting. The structure of quic block is documented below.
    realservers Sequence[Vip6RealserverArgs]
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    server_type str
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    src_filters Sequence[Vip6SrcFilterArgs]
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    src_vip_filter str
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    ssl_accept_ffdhe_groups str
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    ssl_algorithm str
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    ssl_certificate str
    The name of the SSL certificate to use for SSL acceleration.
    ssl_cipher_suites Sequence[Vip6SslCipherSuiteArgs]
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    ssl_client_fallback str
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    ssl_client_rekey_count int
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    ssl_client_renegotiation str
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    ssl_client_session_state_max int
    Maximum number of client to FortiGate SSL session states to keep.
    ssl_client_session_state_timeout int
    Number of minutes to keep client to FortiGate SSL session state.
    ssl_client_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    ssl_dh_bits str
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    ssl_hpkp str
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    ssl_hpkp_age int
    Number of minutes the web browser should keep HPKP.
    ssl_hpkp_backup str
    Certificate to generate backup HPKP pin from.
    ssl_hpkp_include_subdomains str
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    ssl_hpkp_primary str
    Certificate to generate primary HPKP pin from.
    ssl_hpkp_report_uri str
    URL to report HPKP violations to.
    ssl_hsts str
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    ssl_hsts_age int
    Number of seconds the client should honour the HSTS setting.
    ssl_hsts_include_subdomains str
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    ssl_http_location_conversion str
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    ssl_http_match_host str
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    ssl_max_version str
    Highest SSL/TLS version acceptable from a client.
    ssl_min_version str
    Lowest SSL/TLS version acceptable from a client.
    ssl_mode str
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    ssl_pfs str
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    ssl_send_empty_frags str
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    ssl_server_algorithm str
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    ssl_server_cipher_suites Sequence[Vip6SslServerCipherSuiteArgs]
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    ssl_server_max_version str
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_min_version str
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    ssl_server_renegotiation str
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    ssl_server_session_state_max int
    Maximum number of FortiGate to Server SSL session states to keep.
    ssl_server_session_state_timeout int
    Number of minutes to keep FortiGate to Server SSL session state.
    ssl_server_session_state_type str
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type str
    Configure a static NAT or server load balance VIP.
    uuid str
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogic_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphere_server str
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
    addNat64Route String
    Enable/disable adding NAT64 route. Valid values: disable, enable.
    arpReply String
    Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
    color Number
    Color of icon on the GUI.
    comment String
    Comment.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    embeddedIpv4Address String
    Enable/disable embedded IPv4 address. Valid values: disable, enable.
    extip String
    IP address or address range on the external interface that you want to map to an address or address range on the destination network.
    extport String
    Incoming port number range that you want to map to a port number range on the destination network.
    fosid Number
    Custom defined ID.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    h2Support String
    Enable/disable HTTP2 support (default = enable). Valid values: enable, disable.
    h3Support String
    Enable/disable HTTP3/QUIC support (default = disable). Valid values: enable, disable.
    httpCookieAge Number
    Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
    httpCookieDomain String
    Domain that HTTP cookie persistence should apply to.
    httpCookieDomainFromHost String
    Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
    httpCookieGeneration Number
    Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
    httpCookiePath String
    Limit HTTP cookie persistence to the specified path.
    httpCookieShare String
    Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
    httpIpHeader String
    For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: enable, disable.
    httpIpHeaderName String
    For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
    httpMultiplex String
    Enable/disable HTTP multiplexing. Valid values: enable, disable.
    httpRedirect String
    Enable/disable redirection of HTTP to HTTPS Valid values: enable, disable.
    httpsCookieSecure String
    Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
    ipv4Mappedip String
    Start-mapped-IPv4-address [-end mapped-IPv4-address].
    ipv4Mappedport String
    IPv4 port number range on the destination network to which the external port number range is mapped.
    ldbMethod String
    Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
    mappedip String
    Mapped IP address range in the format startIP-endIP.
    mappedport String
    Port number range on the destination network to which the external port number range is mapped.
    maxEmbryonicConnections Number
    Maximum number of incomplete connections.
    monitors List<Property Map>
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of monitor block is documented below.
    name String
    Virtual ip6 name.
    nat64 String
    Enable/disable DNAT64. Valid values: disable, enable.
    nat66 String
    Enable/disable DNAT66. Valid values: disable, enable.
    natSourceVip String
    Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: disable, enable.
    ndpReply String
    Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: disable, enable.
    outlookWebAccess String
    Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
    persistence String
    Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
    portforward String
    Enable port forwarding. Valid values: disable, enable.
    protocol String
    Protocol to use when forwarding packets. Valid values: tcp, udp, sctp.
    quic Property Map
    QUIC setting. The structure of quic block is documented below.
    realservers List<Property Map>
    Select the real servers that this server load balancing VIP will distribute traffic to. The structure of realservers block is documented below.
    serverType String
    Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip.
    srcFilters List<Property Map>
    Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of src_filter block is documented below.
    srcVipFilter String
    Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
    sslAcceptFfdheGroups String
    Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: enable, disable.
    sslAlgorithm String
    Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
    sslCertificate String
    The name of the SSL certificate to use for SSL acceleration.
    sslCipherSuites List<Property Map>
    SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of ssl_cipher_suites block is documented below.
    sslClientFallback String
    Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
    sslClientRekeyCount Number
    Maximum length of data in MB before triggering a client rekey (0 = disable).
    sslClientRenegotiation String
    Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: allow, deny, secure.
    sslClientSessionStateMax Number
    Maximum number of client to FortiGate SSL session states to keep.
    sslClientSessionStateTimeout Number
    Number of minutes to keep client to FortiGate SSL session state.
    sslClientSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
    sslDhBits String
    Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
    sslHpkp String
    Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
    sslHpkpAge Number
    Number of minutes the web browser should keep HPKP.
    sslHpkpBackup String
    Certificate to generate backup HPKP pin from.
    sslHpkpIncludeSubdomains String
    Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
    sslHpkpPrimary String
    Certificate to generate primary HPKP pin from.
    sslHpkpReportUri String
    URL to report HPKP violations to.
    sslHsts String
    Enable/disable including HSTS header in response. Valid values: disable, enable.
    sslHstsAge Number
    Number of seconds the client should honour the HSTS setting.
    sslHstsIncludeSubdomains String
    Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
    sslHttpLocationConversion String
    Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: enable, disable.
    sslHttpMatchHost String
    Enable/disable HTTP host matching for location conversion. Valid values: enable, disable.
    sslMaxVersion String
    Highest SSL/TLS version acceptable from a client.
    sslMinVersion String
    Lowest SSL/TLS version acceptable from a client.
    sslMode String
    Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
    sslPfs String
    Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
    sslSendEmptyFrags String
    Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: enable, disable.
    sslServerAlgorithm String
    Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, medium, low, custom, client.
    sslServerCipherSuites List<Property Map>
    SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of ssl_server_cipher_suites block is documented below.
    sslServerMaxVersion String
    Highest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerMinVersion String
    Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
    sslServerRenegotiation String
    Enable/disable secure renegotiation to comply with RFC 5746. Valid values: enable, disable.
    sslServerSessionStateMax Number
    Maximum number of FortiGate to Server SSL session states to keep.
    sslServerSessionStateTimeout Number
    Number of minutes to keep FortiGate to Server SSL session state.
    sslServerSessionStateType String
    How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
    type String
    Configure a static NAT or server load balance VIP.
    uuid String
    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    weblogicServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
    websphereServer String
    Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

