fortios.system.Ha
Explore with Pulumi AI
Configure HA.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.system.Ha("trname", {
cpuThreshold: "5 0 0",
encryption: "disable",
ftpProxyThreshold: "5 0 0",
gratuitousArps: "enable",
groupId: 0,
haDirect: "disable",
haEthType: "8890",
haMgmtStatus: "disable",
haUptimeDiffMargin: 300,
hbInterval: 2,
hbLostThreshold: 20,
hcEthType: "8891",
helloHolddown: 20,
httpProxyThreshold: "5 0 0",
imapProxyThreshold: "5 0 0",
interClusterSessionSync: "disable",
l2epEthType: "8893",
linkFailedSignal: "disable",
loadBalanceAll: "disable",
memoryCompatibleMode: "disable",
memoryThreshold: "5 0 0",
mode: "standalone",
multicastTtl: 600,
nntpProxyThreshold: "5 0 0",
override: "disable",
overrideWaitTime: 0,
secondaryVcluster: {
override: "enable",
overrideWaitTime: 0,
pingserverFailoverThreshold: 0,
pingserverSlaveForceReset: "enable",
priority: 128,
vclusterId: 1,
},
weight: "40 ",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.system.Ha("trname",
cpu_threshold="5 0 0",
encryption="disable",
ftp_proxy_threshold="5 0 0",
gratuitous_arps="enable",
group_id=0,
ha_direct="disable",
ha_eth_type="8890",
ha_mgmt_status="disable",
ha_uptime_diff_margin=300,
hb_interval=2,
hb_lost_threshold=20,
hc_eth_type="8891",
hello_holddown=20,
http_proxy_threshold="5 0 0",
imap_proxy_threshold="5 0 0",
inter_cluster_session_sync="disable",
l2ep_eth_type="8893",
link_failed_signal="disable",
load_balance_all="disable",
memory_compatible_mode="disable",
memory_threshold="5 0 0",
mode="standalone",
multicast_ttl=600,
nntp_proxy_threshold="5 0 0",
override="disable",
override_wait_time=0,
secondary_vcluster=fortios.system.HaSecondaryVclusterArgs(
override="enable",
override_wait_time=0,
pingserver_failover_threshold=0,
pingserver_slave_force_reset="enable",
priority=128,
vcluster_id=1,
),
weight="40 ")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := system.NewHa(ctx, "trname", &system.HaArgs{
CpuThreshold: pulumi.String("5 0 0"),
Encryption: pulumi.String("disable"),
FtpProxyThreshold: pulumi.String("5 0 0"),
GratuitousArps: pulumi.String("enable"),
GroupId: pulumi.Int(0),
HaDirect: pulumi.String("disable"),
HaEthType: pulumi.String("8890"),
HaMgmtStatus: pulumi.String("disable"),
HaUptimeDiffMargin: pulumi.Int(300),
HbInterval: pulumi.Int(2),
HbLostThreshold: pulumi.Int(20),
HcEthType: pulumi.String("8891"),
HelloHolddown: pulumi.Int(20),
HttpProxyThreshold: pulumi.String("5 0 0"),
ImapProxyThreshold: pulumi.String("5 0 0"),
InterClusterSessionSync: pulumi.String("disable"),
L2epEthType: pulumi.String("8893"),
LinkFailedSignal: pulumi.String("disable"),
LoadBalanceAll: pulumi.String("disable"),
MemoryCompatibleMode: pulumi.String("disable"),
MemoryThreshold: pulumi.String("5 0 0"),
Mode: pulumi.String("standalone"),
MulticastTtl: pulumi.Int(600),
NntpProxyThreshold: pulumi.String("5 0 0"),
Override: pulumi.String("disable"),
OverrideWaitTime: pulumi.Int(0),
SecondaryVcluster: &system.HaSecondaryVclusterArgs{
Override: pulumi.String("enable"),
OverrideWaitTime: pulumi.Int(0),
PingserverFailoverThreshold: pulumi.Int(0),
PingserverSlaveForceReset: pulumi.String("enable"),
Priority: pulumi.Int(128),
VclusterId: pulumi.Int(1),
},
Weight: pulumi.String("40 "),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.System.Ha("trname", new()
{
CpuThreshold = "5 0 0",
Encryption = "disable",
FtpProxyThreshold = "5 0 0",
GratuitousArps = "enable",
GroupId = 0,
HaDirect = "disable",
HaEthType = "8890",
HaMgmtStatus = "disable",
HaUptimeDiffMargin = 300,
HbInterval = 2,
HbLostThreshold = 20,
HcEthType = "8891",
HelloHolddown = 20,
HttpProxyThreshold = "5 0 0",
ImapProxyThreshold = "5 0 0",
InterClusterSessionSync = "disable",
L2epEthType = "8893",
LinkFailedSignal = "disable",
LoadBalanceAll = "disable",
MemoryCompatibleMode = "disable",
MemoryThreshold = "5 0 0",
Mode = "standalone",
MulticastTtl = 600,
NntpProxyThreshold = "5 0 0",
Override = "disable",
OverrideWaitTime = 0,
SecondaryVcluster = new Fortios.System.Inputs.HaSecondaryVclusterArgs
{
Override = "enable",
OverrideWaitTime = 0,
PingserverFailoverThreshold = 0,
PingserverSlaveForceReset = "enable",
Priority = 128,
VclusterId = 1,
},
Weight = "40 ",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.system.Ha;
import com.pulumi.fortios.system.HaArgs;
import com.pulumi.fortios.system.inputs.HaSecondaryVclusterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Ha("trname", HaArgs.builder()
.cpuThreshold("5 0 0")
.encryption("disable")
.ftpProxyThreshold("5 0 0")
.gratuitousArps("enable")
.groupId(0)
.haDirect("disable")
.haEthType("8890")
.haMgmtStatus("disable")
.haUptimeDiffMargin(300)
.hbInterval(2)
.hbLostThreshold(20)
.hcEthType("8891")
.helloHolddown(20)
.httpProxyThreshold("5 0 0")
.imapProxyThreshold("5 0 0")
.interClusterSessionSync("disable")
.l2epEthType("8893")
.linkFailedSignal("disable")
.loadBalanceAll("disable")
.memoryCompatibleMode("disable")
.memoryThreshold("5 0 0")
.mode("standalone")
.multicastTtl(600)
.nntpProxyThreshold("5 0 0")
.override("disable")
.overrideWaitTime(0)
.secondaryVcluster(HaSecondaryVclusterArgs.builder()
.override("enable")
.overrideWaitTime(0)
.pingserverFailoverThreshold(0)
.pingserverSlaveForceReset("enable")
.priority(128)
.vclusterId(1)
.build())
.weight("40 ")
.build());
}
}
resources:
trname:
type: fortios:system:Ha
properties:
cpuThreshold: 5 0 0
encryption: disable
ftpProxyThreshold: 5 0 0
gratuitousArps: enable
groupId: 0
haDirect: disable
haEthType: '8890'
haMgmtStatus: disable
haUptimeDiffMargin: 300
hbInterval: 2
hbLostThreshold: 20
hcEthType: '8891'
helloHolddown: 20
httpProxyThreshold: 5 0 0
imapProxyThreshold: 5 0 0
interClusterSessionSync: disable
l2epEthType: '8893'
linkFailedSignal: disable
loadBalanceAll: disable
memoryCompatibleMode: disable
memoryThreshold: 5 0 0
mode: standalone
multicastTtl: 600
nntpProxyThreshold: 5 0 0
override: disable
overrideWaitTime: 0
secondaryVcluster:
override: enable
overrideWaitTime: 0
pingserverFailoverThreshold: 0
pingserverSlaveForceReset: enable
priority: 128
vclusterId: 1
weight: '40 '
Create Ha Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Ha(name: string, args?: HaArgs, opts?: CustomResourceOptions);
@overload
def Ha(resource_name: str,
args: Optional[HaArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Ha(resource_name: str,
opts: Optional[ResourceOptions] = None,
arps: Optional[int] = None,
arps_interval: Optional[int] = None,
authentication: Optional[str] = None,
cpu_threshold: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
encryption: Optional[str] = None,
evpn_ttl: Optional[int] = None,
failover_hold_time: Optional[int] = None,
ftp_proxy_threshold: Optional[str] = None,
get_all_tables: Optional[str] = None,
gratuitous_arps: Optional[str] = None,
group_id: Optional[int] = None,
group_name: Optional[str] = None,
ha_direct: Optional[str] = None,
ha_eth_type: Optional[str] = None,
ha_mgmt_interfaces: Optional[Sequence[HaHaMgmtInterfaceArgs]] = None,
ha_mgmt_status: Optional[str] = None,
ha_uptime_diff_margin: Optional[int] = None,
hb_interval: Optional[int] = None,
hb_interval_in_milliseconds: Optional[str] = None,
hb_lost_threshold: Optional[int] = None,
hbdev: Optional[str] = None,
hc_eth_type: Optional[str] = None,
hello_holddown: Optional[int] = None,
http_proxy_threshold: Optional[str] = None,
imap_proxy_threshold: Optional[str] = None,
inter_cluster_session_sync: Optional[str] = None,
ipsec_phase2_proposal: Optional[str] = None,
key: Optional[str] = None,
l2ep_eth_type: Optional[str] = None,
link_failed_signal: Optional[str] = None,
load_balance_all: Optional[str] = None,
logical_sn: Optional[str] = None,
memory_based_failover: Optional[str] = None,
memory_compatible_mode: Optional[str] = None,
memory_failover_flip_timeout: Optional[int] = None,
memory_failover_monitor_period: Optional[int] = None,
memory_failover_sample_rate: Optional[int] = None,
memory_failover_threshold: Optional[int] = None,
memory_threshold: Optional[str] = None,
mode: Optional[str] = None,
monitor: Optional[str] = None,