    Supporting Types

    Vip6Monitor, Vip6MonitorArgs

    Name string
    Health monitor name.
    Name string
    Health monitor name.
    name String
    Health monitor name.
    name string
    Health monitor name.
    name str
    Health monitor name.
    name String
    Health monitor name.

    Vip6Quic, Vip6QuicArgs

    AckDelayExponent int
    ACK delay exponent (1 - 20, default = 3).
    ActiveConnectionIdLimit int
    Active connection ID limit (1 - 8, default = 2).
    ActiveMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    GreaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    MaxAckDelay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    MaxDatagramFrameSize int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    MaxIdleTimeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    MaxUdpPayloadSize int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    AckDelayExponent int
    ACK delay exponent (1 - 20, default = 3).
    ActiveConnectionIdLimit int
    Active connection ID limit (1 - 8, default = 2).
    ActiveMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    GreaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    MaxAckDelay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    MaxDatagramFrameSize int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    MaxIdleTimeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    MaxUdpPayloadSize int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent Integer
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit Integer
    Active connection ID limit (1 - 8, default = 2).
    activeMigration String
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit String
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay Integer
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize Integer
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout Integer
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize Integer
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent number
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit number
    Active connection ID limit (1 - 8, default = 2).
    activeMigration string
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit string
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay number
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize number
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout number
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize number
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ack_delay_exponent int
    ACK delay exponent (1 - 20, default = 3).
    active_connection_id_limit int
    Active connection ID limit (1 - 8, default = 2).
    active_migration str
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    grease_quic_bit str
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    max_ack_delay int
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    max_datagram_frame_size int
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    max_idle_timeout int
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    max_udp_payload_size int
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
    ackDelayExponent Number
    ACK delay exponent (1 - 20, default = 3).
    activeConnectionIdLimit Number
    Active connection ID limit (1 - 8, default = 2).
    activeMigration String
    Enable/disable active migration (default = disable). Valid values: enable, disable.
    greaseQuicBit String
    Enable/disable grease QUIC bit (default = enable). Valid values: enable, disable.
    maxAckDelay Number
    Maximum ACK delay in milliseconds (1 - 16383, default = 25).
    maxDatagramFrameSize Number
    Maximum datagram frame size in bytes (1 - 1500, default = 1500).
    maxIdleTimeout Number
    Maximum idle timeout milliseconds (1 - 60000, default = 30000).
    maxUdpPayloadSize Number
    Maximum UDP payload size in bytes (1200 - 1500, default = 1500).