multicast_ttl: Optional[int] = None,
nntp_proxy_threshold: Optional[str] = None,
override: Optional[str] = None,
override_wait_time: Optional[int] = None,
password: Optional[str] = None,
pingserver_failover_threshold: Optional[int] = None,
pingserver_flip_timeout: Optional[int] = None,
pingserver_monitor_interface: Optional[str] = None,
pingserver_secondary_force_reset: Optional[str] = None,
pingserver_slave_force_reset: Optional[str] = None,
pop3_proxy_threshold: Optional[str] = None,
priority: Optional[int] = None,
route_hold: Optional[int] = None,
route_ttl: Optional[int] = None,
route_wait: Optional[int] = None,
schedule: Optional[str] = None,
secondary_vcluster: Optional[HaSecondaryVclusterArgs] = None,
session_pickup: Optional[str] = None,
session_pickup_connectionless: Optional[str] = None,
session_pickup_delay: Optional[str] = None,
session_pickup_expectation: Optional[str] = None,
session_pickup_nat: Optional[str] = None,
session_sync_dev: Optional[str] = None,
smtp_proxy_threshold: Optional[str] = None,
ssd_failover: Optional[str] = None,
standalone_config_sync: Optional[str] = None,
standalone_mgmt_vdom: Optional[str] = None,
sync_config: Optional[str] = None,
sync_packet_balance: Optional[str] = None,
unicast_gateway: Optional[str] = None,
unicast_hb: Optional[str] = None,
unicast_hb_netmask: Optional[str] = None,
unicast_hb_peerip: Optional[str] = None,
unicast_peers: Optional[Sequence[HaUnicastPeerArgs]] = None,
unicast_status: Optional[str] = None,
uninterruptible_primary_wait: Optional[int] = None,
uninterruptible_upgrade: Optional[str] = None,
upgrade_mode: Optional[str] = None,
vcluster2: Optional[str] = None,
vcluster_id: Optional[int] = None,
vcluster_status: Optional[str] = None,
vclusters: Optional[Sequence[HaVclusterArgs]] = None,
vdom: Optional[str] = None,
vdomparam: Optional[str] = None,
weight: Optional[str] = None)
func NewHa(ctx *Context, name string, args *HaArgs, opts ...ResourceOption) (*Ha, error)
public Ha(string name, HaArgs? args = null, CustomResourceOptions? opts = null)
type: fortios:system:Ha
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args HaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args HaArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args HaArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args HaArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args HaArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var haResource = new Fortios.System.Ha("haResource", new()
{
Arps = 0,
ArpsInterval = 0,
Authentication = "string",
CpuThreshold = "string",
DynamicSortSubtable = "string",
Encryption = "string",
EvpnTtl = 0,
FailoverHoldTime = 0,
FtpProxyThreshold = "string",
GetAllTables = "string",
GratuitousArps = "string",
GroupId = 0,
GroupName = "string",
HaDirect = "string",
HaEthType = "string",
HaMgmtInterfaces = new[]
{
new Fortios.System.Inputs.HaHaMgmtInterfaceArgs
{
Dst = "string",
Gateway = "string",
Gateway6 = "string",
Id = 0,
Interface = "string",
},
},
HaMgmtStatus = "string",
HaUptimeDiffMargin = 0,
HbInterval = 0,
HbIntervalInMilliseconds = "string",
HbLostThreshold = 0,
Hbdev = "string",
HcEthType = "string",
HelloHolddown = 0,
HttpProxyThreshold = "string",
ImapProxyThreshold = "string",
InterClusterSessionSync = "string",
IpsecPhase2Proposal = "string",
Key = "string",
L2epEthType = "string",
LinkFailedSignal = "string",
LoadBalanceAll = "string",
LogicalSn = "string",
MemoryBasedFailover = "string",
MemoryCompatibleMode = "string",
MemoryFailoverFlipTimeout = 0,
MemoryFailoverMonitorPeriod = 0,
MemoryFailoverSampleRate = 0,
MemoryFailoverThreshold = 0,
MemoryThreshold = "string",
Mode = "string",
Monitor = "string",
MulticastTtl = 0,
NntpProxyThreshold = "string",
Override = "string",
OverrideWaitTime = 0,
Password = "string",
PingserverFailoverThreshold = 0,
PingserverFlipTimeout = 0,
PingserverMonitorInterface = "string",
PingserverSecondaryForceReset = "string",
PingserverSlaveForceReset = "string",
Pop3ProxyThreshold = "string",
Priority = 0,
RouteHold = 0,
RouteTtl = 0,
RouteWait = 0,
Schedule = "string",
SecondaryVcluster = new Fortios.System.Inputs.HaSecondaryVclusterArgs
{
Monitor = "string",
Override = "string",
OverrideWaitTime = 0,
PingserverFailoverThreshold = 0,
PingserverMonitorInterface = "string",
PingserverSecondaryForceReset = "string",
PingserverSlaveForceReset = "string",
Priority = 0,
VclusterId = 0,
Vdom = "string",
},
SessionPickup = "string",
SessionPickupConnectionless = "string",
SessionPickupDelay = "string",
SessionPickupExpectation = "string",
SessionPickupNat = "string",
SessionSyncDev = "string",
SmtpProxyThreshold = "string",
SsdFailover = "string",
StandaloneConfigSync = "string",
StandaloneMgmtVdom = "string",
SyncConfig = "string",
SyncPacketBalance = "string",
UnicastGateway = "string",
UnicastHb = "string",
UnicastHbNetmask = "string",
UnicastHbPeerip = "string",
UnicastPeers = new[]
{
new Fortios.System.Inputs.HaUnicastPeerArgs
{
Id = 0,
PeerIp = "string",
},
},
UnicastStatus = "string",
UninterruptiblePrimaryWait = 0,
UninterruptibleUpgrade = "string",
UpgradeMode = "string",
Vcluster2 = "string",
VclusterId = 0,
VclusterStatus = "string",
Vclusters = new[]
{
new Fortios.System.Inputs.HaVclusterArgs
{
Monitor = "string",
Override = "string",
OverrideWaitTime = 0,
PingserverFailoverThreshold = 0,
PingserverFlipTimeout = 0,
PingserverMonitorInterface = "string",
PingserverSecondaryForceReset = "string",
PingserverSlaveForceReset = "string",
Priority = 0,
VclusterId = 0,
Vdoms = new[]
{
new Fortios.System.Inputs.HaVclusterVdomArgs
{
Name = "string",
},
},
},
},
Vdom = "string",
Vdomparam = "string",
Weight = "string",
});
example, err := system.NewHa(ctx, "haResource", &system.HaArgs{
Arps: pulumi.Int(0),
ArpsInterval: pulumi.Int(0),
Authentication: pulumi.String("string"),
CpuThreshold: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
Encryption: pulumi.String("string"),
EvpnTtl: pulumi.Int(0),
FailoverHoldTime: pulumi.Int(0),
FtpProxyThreshold: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
GratuitousArps: pulumi.String("string"),
GroupId: pulumi.Int(0),
GroupName: pulumi.String("string"),
HaDirect: pulumi.String("string"),
HaEthType: pulumi.String("string"),
HaMgmtInterfaces: system.HaHaMgmtInterfaceArray{
&system.HaHaMgmtInterfaceArgs{
Dst: pulumi.String("string"),
Gateway: pulumi.String("string"),
Gateway6: pulumi.String("string"),
Id: pulumi.Int(0),
Interface: pulumi.String("string"),
},
},
HaMgmtStatus: pulumi.String("string"),
HaUptimeDiffMargin: pulumi.Int(0),
HbInterval: pulumi.Int(0),
HbIntervalInMilliseconds: pulumi.String("string"),
HbLostThreshold: pulumi.Int(0),
Hbdev: pulumi.String("string"),
HcEthType: pulumi.String("string"),
HelloHolddown: pulumi.Int(0),
HttpProxyThreshold: pulumi.String("string"),
ImapProxyThreshold: pulumi.String("string"),
InterClusterSessionSync: pulumi.String("string"),
IpsecPhase2Proposal: pulumi.String("string"),
Key: pulumi.String("string"),
L2epEthType: pulumi.String("string"),
LinkFailedSignal: pulumi.String("string"),
LoadBalanceAll: pulumi.String("string"),
LogicalSn: pulumi.String("string"),
MemoryBasedFailover: pulumi.String("string"),
MemoryCompatibleMode: pulumi.String("string"),
MemoryFailoverFlipTimeout: pulumi.Int(0),
MemoryFailoverMonitorPeriod: pulumi.Int(0),
MemoryFailoverSampleRate: pulumi.Int(0),
MemoryFailoverThreshold: pulumi.Int(0),
MemoryThreshold: pulumi.String("string"),
Mode: pulumi.String("string"),
Monitor: pulumi.String("string"),
MulticastTtl: pulumi.Int(0),
NntpProxyThreshold: pulumi.String("string"),
Override: pulumi.String("string"),
OverrideWaitTime: pulumi.Int(0),
Password: pulumi.String("string"),
PingserverFailoverThreshold: pulumi.Int(0),
PingserverFlipTimeout: pulumi.Int(0),
PingserverMonitorInterface: pulumi.String("string"),
PingserverSecondaryForceReset: pulumi.String("string"),
PingserverSlaveForceReset: pulumi.String("string"),
Pop3ProxyThreshold: pulumi.String("string"),
Priority: pulumi.Int(0),
RouteHold: pulumi.Int(0),
RouteTtl: pulumi.Int(0),
RouteWait: pulumi.Int(0),
Schedule: pulumi.String("string"),
SecondaryVcluster: &system.HaSecondaryVclusterArgs{
Monitor: pulumi.String("string"),
Override: pulumi.String("string"),
OverrideWaitTime: pulumi.Int(0),
PingserverFailoverThreshold: pulumi.Int(0),
PingserverMonitorInterface: pulumi.String("string"),
PingserverSecondaryForceReset: pulumi.String("string"),
PingserverSlaveForceReset: pulumi.String("string"),
Priority: pulumi.Int(0),
VclusterId: pulumi.Int(0),
Vdom: pulumi.String("string"),
},
SessionPickup: pulumi.String("string"),
SessionPickupConnectionless: pulumi.String("string"),
SessionPickupDelay: pulumi.String("string"),
SessionPickupExpectation: pulumi.String("string"),
SessionPickupNat: pulumi.String("string"),
SessionSyncDev: pulumi.String("string"),
SmtpProxyThreshold: pulumi.String("string"),
SsdFailover: pulumi.String("string"),
StandaloneConfigSync: pulumi.String("string"),
StandaloneMgmtVdom: pulumi.String("string"),
SyncConfig: pulumi.String("string"),
SyncPacketBalance: pulumi.String("string"),
UnicastGateway: pulumi.String("string"),
UnicastHb: pulumi.String("string"),
UnicastHbNetmask: pulumi.String("string"),
UnicastHbPeerip: pulumi.String("string"),
UnicastPeers: system.HaUnicastPeerArray{
&system.HaUnicastPeerArgs{
Id: pulumi.Int(0),
PeerIp: pulumi.String("string"),
},
},
UnicastStatus: pulumi.String("string"),
UninterruptiblePrimaryWait: pulumi.Int(0),
UninterruptibleUpgrade: pulumi.String("string"),
UpgradeMode: pulumi.String("string"),
Vcluster2: pulumi.String("string"),
VclusterId: pulumi.Int(0),
VclusterStatus: pulumi.String("string"),
Vclusters: system.HaVclusterArray{
&system.HaVclusterArgs{
Monitor: pulumi.String("string"),
Override: pulumi.String("string"),
OverrideWaitTime: pulumi.Int(0),
PingserverFailoverThreshold: pulumi.Int(0),
PingserverFlipTimeout: pulumi.Int(0),
PingserverMonitorInterface: pulumi.String("string"),
PingserverSecondaryForceReset: pulumi.String("string"),
PingserverSlaveForceReset: pulumi.String("string"),
Priority: pulumi.Int(0),
VclusterId: pulumi.Int(0),
Vdoms: system.HaVclusterVdomArray{
&system.HaVclusterVdomArgs{
Name: pulumi.String("string"),
},
},
},
},
Vdom: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
Weight: pulumi.String("string"),
})
var haResource = new Ha("haResource", HaArgs.builder()
.arps(0)
.arpsInterval(0)
.authentication("string")
.cpuThreshold("string")
.dynamicSortSubtable("string")
.encryption("string")
.evpnTtl(0)
.failoverHoldTime(0)
.ftpProxyThreshold("string")
.getAllTables("string")
.gratuitousArps("string")
.groupId(0)
.groupName("string")
.haDirect("string")
.haEthType("string")
.haMgmtInterfaces(HaHaMgmtInterfaceArgs.builder()
.dst("string")
.gateway("string")
.gateway6("string")
.id(0)
.interface_("string")
.build())
.haMgmtStatus("string")
.haUptimeDiffMargin(0)
.hbInterval(0)
.hbIntervalInMilliseconds("string")
.hbLostThreshold(0)
.hbdev("string")
.hcEthType("string")
.helloHolddown(0)
.httpProxyThreshold("string")
.imapProxyThreshold("string")
.interClusterSessionSync("string")
.ipsecPhase2Proposal("string")
.key("string")
.l2epEthType("string")
.linkFailedSignal("string")
.loadBalanceAll("string")
.logicalSn("string")
.memoryBasedFailover("string")
.memoryCompatibleMode("string")
.memoryFailoverFlipTimeout(0)
.memoryFailoverMonitorPeriod(0)
.memoryFailoverSampleRate(0)
.memoryFailoverThreshold(0)
.memoryThreshold("string")
.mode("string")
.monitor("string")
.multicastTtl(0)
.nntpProxyThreshold("string")
.override("string")
.overrideWaitTime(0)
.password("string")
.pingserverFailoverThreshold(0)
.pingserverFlipTimeout(0)
.pingserverMonitorInterface("string")
.pingserverSecondaryForceReset("string")
.pingserverSlaveForceReset("string")
.pop3ProxyThreshold("string")
.priority(0)
.routeHold(0)
.routeTtl(0)
.routeWait(0)
.schedule("string")
.secondaryVcluster(HaSecondaryVclusterArgs.builder()
.monitor("string")
.override("string")
.overrideWaitTime(0)
.pingserverFailoverThreshold(0)
.pingserverMonitorInterface("string")
.pingserverSecondaryForceReset("string")
.pingserverSlaveForceReset("string")
.priority(0)
.vclusterId(0)
.vdom("string")
.build())
.sessionPickup("string")
.sessionPickupConnectionless("string")
.sessionPickupDelay("string")
.sessionPickupExpectation("string")
.sessionPickupNat("string")
.sessionSyncDev("string")
.smtpProxyThreshold("string")
.ssdFailover("string")
.standaloneConfigSync("string")
.standaloneMgmtVdom("string")
.syncConfig("string")
.syncPacketBalance("string")
.unicastGateway("string")
.unicastHb("string")
.unicastHbNetmask("string")
.unicastHbPeerip("string")
.unicastPeers(HaUnicastPeerArgs.builder()
.id(0)
.peerIp("string")
.build())
.unicastStatus("string")
.uninterruptiblePrimaryWait(0)
.uninterruptibleUpgrade("string")
.upgradeMode("string")
.vcluster2("string")
.vclusterId(0)
.vclusterStatus("string")
.vclusters(HaVclusterArgs.builder()
.monitor("string")
.override("string")
.overrideWaitTime(0)
.pingserverFailoverThreshold(0)
.pingserverFlipTimeout(0)
.pingserverMonitorInterface("string")
.pingserverSecondaryForceReset("string")
.pingserverSlaveForceReset("string")
.priority(0)
.vclusterId(0)
.vdoms(HaVclusterVdomArgs.builder()
.name("string")
.build())
.build())
.vdom("string")
.vdomparam("string")
.weight("string")
.build());
ha_resource = fortios.system.Ha("haResource",
arps=0,
arps_interval=0,
authentication="string",
cpu_threshold="string",
dynamic_sort_subtable="string",
encryption="string",
evpn_ttl=0,
failover_hold_time=0,
ftp_proxy_threshold="string",
get_all_tables="string",
gratuitous_arps="string",
group_id=0,
group_name="string",
ha_direct="string",
ha_eth_type="string",
ha_mgmt_interfaces=[{
"dst": "string",
"gateway": "string",
"gateway6": "string",
"id": 0,
"interface": "string",
}],
ha_mgmt_status="string",
ha_uptime_diff_margin=0,
hb_interval=0,
hb_interval_in_milliseconds="string",
hb_lost_threshold=0,
hbdev="string",
hc_eth_type="string",
hello_holddown=0,
http_proxy_threshold="string",
imap_proxy_threshold="string",
inter_cluster_session_sync="string",
ipsec_phase2_proposal="string",
key="string",
l2ep_eth_type="string",
link_failed_signal="string",
load_balance_all="string",
logical_sn="string",
memory_based_failover="string",
memory_compatible_mode="string",
memory_failover_flip_timeout=0,
memory_failover_monitor_period=0,
memory_failover_sample_rate=0,
memory_failover_threshold=0,
memory_threshold="string",
mode="string",
monitor="string",
multicast_ttl=0,
nntp_proxy_threshold="string",
override="string",
override_wait_time=0,
password="string",
pingserver_failover_threshold=0,
pingserver_flip_timeout=0,
pingserver_monitor_interface="string",
pingserver_secondary_force_reset="string",
pingserver_slave_force_reset="string",
pop3_proxy_threshold="string",
priority=0,
route_hold=0,
route_ttl=0,
route_wait=0,
schedule="string",
secondary_vcluster={
"monitor": "string",
"override": "string",
"override_wait_time": 0,
"pingserver_failover_threshold": 0,
"pingserver_monitor_interface": "string",
"pingserver_secondary_force_reset": "string",
"pingserver_slave_force_reset": "string",
"priority": 0,
"vcluster_id": 0,
"vdom": "string",
},
session_pickup="string",
session_pickup_connectionless="string",
session_pickup_delay="string",
session_pickup_expectation="string",
session_pickup_nat="string",
session_sync_dev="string",
smtp_proxy_threshold="string",
ssd_failover="string",
standalone_config_sync="string",
standalone_mgmt_vdom="string",
sync_config="string",
sync_packet_balance="string",
unicast_gateway="string",
unicast_hb="string",
unicast_hb_netmask="string",
unicast_hb_peerip="string",
unicast_peers=[{
"id": 0,
"peer_ip": "string",
}],
unicast_status="string",
uninterruptible_primary_wait=0,
uninterruptible_upgrade="string",
upgrade_mode="string",
vcluster2="string",
vcluster_id=0,
vcluster_status="string",
vclusters=[{
"monitor": "string",
"override": "string",
"override_wait_time": 0,
"pingserver_failover_threshold": 0,
"pingserver_flip_timeout": 0,
"pingserver_monitor_interface": "string",
"pingserver_secondary_force_reset": "string",
"pingserver_slave_force_reset": "string",
"priority": 0,
"vcluster_id": 0,
"vdoms": [{
"name": "string",
}],
}],
vdom="string",
vdomparam="string",
weight="string")
const haResource = new fortios.system.Ha("haResource", {
arps: 0,
arpsInterval: 0,
authentication: "string",
cpuThreshold: "string",
dynamicSortSubtable: "string",
encryption: "string",
evpnTtl: 0,
failoverHoldTime: 0,
ftpProxyThreshold: "string",
getAllTables: "string",
gratuitousArps: "string",
groupId: 0,
groupName: "string",
haDirect: "string",
haEthType: "string",
haMgmtInterfaces: [{
dst: "string",
gateway: "string",
gateway6: "string",
id: 0,
"interface": "string",
}],
haMgmtStatus: "string",
haUptimeDiffMargin: 0,
hbInterval: 0,
hbIntervalInMilliseconds: "string",
hbLostThreshold: 0,
hbdev: "string",
hcEthType: "string",
helloHolddown: 0,
httpProxyThreshold: "string",
imapProxyThreshold: "string",
interClusterSessionSync: "string",
ipsecPhase2Proposal: "string",
key: "string",
l2epEthType: "string",
linkFailedSignal: "string",
loadBalanceAll: "string",
logicalSn: "string",
memoryBasedFailover: "string",
memoryCompatibleMode: "string",
memoryFailoverFlipTimeout: 0,
memoryFailoverMonitorPeriod: 0,
memoryFailoverSampleRate: 0,
memoryFailoverThreshold: 0,
memoryThreshold: "string",
mode: "string",
monitor: "string",
multicastTtl: 0,
nntpProxyThreshold: "string",
override: "string",
overrideWaitTime: 0,
password: "string",
pingserverFailoverThreshold: 0,
pingserverFlipTimeout: 0,
pingserverMonitorInterface: "string",
pingserverSecondaryForceReset: "string",
pingserverSlaveForceReset: "string",
pop3ProxyThreshold: "string",
priority: 0,
routeHold: 0,
routeTtl: 0,
routeWait: 0,
schedule: "string",
secondaryVcluster: {
monitor: "string",
override: "string",
overrideWaitTime: 0,
pingserverFailoverThreshold: 0,
pingserverMonitorInterface: "string",
pingserverSecondaryForceReset: "string",
pingserverSlaveForceReset: "string",
priority: 0,
vclusterId: 0,
vdom: "string",
},
sessionPickup: "string",
sessionPickupConnectionless: "string",
sessionPickupDelay: "string",
sessionPickupExpectation: "string",
sessionPickupNat: "string",
sessionSyncDev: "string",
smtpProxyThreshold: "string",
ssdFailover: "string",
standaloneConfigSync: "string",
standaloneMgmtVdom: "string",
syncConfig: "string",
syncPacketBalance: "string",
unicastGateway: "string",
unicastHb: "string",
unicastHbNetmask: "string",
unicastHbPeerip: "string",
unicastPeers: [{
id: 0,
peerIp: "string",
}],
unicastStatus: "string",
uninterruptiblePrimaryWait: 0,
uninterruptibleUpgrade: "string",
upgradeMode: "string",
vcluster2: "string",
vclusterId: 0,
vclusterStatus: "string",
vclusters: [{
monitor: "string",
override: "string",
overrideWaitTime: 0,
pingserverFailoverThreshold: 0,
pingserverFlipTimeout: 0,
pingserverMonitorInterface: "string",
pingserverSecondaryForceReset: "string",
pingserverSlaveForceReset: "string",
priority: 0,
vclusterId: 0,
vdoms: [{
name: "string",
}],
}],
vdom: "string",
vdomparam: "string",
weight: "string",
});
type: fortios:system:Ha
properties:
arps: 0
arpsInterval: 0
authentication: string
cpuThreshold: string
dynamicSortSubtable: string
encryption: string
evpnTtl: 0
failoverHoldTime: 0
ftpProxyThreshold: string
getAllTables: string
gratuitousArps: string
groupId: 0
groupName: string
haDirect: string
haEthType: string
haMgmtInterfaces:
- dst: string
gateway: string
gateway6: string
id: 0
interface: string
haMgmtStatus: string
haUptimeDiffMargin: 0
hbInterval: 0
hbIntervalInMilliseconds: string
hbLostThreshold: 0
hbdev: string
hcEthType: string
helloHolddown: 0
httpProxyThreshold: string
imapProxyThreshold: string
interClusterSessionSync: string
ipsecPhase2Proposal: string
key: string
l2epEthType: string
linkFailedSignal: string
loadBalanceAll: string
logicalSn: string
memoryBasedFailover: string
memoryCompatibleMode: string
memoryFailoverFlipTimeout: 0
memoryFailoverMonitorPeriod: 0
memoryFailoverSampleRate: 0
memoryFailoverThreshold: 0
memoryThreshold: string
mode: string
monitor: string
multicastTtl: 0
nntpProxyThreshold: string
override: string
overrideWaitTime: 0
password: string
pingserverFailoverThreshold: 0
pingserverFlipTimeout: 0
pingserverMonitorInterface: string
pingserverSecondaryForceReset: string
pingserverSlaveForceReset: string
pop3ProxyThreshold: string
priority: 0
routeHold: 0
routeTtl: 0
routeWait: 0
schedule: string
secondaryVcluster:
monitor: string
override: string
overrideWaitTime: 0
pingserverFailoverThreshold: 0
pingserverMonitorInterface: string
pingserverSecondaryForceReset: string
pingserverSlaveForceReset: string
priority: 0
vclusterId: 0
vdom: string
sessionPickup: string
sessionPickupConnectionless: string
sessionPickupDelay: string
sessionPickupExpectation: string
sessionPickupNat: string
sessionSyncDev: string
smtpProxyThreshold: string
ssdFailover: string
standaloneConfigSync: string
standaloneMgmtVdom: string
syncConfig: string
syncPacketBalance: string
unicastGateway: string
unicastHb: string
unicastHbNetmask: string
unicastHbPeerip: string
unicastPeers:
- id: 0
peerIp: string
unicastStatus: string
uninterruptiblePrimaryWait: 0
uninterruptibleUpgrade: string
upgradeMode: string
vcluster2: string
vclusterId: 0
vclusterStatus: string
vclusters:
- monitor: string
override: string
overrideWaitTime: 0
pingserverFailoverThreshold: 0
pingserverFlipTimeout: 0
pingserverMonitorInterface: string
pingserverSecondaryForceReset: string
pingserverSlaveForceReset: string
priority: 0
vclusterId: 0
vdoms:
- name: string
vdom: string
vdomparam: string
weight: string
Ha Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Ha resource accepts the following input properties:
- Arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- Arps
Interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- Authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - Cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - Evpn
Ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- Failover
Hold intTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- Ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - Group
Id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- Group
Name string - Cluster group name. Must be the same for all members.
- Ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - Ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- Ha
Mgmt List<Pulumiverse.Interfaces Fortios. System. Inputs. Ha Ha Mgmt Interface> - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - Ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - Ha
Uptime intDiff Margin - Normally you would only reduce this value for failover testing.
- Hb
Interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- Hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - Hb
Lost intThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- Hbdev string
- Heartbeat interfaces. Must be the same for all members.
- Hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- Hello
Holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- Http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- Imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- Inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - Ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - Key string
- key
- L2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- Link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - Load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - Logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - Memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - Memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - Memory
Failover intFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- Memory
Failover intMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- Memory
Failover intSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- Memory
Failover intThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- Memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- Mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - Monitor string
- Interfaces to check for port monitoring (or link failure).
- Multicast
Ttl int - HA multicast TTL on primary (5 - 3600 sec).
- Nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Password string
- Cluster password. Must be the same for all members.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- Priority int
- Increase the priority to select the primary unit (0 - 255).
- Route
Hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- Route
Ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- Route
Wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- Schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- Secondary
Vcluster Pulumiverse.Fortios. System. Inputs. Ha Secondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - Session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - Session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - Session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - Session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - Session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - Session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- Smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- Ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - Standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - Standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - Sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - Sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - Unicast
Gateway string - Default route gateway for unicast interface.
- Unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - Unicast
Hb stringNetmask - Unicast heartbeat netmask.
- Unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- Unicast
Peers List<Pulumiverse.Fortios. System. Inputs. Ha Unicast Peer> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - Unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - Uninterruptible
Primary intWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- Uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - Upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - Vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - Vcluster
Id int - Cluster ID.
- Vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - Vclusters
List<Pulumiverse.
Fortios. System. Inputs. Ha Vcluster> - Virtual cluster table. The structure of
vcluster
block is documented below. - Vdom string
- VDOMs in virtual cluster 1.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- Arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- Arps
Interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- Authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - Cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - Evpn
Ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- Failover
Hold intTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- Ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - Group
Id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- Group
Name string - Cluster group name. Must be the same for all members.
- Ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - Ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- Ha
Mgmt []HaInterfaces Ha Mgmt Interface Args - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - Ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - Ha
Uptime intDiff Margin - Normally you would only reduce this value for failover testing.
- Hb
Interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- Hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - Hb
Lost intThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- Hbdev string
- Heartbeat interfaces. Must be the same for all members.
- Hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- Hello
Holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- Http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- Imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- Inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - Ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - Key string
- key
- L2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- Link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - Load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - Logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - Memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - Memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - Memory
Failover intFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- Memory
Failover intMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- Memory
Failover intSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- Memory
Failover intThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- Memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- Mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - Monitor string
- Interfaces to check for port monitoring (or link failure).
- Multicast
Ttl int - HA multicast TTL on primary (5 - 3600 sec).
- Nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Password string
- Cluster password. Must be the same for all members.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- Priority int
- Increase the priority to select the primary unit (0 - 255).
- Route
Hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- Route
Ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- Route
Wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- Schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- Secondary
Vcluster HaSecondary Vcluster Args - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - Session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - Session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - Session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - Session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - Session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - Session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- Smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- Ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - Standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - Standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - Sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - Sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - Unicast
Gateway string - Default route gateway for unicast interface.
- Unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - Unicast
Hb stringNetmask - Unicast heartbeat netmask.
- Unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- Unicast
Peers []HaUnicast Peer Args - Number of unicast peers. The structure of
unicast_peers
block is documented below. - Unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - Uninterruptible
Primary intWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- Uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - Upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - Vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - Vcluster
Id int - Cluster ID.
- Vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - Vclusters
[]Ha
Vcluster Args - Virtual cluster table. The structure of
vcluster
block is documented below. - Vdom string
- VDOMs in virtual cluster 1.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- arps Integer
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval Integer - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication String
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold String - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption String
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl Integer - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold IntegerTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps String - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id Integer - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name String - Cluster group name. Must be the same for all members.
- ha
Direct String - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth StringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt List<HaInterfaces Ha Mgmt Interface> - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt StringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime IntegerDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval Integer - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval StringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost IntegerThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev String
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth StringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown Integer - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster StringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal String - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key String
- key
- l2ep
Eth StringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed StringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance StringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn String - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based StringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible StringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover IntegerFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover IntegerMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover IntegerSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover IntegerThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold String - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode String
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor String
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl Integer - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait IntegerTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password String
- Cluster password. Must be the same for all members.
- pingserver
Failover IntegerThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip IntegerTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold String - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority Integer
- Increase the priority to select the primary unit (0 - 255).
- route
Hold Integer - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl Integer - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait Integer - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule String
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster HaSecondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup String - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup StringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup StringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup StringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup StringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync StringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover String - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config StringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt StringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config String - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet StringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway String - Default route gateway for unicast interface.
- unicast
Hb String - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb StringNetmask - Unicast heartbeat netmask.
- unicast
Hb StringPeerip - Unicast heartbeat peer IP.
- unicast
Peers List<HaUnicast Peer> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status String - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary IntegerWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade String - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode String - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 String
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id Integer - Cluster ID.
- vcluster
Status String - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
List<Ha
Vcluster> - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom String
- VDOMs in virtual cluster 1.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight String
- Weight-round-robin weight for each cluster unit. Syntax .
- arps number
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval number - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl number - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold numberTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id number - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name string - Cluster group name. Must be the same for all members.
- ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt HaInterfaces Ha Mgmt Interface[] - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime numberDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval number - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost numberThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev string
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown number - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key string
- key
- l2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover numberFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover numberMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover numberSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover numberThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor string
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl number - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait numberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password string
- Cluster password. Must be the same for all members.
- pingserver
Failover numberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip numberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority number
- Increase the priority to select the primary unit (0 - 255).
- route
Hold number - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl number - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait number - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster HaSecondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway string - Default route gateway for unicast interface.
- unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb stringNetmask - Unicast heartbeat netmask.
- unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- unicast
Peers HaUnicast Peer[] - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary numberWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id number - Cluster ID.
- vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
Ha
Vcluster[] - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom string
- VDOMs in virtual cluster 1.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps_
interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication str
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu_
threshold str - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption str
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn_
ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover_
hold_ inttime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous_
arps str - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group_
id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group_
name str - Cluster group name. Must be the same for all members.
- ha_
direct str - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha_
eth_ strtype - HA heartbeat packet Ethertype (4-digit hex).
- ha_
mgmt_ Sequence[Hainterfaces Ha Mgmt Interface Args] - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha_
mgmt_ strstatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha_
uptime_ intdiff_ margin - Normally you would only reduce this value for failover testing.
- hb_
interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb_
interval_ strin_ milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb_
lost_ intthreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev str
- Heartbeat interfaces. Must be the same for all members.
- hc_
eth_ strtype - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello_
holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- http_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter_
cluster_ strsession_ sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec_
phase2_ strproposal - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key str
- key
- l2ep_
eth_ strtype - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link_
failed_ strsignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load_
balance_ strall - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical_
sn str - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory_
based_ strfailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory_
compatible_ strmode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory_
failover_ intflip_ timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory_
failover_ intmonitor_ period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory_
failover_ intsample_ rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory_
failover_ intthreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory_
threshold str - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode str
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor str
- Interfaces to check for port monitoring (or link failure).
- multicast_
ttl int - HA multicast TTL on primary (5 - 3600 sec).
- nntp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override str
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override_
wait_ inttime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password str
- Cluster password. Must be the same for all members.
- pingserver_
failover_ intthreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver_
flip_ inttimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver_
monitor_ strinterface - Interfaces to check for remote IP monitoring.
- pingserver_
secondary_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver_
slave_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority int
- Increase the priority to select the primary unit (0 - 255).
- route_
hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route_
ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route_
wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule str
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary_
vcluster HaSecondary Vcluster Args - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session_
pickup str - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session_
pickup_ strconnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session_
pickup_ strdelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session_
pickup_ strexpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session_
pickup_ strnat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session_
sync_ strdev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd_
failover str - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone_
config_ strsync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone_
mgmt_ strvdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync_
config str - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync_
packet_ strbalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast_
gateway str - Default route gateway for unicast interface.
- unicast_
hb str - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast_
hb_ strnetmask - Unicast heartbeat netmask.
- unicast_
hb_ strpeerip - Unicast heartbeat peer IP.
- unicast_
peers Sequence[HaUnicast Peer Args] - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast_
status str - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible_
primary_ intwait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible_
upgrade str - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade_
mode str - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 str
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster_
id int - Cluster ID.
- vcluster_
status str - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
Sequence[Ha
Vcluster Args] - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom str
- VDOMs in virtual cluster 1.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight str
- Weight-round-robin weight for each cluster unit. Syntax .
- arps Number
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval Number - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication String
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold String - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption String
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl Number - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold NumberTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps String - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id Number - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name String - Cluster group name. Must be the same for all members.
- ha
Direct String - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth StringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt List<Property Map>Interfaces - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt StringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime NumberDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval Number - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval StringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost NumberThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev String
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth StringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown Number - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster StringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal String - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key String
- key
- l2ep
Eth StringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed StringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance StringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn String - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based StringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible StringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover NumberFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover NumberMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover NumberSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover NumberThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold String - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode String
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor String
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl Number - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait NumberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password String
- Cluster password. Must be the same for all members.
- pingserver
Failover NumberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip NumberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold String - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority Number
- Increase the priority to select the primary unit (0 - 255).
- route
Hold Number - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl Number - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait Number - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule String
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster Property Map - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup String - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup StringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup StringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup StringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup StringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync StringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover String - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config StringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt StringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config String - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet StringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway String - Default route gateway for unicast interface.
- unicast
Hb String - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb StringNetmask - Unicast heartbeat netmask.
- unicast
Hb StringPeerip - Unicast heartbeat peer IP.
- unicast
Peers List<Property Map> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status String - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary NumberWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade String - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode String - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 String
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id Number - Cluster ID.
- vcluster
Status String - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters List<Property Map>
- Virtual cluster table. The structure of
vcluster
block is documented below. - vdom String
- VDOMs in virtual cluster 1.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight String
- Weight-round-robin weight for each cluster unit. Syntax .
Outputs
All input properties are implicitly available as output properties. Additionally, the Ha resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Ha Resource
Get an existing Ha resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: HaState, opts?: CustomResourceOptions): Ha
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arps: Optional[int] = None,
arps_interval: Optional[int] = None,
authentication: Optional[str] = None,
cpu_threshold: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
encryption: Optional[str] = None,
evpn_ttl: Optional[int] = None,
failover_hold_time: Optional[int] = None,
ftp_proxy_threshold: Optional[str] = None,
get_all_tables: Optional[str] = None,
gratuitous_arps: Optional[str] = None,
group_id: Optional[int] = None,
group_name: Optional[str] = None,
ha_direct: Optional[str] = None,
ha_eth_type: Optional[str] = None,
ha_mgmt_interfaces: Optional[Sequence[HaHaMgmtInterfaceArgs]] = None,
ha_mgmt_status: Optional[str] = None,
ha_uptime_diff_margin: Optional[int] = None,
hb_interval: Optional[int] = None,
hb_interval_in_milliseconds: Optional[str] = None,
hb_lost_threshold: Optional[int] = None,
hbdev: Optional[str] = None,
hc_eth_type: Optional[str] = None,
hello_holddown: Optional[int] = None,
http_proxy_threshold: Optional[str] = None,
imap_proxy_threshold: Optional[str] = None,
inter_cluster_session_sync: Optional[str] = None,
ipsec_phase2_proposal: Optional[str] = None,
key: Optional[str] = None,
l2ep_eth_type: Optional[str] = None,
link_failed_signal: Optional[str] = None,
load_balance_all: Optional[str] = None,
logical_sn: Optional[str] = None,
memory_based_failover: Optional[str] = None,
memory_compatible_mode: Optional[str] = None,
memory_failover_flip_timeout: Optional[int] = None,
memory_failover_monitor_period: Optional[int] = None,
memory_failover_sample_rate: Optional[int] = None,
memory_failover_threshold: Optional[int] = None,
memory_threshold: Optional[str] = None,
mode: Optional[str] = None,
monitor: Optional[str] = None,
multicast_ttl: Optional[int] = None,
nntp_proxy_threshold: Optional[str] = None,
override: Optional[str] = None,
override_wait_time: Optional[int] = None,
password: Optional[str] = None,
pingserver_failover_threshold: Optional[int] = None,
pingserver_flip_timeout: Optional[int] = None,
pingserver_monitor_interface: Optional[str] = None,
pingserver_secondary_force_reset: Optional[str] = None,
pingserver_slave_force_reset: Optional[str] = None,
pop3_proxy_threshold: Optional[str] = None,
priority: Optional[int] = None,
route_hold: Optional[int] = None,
route_ttl: Optional[int] = None,
route_wait: Optional[int] = None,
schedule: Optional[str] = None,
secondary_vcluster: Optional[HaSecondaryVclusterArgs] = None,
session_pickup: Optional[str] = None,
session_pickup_connectionless: Optional[str] = None,
session_pickup_delay: Optional[str] = None,
session_pickup_expectation: Optional[str] = None,
session_pickup_nat: Optional[str] = None,
session_sync_dev: Optional[str] = None,
smtp_proxy_threshold: Optional[str] = None,
ssd_failover: Optional[str] = None,
standalone_config_sync: Optional[str] = None,
standalone_mgmt_vdom: Optional[str] = None,
sync_config: Optional[str] = None,
sync_packet_balance: Optional[str] = None,
unicast_gateway: Optional[str] = None,
unicast_hb: Optional[str] = None,
unicast_hb_netmask: Optional[str] = None,
unicast_hb_peerip: Optional[str] = None,
unicast_peers: Optional[Sequence[HaUnicastPeerArgs]] = None,
unicast_status: Optional[str] = None,
uninterruptible_primary_wait: Optional[int] = None,
uninterruptible_upgrade: Optional[str] = None,
upgrade_mode: Optional[str] = None,
vcluster2: Optional[str] = None,
vcluster_id: Optional[int] = None,
vcluster_status: Optional[str] = None,
vclusters: Optional[Sequence[HaVclusterArgs]] = None,
vdom: Optional[str] = None,
vdomparam: Optional[str] = None,
weight: Optional[str] = None) -> Ha
func GetHa(ctx *Context, name string, id IDInput, state *HaState, opts ...ResourceOption) (*Ha, error)
public static Ha Get(string name, Input<string> id, HaState? state, CustomResourceOptions? opts = null)
public static Ha get(String name, Output<String> id, HaState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- Arps
Interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- Authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - Cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - Evpn
Ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- Failover
Hold intTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- Ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - Group
Id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- Group
Name string - Cluster group name. Must be the same for all members.
- Ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - Ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- Ha
Mgmt List<Pulumiverse.Interfaces Fortios. System. Inputs. Ha Ha Mgmt Interface> - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - Ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - Ha
Uptime intDiff Margin - Normally you would only reduce this value for failover testing.
- Hb
Interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- Hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - Hb
Lost intThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- Hbdev string
- Heartbeat interfaces. Must be the same for all members.
- Hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- Hello
Holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- Http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- Imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- Inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - Ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - Key string
- key
- L2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- Link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - Load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - Logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - Memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - Memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - Memory
Failover intFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- Memory
Failover intMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- Memory
Failover intSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- Memory
Failover intThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- Memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- Mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - Monitor string
- Interfaces to check for port monitoring (or link failure).
- Multicast
Ttl int - HA multicast TTL on primary (5 - 3600 sec).
- Nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Password string
- Cluster password. Must be the same for all members.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- Priority int
- Increase the priority to select the primary unit (0 - 255).
- Route
Hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- Route
Ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- Route
Wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- Schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- Secondary
Vcluster Pulumiverse.Fortios. System. Inputs. Ha Secondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - Session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - Session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - Session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - Session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - Session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - Session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- Smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- Ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - Standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - Standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - Sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - Sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - Unicast
Gateway string - Default route gateway for unicast interface.
- Unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - Unicast
Hb stringNetmask - Unicast heartbeat netmask.
- Unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- Unicast
Peers List<Pulumiverse.Fortios. System. Inputs. Ha Unicast Peer> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - Unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - Uninterruptible
Primary intWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- Uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - Upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - Vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - Vcluster
Id int - Cluster ID.
- Vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - Vclusters
List<Pulumiverse.
Fortios. System. Inputs. Ha Vcluster> - Virtual cluster table. The structure of
vcluster
block is documented below. - Vdom string
- VDOMs in virtual cluster 1.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- Arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- Arps
Interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- Authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - Cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - Evpn
Ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- Failover
Hold intTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- Ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - Group
Id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- Group
Name string - Cluster group name. Must be the same for all members.
- Ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - Ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- Ha
Mgmt []HaInterfaces Ha Mgmt Interface Args - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - Ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - Ha
Uptime intDiff Margin - Normally you would only reduce this value for failover testing.
- Hb
Interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- Hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - Hb
Lost intThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- Hbdev string
- Heartbeat interfaces. Must be the same for all members.
- Hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- Hello
Holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- Http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- Imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- Inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - Ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - Key string
- key
- L2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- Link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - Load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - Logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - Memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - Memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - Memory
Failover intFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- Memory
Failover intMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- Memory
Failover intSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- Memory
Failover intThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- Memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- Mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - Monitor string
- Interfaces to check for port monitoring (or link failure).
- Multicast
Ttl int - HA multicast TTL on primary (5 - 3600 sec).
- Nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Password string
- Cluster password. Must be the same for all members.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- Priority int
- Increase the priority to select the primary unit (0 - 255).
- Route
Hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- Route
Ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- Route
Wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- Schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- Secondary
Vcluster HaSecondary Vcluster Args - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - Session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - Session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - Session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - Session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - Session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - Session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- Smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- Ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - Standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - Standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - Sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - Sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - Unicast
Gateway string - Default route gateway for unicast interface.
- Unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - Unicast
Hb stringNetmask - Unicast heartbeat netmask.
- Unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- Unicast
Peers []HaUnicast Peer Args - Number of unicast peers. The structure of
unicast_peers
block is documented below. - Unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - Uninterruptible
Primary intWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- Uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - Upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - Vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - Vcluster
Id int - Cluster ID.
- Vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - Vclusters
[]Ha
Vcluster Args - Virtual cluster table. The structure of
vcluster
block is documented below. - Vdom string
- VDOMs in virtual cluster 1.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- arps Integer
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval Integer - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication String
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold String - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption String
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl Integer - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold IntegerTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps String - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id Integer - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name String - Cluster group name. Must be the same for all members.
- ha
Direct String - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth StringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt List<HaInterfaces Ha Mgmt Interface> - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt StringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime IntegerDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval Integer - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval StringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost IntegerThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev String
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth StringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown Integer - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster StringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal String - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key String
- key
- l2ep
Eth StringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed StringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance StringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn String - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based StringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible StringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover IntegerFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover IntegerMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover IntegerSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover IntegerThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold String - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode String
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor String
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl Integer - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait IntegerTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password String
- Cluster password. Must be the same for all members.
- pingserver
Failover IntegerThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip IntegerTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold String - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority Integer
- Increase the priority to select the primary unit (0 - 255).
- route
Hold Integer - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl Integer - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait Integer - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule String
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster HaSecondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup String - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup StringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup StringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup StringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup StringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync StringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover String - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config StringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt StringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config String - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet StringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway String - Default route gateway for unicast interface.
- unicast
Hb String - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb StringNetmask - Unicast heartbeat netmask.
- unicast
Hb StringPeerip - Unicast heartbeat peer IP.
- unicast
Peers List<HaUnicast Peer> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status String - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary IntegerWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade String - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode String - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 String
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id Integer - Cluster ID.
- vcluster
Status String - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
List<Ha
Vcluster> - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom String
- VDOMs in virtual cluster 1.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight String
- Weight-round-robin weight for each cluster unit. Syntax .
- arps number
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval number - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication string
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold string - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption string
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl number - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold numberTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps string - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id number - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name string - Cluster group name. Must be the same for all members.
- ha
Direct string - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth stringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt HaInterfaces Ha Mgmt Interface[] - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt stringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime numberDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval number - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval stringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost numberThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev string
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth stringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown number - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster stringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal string - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key string
- key
- l2ep
Eth stringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed stringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance stringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn string - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based stringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible stringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover numberFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover numberMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover numberSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover numberThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold string - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode string
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor string
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl number - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait numberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password string
- Cluster password. Must be the same for all members.
- pingserver
Failover numberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip numberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold string - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority number
- Increase the priority to select the primary unit (0 - 255).
- route
Hold number - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl number - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait number - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule string
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster HaSecondary Vcluster - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup string - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup stringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup stringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup stringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup stringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync stringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy stringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover string - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config stringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt stringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config string - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet stringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway string - Default route gateway for unicast interface.
- unicast
Hb string - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb stringNetmask - Unicast heartbeat netmask.
- unicast
Hb stringPeerip - Unicast heartbeat peer IP.
- unicast
Peers HaUnicast Peer[] - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status string - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary numberWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade string - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode string - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 string
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id number - Cluster ID.
- vcluster
Status string - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
Ha
Vcluster[] - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom string
- VDOMs in virtual cluster 1.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight string
- Weight-round-robin weight for each cluster unit. Syntax .
- arps int
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps_
interval int - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication str
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu_
threshold str - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption str
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn_
ttl int - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover_
hold_ inttime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous_
arps str - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group_
id int - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group_
name str - Cluster group name. Must be the same for all members.
- ha_
direct str - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha_
eth_ strtype - HA heartbeat packet Ethertype (4-digit hex).
- ha_
mgmt_ Sequence[Hainterfaces Ha Mgmt Interface Args] - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha_
mgmt_ strstatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha_
uptime_ intdiff_ margin - Normally you would only reduce this value for failover testing.
- hb_
interval int - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb_
interval_ strin_ milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb_
lost_ intthreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev str
- Heartbeat interfaces. Must be the same for all members.
- hc_
eth_ strtype - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello_
holddown int - Time to wait before changing from hello to work state (5 - 300 sec).
- http_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter_
cluster_ strsession_ sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec_
phase2_ strproposal - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key str
- key
- l2ep_
eth_ strtype - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link_
failed_ strsignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load_
balance_ strall - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical_
sn str - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory_
based_ strfailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory_
compatible_ strmode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory_
failover_ intflip_ timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory_
failover_ intmonitor_ period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory_
failover_ intsample_ rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory_
failover_ intthreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory_
threshold str - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode str
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor str
- Interfaces to check for port monitoring (or link failure).
- multicast_
ttl int - HA multicast TTL on primary (5 - 3600 sec).
- nntp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override str
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override_
wait_ inttime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password str
- Cluster password. Must be the same for all members.
- pingserver_
failover_ intthreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver_
flip_ inttimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver_
monitor_ strinterface - Interfaces to check for remote IP monitoring.
- pingserver_
secondary_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver_
slave_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority int
- Increase the priority to select the primary unit (0 - 255).
- route_
hold int - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route_
ttl int - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route_
wait int - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule str
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary_
vcluster HaSecondary Vcluster Args - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session_
pickup str - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session_
pickup_ strconnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session_
pickup_ strdelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session_
pickup_ strexpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session_
pickup_ strnat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session_
sync_ strdev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp_
proxy_ strthreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd_
failover str - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone_
config_ strsync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone_
mgmt_ strvdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync_
config str - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync_
packet_ strbalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast_
gateway str - Default route gateway for unicast interface.
- unicast_
hb str - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast_
hb_ strnetmask - Unicast heartbeat netmask.
- unicast_
hb_ strpeerip - Unicast heartbeat peer IP.
- unicast_
peers Sequence[HaUnicast Peer Args] - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast_
status str - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible_
primary_ intwait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible_
upgrade str - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade_
mode str - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 str
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster_
id int - Cluster ID.
- vcluster_
status str - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters
Sequence[Ha
Vcluster Args] - Virtual cluster table. The structure of
vcluster
block is documented below. - vdom str
- VDOMs in virtual cluster 1.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight str
- Weight-round-robin weight for each cluster unit. Syntax .
- arps Number
- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
- arps
Interval Number - Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
- authentication String
- Enable/disable heartbeat message authentication. Valid values:
enable
,disable
. - cpu
Threshold String - Dynamic weighted load balancing CPU usage weight and high and low thresholds.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- encryption String
- Enable/disable heartbeat message encryption. Valid values:
enable
,disable
. - evpn
Ttl Number - HA EVPN FDB TTL on primary box (5 - 3600 sec).
- failover
Hold NumberTime - Time to wait before failover (0 - 300 sec, default = 0), to avoid flip.
- ftp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gratuitous
Arps String - Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. Valid values:
enable
,disable
. - group
Id Number - HA group ID. Must be the same for all members. On FortiOS versions 6.2.0-6.2.6: 0 - 255. On FortiOS versions 7.0.2-7.0.15: 0 - 1023. On FortiOS versions 7.2.0: 0 - 1023; or 0 - 7 when there are more than 2 vclusters.
- group
Name String - Cluster group name. Must be the same for all members.
- ha
Direct String - Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. Valid values:
enable
,disable
. - ha
Eth StringType - HA heartbeat packet Ethertype (4-digit hex).
- ha
Mgmt List<Property Map>Interfaces - Reserve interfaces to manage individual cluster units. The structure of
ha_mgmt_interfaces
block is documented below. - ha
Mgmt StringStatus - Enable to reserve interfaces to manage individual cluster units. Valid values:
enable
,disable
. - ha
Uptime NumberDiff Margin - Normally you would only reduce this value for failover testing.
- hb
Interval Number - Time between sending heartbeat packets (1 - 20). Increase to reduce false positives.
- hb
Interval StringIn Milliseconds - Number of milliseconds for each heartbeat interval: 100ms or 10ms. Valid values:
100ms
,10ms
. - hb
Lost NumberThreshold - Number of lost heartbeats to signal a failure (1 - 60). Increase to reduce false positives.
- hbdev String
- Heartbeat interfaces. Must be the same for all members.
- hc
Eth StringType - Transparent mode HA heartbeat packet Ethertype (4-digit hex).
- hello
Holddown Number - Time to wait before changing from hello to work state (5 - 300 sec).
- http
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.
- imap
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.
- inter
Cluster StringSession Sync - Enable/disable synchronization of sessions among HA clusters. Valid values:
enable
,disable
. - ipsec
Phase2Proposal String - IPsec phase2 proposal. Valid values:
aes128-sha1
,aes128-sha256
,aes128-sha384
,aes128-sha512
,aes192-sha1
,aes192-sha256
,aes192-sha384
,aes192-sha512
,aes256-sha1
,aes256-sha256
,aes256-sha384
,aes256-sha512
,aes128gcm
,aes256gcm
,chacha20poly1305
. - key String
- key
- l2ep
Eth StringType - Telnet session HA heartbeat packet Ethertype (4-digit hex).
- link
Failed StringSignal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. Valid values:
enable
,disable
. - load
Balance StringAll - Enable to load balance TCP sessions. Disable to load balance proxy sessions only. Valid values:
enable
,disable
. - logical
Sn String - Enable/disable usage of the logical serial number. Valid values:
enable
,disable
. - memory
Based StringFailover - Enable/disable memory based failover. Valid values:
enable
,disable
. - memory
Compatible StringMode - Enable/disable memory compatible mode. Valid values:
enable
,disable
. - memory
Failover NumberFlip Timeout - Time to wait between subsequent memory based failovers in minutes (6 - 2147483647, default = 6).
- memory
Failover NumberMonitor Period - Duration of high memory usage before memory based failover is triggered in seconds (1 - 300, default = 60).
- memory
Failover NumberSample Rate - Rate at which memory usage is sampled in order to measure memory usage in seconds (1 - 60, default = 1).
- memory
Failover NumberThreshold - Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).
- memory
Threshold String - Dynamic weighted load balancing memory usage weight and high and low thresholds.
- mode String
- HA mode. Must be the same for all members. FGSP requires standalone. Valid values:
standalone
,a-a
,a-p
. - monitor String
- Interfaces to check for port monitoring (or link failure).
- multicast
Ttl Number - HA multicast TTL on primary (5 - 3600 sec).
- nntp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait NumberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- password String
- Cluster password. Must be the same for all members.
- pingserver
Failover NumberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip NumberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pop3Proxy
Threshold String - Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.
- priority Number
- Increase the priority to select the primary unit (0 - 255).
- route
Hold Number - Time to wait between routing table updates to the cluster (0 - 3600 sec).
- route
Ttl Number - TTL for primary unit routes (5 - 3600 sec). Increase to maintain active routes during failover.
- route
Wait Number - Time to wait before sending new routes to the cluster (0 - 3600 sec).
- schedule String
- Type of A-A load balancing. Use none if you have external load balancers.
- secondary
Vcluster Property Map - Configure virtual cluster 2. The structure of
secondary_vcluster
block is documented below. - session
Pickup String - Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. Valid values:
enable
,disable
. - session
Pickup StringConnectionless - Enable/disable UDP and ICMP session sync. Valid values:
enable
,disable
. - session
Pickup StringDelay - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. Valid values:
enable
,disable
. - session
Pickup StringExpectation - Enable/disable session helper expectation session sync for FGSP. Valid values:
enable
,disable
. - session
Pickup StringNat - Enable/disable NAT session sync for FGSP. Valid values:
enable
,disable
. - session
Sync StringDev - Offload session-sync process to kernel and sync sessions using connected interface(s) directly.
- smtp
Proxy StringThreshold - Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.
- ssd
Failover String - Enable/disable automatic HA failover on SSD disk failure. Valid values:
enable
,disable
. - standalone
Config StringSync - Enable/disable FGSP configuration synchronization. Valid values:
enable
,disable
. - standalone
Mgmt StringVdom - Enable/disable standalone management VDOM. Valid values:
enable
,disable
. - sync
Config String - Enable/disable configuration synchronization. Valid values:
enable
,disable
. - sync
Packet StringBalance - Enable/disable HA packet distribution to multiple CPUs. Valid values:
enable
,disable
. - unicast
Gateway String - Default route gateway for unicast interface.
- unicast
Hb String - Enable/disable unicast heartbeat. Valid values:
enable
,disable
. - unicast
Hb StringNetmask - Unicast heartbeat netmask.
- unicast
Hb StringPeerip - Unicast heartbeat peer IP.
- unicast
Peers List<Property Map> - Number of unicast peers. The structure of
unicast_peers
block is documented below. - unicast
Status String - Enable/disable unicast connection. Valid values:
enable
,disable
. - uninterruptible
Primary NumberWait - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (default = 30). On FortiOS versions 6.4.10-6.4.15, 7.0.2-7.0.5: 1 - 300. On FortiOS versions >= 7.0.6: 15 - 300.
- uninterruptible
Upgrade String - Enable to upgrade a cluster without blocking network traffic. Valid values:
enable
,disable
. - upgrade
Mode String - The mode to upgrade a cluster. Valid values:
simultaneous
,uninterruptible
,local-only
,secondary-only
. - vcluster2 String
- Enable/disable virtual cluster 2 for virtual clustering. Valid values:
enable
,disable
. - vcluster
Id Number - Cluster ID.
- vcluster
Status String - Enable/disable virtual cluster for virtual clustering. Valid values:
enable
,disable
. - vclusters List<Property Map>
- Virtual cluster table. The structure of
vcluster
block is documented below. - vdom String
- VDOMs in virtual cluster 1.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- weight String
- Weight-round-robin weight for each cluster unit. Syntax .
Supporting Types
HaHaMgmtInterface, HaHaMgmtInterfaceArgs
- dst String
- Default route destination for reserved HA management interface.
- gateway String
- Default route gateway for reserved HA management interface.
- gateway6 String
- Default IPv6 gateway for reserved HA management interface.
- id Integer
- Table ID.
- interface_ String
- Interface to reserve for HA management.
HaSecondaryVcluster, HaSecondaryVclusterArgs
- Monitor string
- Interfaces to check for port monitoring (or link failure).
- Override string
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Priority int
- Increase the priority to select the primary unit (0 - 255).
- Vcluster
Id int - Cluster ID.
- Vdom string
- VDOMs in virtual cluster 2.
- Monitor string
- Interfaces to check for port monitoring (or link failure).
- Override string
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Priority int
- Increase the priority to select the primary unit (0 - 255).
- Vcluster
Id int - Cluster ID.
- Vdom string
- VDOMs in virtual cluster 2.
- monitor String
- Interfaces to check for port monitoring (or link failure).
- override String
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - override
Wait IntegerTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover IntegerThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority Integer
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id Integer - Cluster ID.
- vdom String
- VDOMs in virtual cluster 2.
- monitor string
- Interfaces to check for port monitoring (or link failure).
- override string
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - override
Wait numberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover numberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority number
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id number - Cluster ID.
- vdom string
- VDOMs in virtual cluster 2.
- monitor str
- Interfaces to check for port monitoring (or link failure).
- override str
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - override_
wait_ inttime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver_
failover_ intthreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver_
monitor_ strinterface - Interfaces to check for remote IP monitoring.
- pingserver_
secondary_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver_
slave_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority int
- Increase the priority to select the primary unit (0 - 255).
- vcluster_
id int - Cluster ID.
- vdom str
- VDOMs in virtual cluster 2.
- monitor String
- Interfaces to check for port monitoring (or link failure).
- override String
- Enable and increase the priority of the unit that should always be primary. Valid values:
enable
,disable
. - override
Wait NumberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover NumberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority Number
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id Number - Cluster ID.
- vdom String
- VDOMs in virtual cluster 2.
HaUnicastPeer, HaUnicastPeerArgs
HaVcluster, HaVclusterArgs
- Monitor string
- Interfaces to check for port monitoring (or link failure).
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Priority int
- Increase the priority to select the primary unit (0 - 255).
- Vcluster
Id int - ID.
- Vdoms
List<Pulumiverse.
Fortios. System. Inputs. Ha Vcluster Vdom> - Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
- Monitor string
- Interfaces to check for port monitoring (or link failure).
- Override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - Override
Wait intTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- Pingserver
Failover intThreshold - Remote IP monitoring failover threshold (0 - 50).
- Pingserver
Flip intTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- Pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- Pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - Priority int
- Increase the priority to select the primary unit (0 - 255).
- Vcluster
Id int - ID.
- Vdoms
[]Ha
Vcluster Vdom - Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
- monitor String
- Interfaces to check for port monitoring (or link failure).
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait IntegerTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover IntegerThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip IntegerTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority Integer
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id Integer - ID.
- vdoms
List<Ha
Vcluster Vdom> - Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
- monitor string
- Interfaces to check for port monitoring (or link failure).
- override string
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait numberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover numberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip numberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor stringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave stringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority number
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id number - ID.
- vdoms
Ha
Vcluster Vdom[] - Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
- monitor str
- Interfaces to check for port monitoring (or link failure).
- override str
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override_
wait_ inttime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver_
failover_ intthreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver_
flip_ inttimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver_
monitor_ strinterface - Interfaces to check for remote IP monitoring.
- pingserver_
secondary_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver_
slave_ strforce_ reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority int
- Increase the priority to select the primary unit (0 - 255).
- vcluster_
id int - ID.
- vdoms
Sequence[Ha
Vcluster Vdom] - Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
- monitor String
- Interfaces to check for port monitoring (or link failure).
- override String
- Enable and increase the priority of the unit that should always be primary (master). Valid values:
enable
,disable
. - override
Wait NumberTime - Delay negotiating if override is enabled (0 - 3600 sec). Reduces how often the cluster negotiates.
- pingserver
Failover NumberThreshold - Remote IP monitoring failover threshold (0 - 50).
- pingserver
Flip NumberTimeout - Time to wait in minutes before renegotiating after a remote IP monitoring failover.
- pingserver
Monitor StringInterface - Interfaces to check for remote IP monitoring.
- pingserver
Secondary StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - pingserver
Slave StringForce Reset - Enable to force the cluster to negotiate after a remote IP monitoring failover. Valid values:
enable
,disable
. - priority Number
- Increase the priority to select the primary unit (0 - 255).
- vcluster
Id Number - ID.
- vdoms List<Property Map>
- Virtual domain(s) in the virtual cluster. The structure of
vdom
block is documented below.
HaVclusterVdom, HaVclusterVdomArgs
- Name string
- Virtual domain name.
- Name string
- Virtual domain name.
- name String
- Virtual domain name.
- name string
- Virtual domain name.
- name str
- Virtual domain name.
- name String
- Virtual domain name.
Import
System Ha can be imported using any of these accepted formats:
$ pulumi import fortios:system/ha:Ha labelname SystemHa
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:system/ha:Ha labelname SystemHa
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.