    Vip6Realserver, Vip6RealserverArgs

    ClientIp string
    Only clients in this IP range can connect to this real server.
    Healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    HolddownInterval int
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    HttpHost string
    HTTP server domain name in HTTP header.
    Id int
    Real server ID.
    Ip string
    IPv6 address of the real server.
    MaxConnections int
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    Monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    Port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    Status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    TranslateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    Weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    ClientIp string
    Only clients in this IP range can connect to this real server.
    Healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    HolddownInterval int
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    HttpHost string
    HTTP server domain name in HTTP header.
    Id int
    Real server ID.
    Ip string
    IPv6 address of the real server.
    MaxConnections int
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    Monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    Port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    Status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    TranslateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    Weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    clientIp String
    Only clients in this IP range can connect to this real server.
    healthcheck String
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval Integer
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    httpHost String
    HTTP server domain name in HTTP header.
    id Integer
    Real server ID.
    ip String
    IPv6 address of the real server.
    maxConnections Integer
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    monitor String
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port Integer
    Port for communicating with the real server. Required if port forwarding is enabled.
    status String
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost String
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    weight Integer
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    clientIp string
    Only clients in this IP range can connect to this real server.
    healthcheck string
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval number
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    httpHost string
    HTTP server domain name in HTTP header.
    id number
    Real server ID.
    ip string
    IPv6 address of the real server.
    maxConnections number
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    monitor string
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port number
    Port for communicating with the real server. Required if port forwarding is enabled.
    status string
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost string
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    weight number
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    client_ip str
    Only clients in this IP range can connect to this real server.
    healthcheck str
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddown_interval int
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    http_host str
    HTTP server domain name in HTTP header.
    id int
    Real server ID.
    ip str
    IPv6 address of the real server.
    max_connections int
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    monitor str
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port int
    Port for communicating with the real server. Required if port forwarding is enabled.
    status str
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translate_host str
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    weight int
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
    clientIp String
    Only clients in this IP range can connect to this real server.
    healthcheck String
    Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
    holddownInterval Number
    Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
    httpHost String
    HTTP server domain name in HTTP header.
    id Number
    Real server ID.
    ip String
    IPv6 address of the real server.
    maxConnections Number
    Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
    monitor String
    Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
    port Number
    Port for communicating with the real server. Required if port forwarding is enabled.
    status String
    Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
    translateHost String
    Enable/disable translation of hostname/IP from virtual server to real server. Valid values: enable, disable.
    weight Number
    Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.

    Vip6SrcFilter, Vip6SrcFilterArgs

    Range string
    Source-filter range.
    Range string
    Source-filter range.
    range String
    Source-filter range.
    range string
    Source-filter range.
    range str
    Source-filter range.
    range String
    Source-filter range.

    Vip6SslCipherSuite, Vip6SslCipherSuiteArgs

    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Integer
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.
    cipher string
    Cipher suite name.
    priority number
    SSL/TLS cipher suites priority.
    versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher str
    Cipher suite name.
    priority int
    SSL/TLS cipher suites priority.
    versions str
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Number
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.

    Vip6SslServerCipherSuite, Vip6SslServerCipherSuiteArgs

    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    Cipher string
    Cipher suite name.
    Priority int
    SSL/TLS cipher suites priority.
    Versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Integer
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.
    cipher string
    Cipher suite name.
    priority number
    SSL/TLS cipher suites priority.
    versions string
    SSL/TLS versions that the cipher suite can be used with.
    cipher str
    Cipher suite name.
    priority int
    SSL/TLS cipher suites priority.
    versions str
    SSL/TLS versions that the cipher suite can be used with.
    cipher String
    Cipher suite name.
    priority Number
    SSL/TLS cipher suites priority.
    versions String
    SSL/TLS versions that the cipher suite can be used with.

    Import

    Firewall Vip6 can be imported using any of these accepted formats:

    $ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse