fortios.system.Interface
Explore with Pulumi AI
Configure interfaces.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.system.Interface("trname", {
algorithm: "L4",
defaultgw: "enable",
description: "Created by Terraform Provider for FortiOS",
distance: 5,
ip: "0.0.0.0 0.0.0.0",
ipv6: {
ndMode: "basic",
},
mode: "dhcp",
mtu: 1500,
mtuOverride: "disable",
snmpIndex: 3,
type: "physical",
vdom: "root",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.system.Interface("trname",
algorithm="L4",
defaultgw="enable",
description="Created by Terraform Provider for FortiOS",
distance=5,
ip="0.0.0.0 0.0.0.0",
ipv6=fortios.system.InterfaceIpv6Args(
nd_mode="basic",
),
mode="dhcp",
mtu=1500,
mtu_override="disable",
snmp_index=3,
type="physical",
vdom="root")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := system.NewInterface(ctx, "trname", &system.InterfaceArgs{
Algorithm: pulumi.String("L4"),
Defaultgw: pulumi.String("enable"),
Description: pulumi.String("Created by Terraform Provider for FortiOS"),
Distance: pulumi.Int(5),
Ip: pulumi.String("0.0.0.0 0.0.0.0"),
Ipv6: &system.InterfaceIpv6Args{
NdMode: pulumi.String("basic"),
},
Mode: pulumi.String("dhcp"),
Mtu: pulumi.Int(1500),
MtuOverride: pulumi.String("disable"),
SnmpIndex: pulumi.Int(3),
Type: pulumi.String("physical"),
Vdom: pulumi.String("root"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.System.Interface("trname", new()
{
Algorithm = "L4",
Defaultgw = "enable",
Description = "Created by Terraform Provider for FortiOS",
Distance = 5,
Ip = "0.0.0.0 0.0.0.0",
Ipv6 = new Fortios.System.Inputs.InterfaceIpv6Args
{
NdMode = "basic",
},
Mode = "dhcp",
Mtu = 1500,
MtuOverride = "disable",
SnmpIndex = 3,
Type = "physical",
Vdom = "root",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.system.Interface;
import com.pulumi.fortios.system.InterfaceArgs;
import com.pulumi.fortios.system.inputs.InterfaceIpv6Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Interface("trname", InterfaceArgs.builder()
.algorithm("L4")
.defaultgw("enable")
.description("Created by Terraform Provider for FortiOS")
.distance(5)
.ip("0.0.0.0 0.0.0.0")
.ipv6(InterfaceIpv6Args.builder()
.ndMode("basic")
.build())
.mode("dhcp")
.mtu(1500)
.mtuOverride("disable")
.snmpIndex(3)
.type("physical")
.vdom("root")
.build());
}
}
resources:
trname:
type: fortios:system:Interface
properties:
algorithm: L4
defaultgw: enable
description: Created by Terraform Provider for FortiOS
distance: 5
ip: 0.0.0.0 0.0.0.0
ipv6:
ndMode: basic
mode: dhcp
mtu: 1500
mtuOverride: disable
snmpIndex: 3
type: physical
vdom: root
Create Interface Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Interface(name: string, args: InterfaceArgs, opts?: CustomResourceOptions);
@overload
def Interface(resource_name: str,
args: InterfaceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Interface(resource_name: str,
opts: Optional[ResourceOptions] = None,
vdom: Optional[str] = None,
ac_name: Optional[str] = None,
aggregate: Optional[str] = None,
aggregate_type: Optional[str] = None,
algorithm: Optional[str] = None,
alias: Optional[str] = None,
allowaccess: Optional[str] = None,
ap_discover: Optional[str] = None,
arpforward: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
auth_type: Optional[str] = None,
auto_auth_extension_device: Optional[str] = None,
autogenerated: Optional[str] = None,
bandwidth_measure_time: Optional[int] = None,
bfd: Optional[str] = None,
bfd_desired_min_tx: Optional[int] = None,
bfd_detect_mult: Optional[int] = None,
bfd_required_min_rx: Optional[int] = None,
broadcast_forticlient_discovery: Optional[str] = None,
broadcast_forward: Optional[str] = None,
captive_portal: Optional[int] = None,
cli_conn_status: Optional[int] = None,
client_options: Optional[Sequence[InterfaceClientOptionArgs]] = None,
color: Optional[int] = None,
dedicated_to: Optional[str] = None,
default_purdue_level: Optional[str] = None,
defaultgw: Optional[str] = None,
description: Optional[str] = None,
detected_peer_mtu: Optional[int] = None,
detectprotocol: Optional[str] = None,
detectserver: Optional[str] = None,
device_access_list: Optional[str] = None,
device_identification: Optional[str] = None,
device_identification_active_scan: Optional[str] = None,
device_netscan: Optional[str] = None,
device_user_identification: Optional[str] = None,
devindex: Optional[int] = None,
dhcp_broadcast_flag: Optional[str] = None,
dhcp_classless_route_addition: Optional[str] = None,
dhcp_client_identifier: Optional[str] = None,
dhcp_relay_agent_option: Optional[str] = None,
dhcp_relay_allow_no_end_option: Optional[str] = None,
dhcp_relay_circuit_id: Optional[str] = None,
dhcp_relay_interface: Optional[str] = None,
dhcp_relay_interface_select_method: Optional[str] = None,
dhcp_relay_ip: Optional[str] = None,
dhcp_relay_link_selection: Optional[str] = None,
dhcp_relay_request_all_server: Optional[str] = None,
dhcp_relay_service: Optional[str] = None,
dhcp_relay_source_ip: Optional[str] = None,
dhcp_relay_type: Optional[str] = None,
dhcp_renew_time: Optional[int] = None,
dhcp_smart_relay: Optional[str] = None,
dhcp_snooping_server_lists: Optional[Sequence[InterfaceDhcpSnoopingServerListArgs]] = None,
disc_retry_timeout: Optional[int] = None,
disconnect_threshold: Optional[int] = None,
distance: Optional[int] = None,
dns_server_override: Optional[str] = None,
dns_server_protocol: Optional[str] = None,
drop_fragment: Optional[str] = None,
drop_overlapped_fragment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
eap_ca_cert: Optional[str] = None,
eap_identity: Optional[str] = None,
eap_method: Optional[str] = None,
eap_password: Optional[str] = None,
eap_supplicant: Optional[str] = None,
eap_user_cert: Optional[str] = None,
egress_shaping_profile: Optional[str] = None,
endpoint_compliance: Optional[str] = None,
estimated_downstream_bandwidth: Optional[int] = None,
estimated_upstream_bandwidth: Optional[int] = None,
explicit_ftp_proxy: Optional[str] = None,
explicit_web_proxy: Optional[str] = None,
external: Optional[str] = None,
fail_action_on_extender: Optional[str] = None,
fail_alert_interfaces: Optional[Sequence[InterfaceFailAlertInterfaceArgs]] = None,
fail_alert_method: Optional[str] = None,
fail_detect: Optional[str] = None,
fail_detect_option: Optional[str] = None,
fortiheartbeat: Optional[str] = None,
fortilink: Optional[str] = None,
fortilink_backup_link: Optional[int] = None,
fortilink_neighbor_detect: Optional[str] = None,
fortilink_split_interface: Optional[str] = None,
fortilink_stacking: Optional[str] = None,
forward_domain: Optional[int] = None,
forward_error_correction: Optional[str] = None,
get_all_tables: Optional[str] = None,
gwdetect: Optional[str] = None,
ha_priority: Optional[int] = None,
icmp_accept_redirect: Optional[str] = None,
icmp_send_redirect: Optional[str] = None,
ident_accept: Optional[str] = None,
idle_timeout: Optional[int] = None,
ike_saml_server: Optional[str] = None,
inbandwidth: Optional[int] = None,
ingress_shaping_profile: Optional[str] = None,
ingress_spillover_threshold: Optional[int] = None,
interface: Optional[str] = None,
internal: Optional[int] = None,
ip: Optional[str] = None,
ip_managed_by_fortiipam: Optional[str] = None,
ipmac: Optional[str] = None,
ips_sniffer_mode: Optional[str] = None,
ipunnumbered: Optional[str] = None,
ipv6: Optional[InterfaceIpv6Args] = None,
l2forward: Optional[str] = None,
lacp_ha_secondary: Optional[str] = None,
lacp_ha_slave: Optional[str] = None,
lacp_mode: Optional[str] = None,
lacp_speed: Optional[str] = None,
lcp_echo_interval: Optional[int] = None,
lcp_max_echo_fails: Optional[int] = None,
link_up_delay: Optional[int] = None,
lldp_network_policy: Optional[str] = None,
lldp_reception: Optional[str] = None,
lldp_transmission: Optional[str] = None,
macaddr: Optional[str] = None,
managed_devices: Optional[Sequence[InterfaceManagedDeviceArgs]] = None,
managed_subnetwork_size: Optional[str] = None,
management_ip: Optional[str] = None,
measured_downstream_bandwidth: Optional[int] = None,
measured_upstream_bandwidth: Optional[int] = None,
mediatype: Optional[str] = None,
members: Optional[Sequence[InterfaceMemberArgs]] = None,
min_links: Optional[int] = None,
min_links_down: Optional[str] = None,
mode: Optional[str] = None,
monitor_bandwidth: Optional[str] = None,
mtu: Optional[int] = None,
mtu_override: Optional[str] = None,
name: Optional[str] = None,
ndiscforward: Optional[str] = None,
netbios_forward: Optional[str] = None,
netflow_sampler: Optional[str] = None,
outbandwidth: Optional[int] = None,
padt_retry_timeout: Optional[int] = None,
password: Optional[str] = None,
ping_serv_status: Optional[int] = None,
polling_interval: Optional[int] = None,
pppoe_unnumbered_negotiate: Optional[str] = None,
pptp_auth_type: Optional[str] = None,
pptp_client: Optional[str] = None,
pptp_password: Optional[str] = None,
pptp_server_ip: Optional[str] = None,
pptp_timeout: Optional[int] = None,
pptp_user: Optional[str] = None,
preserve_session_route: Optional[str] = None,
priority: Optional[int] = None,
priority_override: Optional[str] = None,
proxy_captive_portal: Optional[str] = None,
reachable_time: Optional[int] = None,
redundant_interface: Optional[str] = None,
remote_ip: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
ring_rx: Optional[int] = None,
ring_tx: Optional[int] = None,
role: Optional[str] = None,
sample_direction: Optional[str] = None,
sample_rate: Optional[int] = None,
scan_botnet_connections: Optional[str] = None,
secondary_ip: Optional[str] = None,
secondaryips: Optional[Sequence[InterfaceSecondaryipArgs]] = None,
security_exempt_list: Optional[str] = None,
security_external_logout: Optional[str] = None,
security_external_web: Optional[str] = None,
security_groups: Optional[Sequence[InterfaceSecurityGroupArgs]] = None,
security_mac_auth_bypass: Optional[str] = None,
security_mode: Optional[str] = None,
security_redirect_url: Optional[str] = None,
service_name: Optional[str] = None,
sflow_sampler: Optional[str] = None,
snmp_index: Optional[int] = None,
speed: Optional[str] = None,
spillover_threshold: Optional[int] = None,
src_check: Optional[str] = None,
status: Optional[str] = None,
stp: Optional[str] = None,
stp_ha_secondary: Optional[str] = None,
stpforward: Optional[str] = None,
stpforward_mode: Optional[str] = None,
subst: Optional[str] = None,
substitute_dst_mac: Optional[str] = None,
swc_first_create: Optional[int] = None,
swc_vlan: Optional[int] = None,
switch: Optional[str] = None,
switch_controller_access_vlan: Optional[str] = None,
switch_controller_arp_inspection: Optional[str] = None,
switch_controller_dhcp_snooping: Optional[str] = None,
switch_controller_dhcp_snooping_option82: Optional[str] = None,
switch_controller_dhcp_snooping_verify_mac: Optional[str] = None,
switch_controller_dynamic: Optional[str] = None,
switch_controller_feature: Optional[str] = None,
switch_controller_igmp_snooping: Optional[str] = None,
switch_controller_igmp_snooping_fast_leave: Optional[str] = None,
switch_controller_igmp_snooping_proxy: Optional[str] = None,
switch_controller_iot_scanning: Optional[str] = None,
switch_controller_learning_limit: Optional[int] = None,
switch_controller_mgmt_vlan: Optional[int] = None,
switch_controller_nac: Optional[str] = None,
switch_controller_netflow_collect: Optional[str] = None,
switch_controller_offload: Optional[str] = None,
switch_controller_offload_gw: Optional[str] = None,
switch_controller_offload_ip: Optional[str] = None,
switch_controller_rspan_mode: Optional[str] = None,
switch_controller_source_ip: Optional[str] = None,
switch_controller_traffic_policy: Optional[str] = None,
system_id: Optional[str] = None,
system_id_type: Optional[str] = None,
taggings: Optional[Sequence[InterfaceTaggingArgs]] = None,
tcp_mss: Optional[int] = None,
trunk: Optional[str] = None,
trust_ip1: Optional[str] = None,
trust_ip2: Optional[str] = None,
trust_ip3: Optional[str] = None,
trust_ip61: Optional[str] = None,
trust_ip62: Optional[str] = None,
trust_ip63: Optional[str] = None,
type: Optional[str] = None,
username: Optional[str] = None,
vdomparam: Optional[str] = None,
vindex: Optional[int] = None,
vlan_protocol: Optional[str] = None,
vlanforward: Optional[str] = None,
vlanid: Optional[int] = None,
vrf: Optional[int] = None,
vrrp_virtual_mac: Optional[str] = None,
vrrps: Optional[Sequence[InterfaceVrrpArgs]] = None,
wccp: Optional[str] = None,
weight: Optional[int] = None,
wins_ip: Optional[str] = None)
func NewInterface(ctx *Context, name string, args InterfaceArgs, opts ...ResourceOption) (*Interface, error)
public Interface(string name, InterfaceArgs args, CustomResourceOptions? opts = null)
public Interface(String name, InterfaceArgs args)
public Interface(String name, InterfaceArgs args, CustomResourceOptions options)
type: fortios:system:Interface
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InterfaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InterfaceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InterfaceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InterfaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InterfaceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var interfaceResource = new Fortios.System.Interface("interfaceResource", new()
{
Vdom = "string",
AcName = "string",
Aggregate = "string",
AggregateType = "string",
Algorithm = "string",
Alias = "string",
Allowaccess = "string",
ApDiscover = "string",
Arpforward = "string",
AuthCert = "string",
AuthPortalAddr = "string",
AuthType = "string",
AutoAuthExtensionDevice = "string",
Autogenerated = "string",
BandwidthMeasureTime = 0,
Bfd = "string",
BfdDesiredMinTx = 0,
BfdDetectMult = 0,
BfdRequiredMinRx = 0,
BroadcastForticlientDiscovery = "string",
BroadcastForward = "string",
CaptivePortal = 0,
CliConnStatus = 0,
ClientOptions = new[]
{
new Fortios.System.Inputs.InterfaceClientOptionArgs
{
Code = 0,
Id = 0,
Ip = "string",
Type = "string",
Value = "string",
},
},
Color = 0,
DedicatedTo = "string",
DefaultPurdueLevel = "string",
Defaultgw = "string",
Description = "string",
DetectedPeerMtu = 0,
Detectprotocol = "string",
Detectserver = "string",
DeviceAccessList = "string",
DeviceIdentification = "string",
DeviceIdentificationActiveScan = "string",
DeviceNetscan = "string",
DeviceUserIdentification = "string",
Devindex = 0,
DhcpBroadcastFlag = "string",
DhcpClasslessRouteAddition = "string",
DhcpClientIdentifier = "string",
DhcpRelayAgentOption = "string",
DhcpRelayAllowNoEndOption = "string",
DhcpRelayCircuitId = "string",
DhcpRelayInterface = "string",
DhcpRelayInterfaceSelectMethod = "string",
DhcpRelayIp = "string",
DhcpRelayLinkSelection = "string",
DhcpRelayRequestAllServer = "string",
DhcpRelayService = "string",
DhcpRelaySourceIp = "string",
DhcpRelayType = "string",
DhcpRenewTime = 0,
DhcpSmartRelay = "string",
DhcpSnoopingServerLists = new[]
{
new Fortios.System.Inputs.InterfaceDhcpSnoopingServerListArgs
{
Name = "string",
ServerIp = "string",
},
},
DiscRetryTimeout = 0,
DisconnectThreshold = 0,
Distance = 0,
DnsServerOverride = "string",
DnsServerProtocol = "string",
DropFragment = "string",
DropOverlappedFragment = "string",
DynamicSortSubtable = "string",
EapCaCert = "string",
EapIdentity = "string",
EapMethod = "string",
EapPassword = "string",
EapSupplicant = "string",
EapUserCert = "string",
EgressShapingProfile = "string",
EndpointCompliance = "string",
EstimatedDownstreamBandwidth = 0,
EstimatedUpstreamBandwidth = 0,
ExplicitFtpProxy = "string",
ExplicitWebProxy = "string",
External = "string",
FailActionOnExtender = "string",
FailAlertInterfaces = new[]
{
new Fortios.System.Inputs.InterfaceFailAlertInterfaceArgs
{
Name = "string",
},
},
FailAlertMethod = "string",
FailDetect = "string",
FailDetectOption = "string",
Fortiheartbeat = "string",
Fortilink = "string",
FortilinkBackupLink = 0,
FortilinkNeighborDetect = "string",
FortilinkSplitInterface = "string",
FortilinkStacking = "string",
ForwardDomain = 0,
ForwardErrorCorrection = "string",
GetAllTables = "string",
Gwdetect = "string",
HaPriority = 0,
IcmpAcceptRedirect = "string",
IcmpSendRedirect = "string",
IdentAccept = "string",
IdleTimeout = 0,
IkeSamlServer = "string",
Inbandwidth = 0,
IngressShapingProfile = "string",
IngressSpilloverThreshold = 0,
Data = "string",
Internal = 0,
Ip = "string",
IpManagedByFortiipam = "string",
Ipmac = "string",
IpsSnifferMode = "string",
Ipunnumbered = "string",
Ipv6 = new Fortios.System.Inputs.InterfaceIpv6Args
{
Autoconf = "string",
CliConn6Status = 0,
Dhcp6ClientOptions = "string",
Dhcp6IapdLists = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Dhcp6IapdListArgs
{
Iaid = 0,
PrefixHint = "string",
PrefixHintPlt = 0,
PrefixHintVlt = 0,
},
},
Dhcp6InformationRequest = "string",
Dhcp6PrefixDelegation = "string",
Dhcp6PrefixHint = "string",
Dhcp6PrefixHintPlt = 0,
Dhcp6PrefixHintVlt = 0,
Dhcp6RelayInterfaceId = "string",
Dhcp6RelayIp = "string",
Dhcp6RelayService = "string",
Dhcp6RelaySourceInterface = "string",
Dhcp6RelaySourceIp = "string",
Dhcp6RelayType = "string",
Icmp6SendRedirect = "string",
InterfaceIdentifier = "string",
Ip6Address = "string",
Ip6Allowaccess = "string",
Ip6DefaultLife = 0,
Ip6DelegatedPrefixIaid = 0,
Ip6DelegatedPrefixLists = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Ip6DelegatedPrefixListArgs
{
AutonomousFlag = "string",
DelegatedPrefixIaid = 0,
OnlinkFlag = "string",
PrefixId = 0,
Rdnss = "string",
RdnssService = "string",
Subnet = "string",
UpstreamInterface = "string",
},
},
Ip6DnsServerOverride = "string",
Ip6ExtraAddrs = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Ip6ExtraAddrArgs
{
Prefix = "string",
},
},
Ip6HopLimit = 0,
Ip6LinkMtu = 0,
Ip6ManageFlag = "string",
Ip6MaxInterval = 0,
Ip6MinInterval = 0,
Ip6Mode = "string",
Ip6OtherFlag = "string",
Ip6PrefixLists = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Ip6PrefixListArgs
{
AutonomousFlag = "string",
Dnssls = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Ip6PrefixListDnsslArgs
{
Domain = "string",
},
},
OnlinkFlag = "string",
PreferredLifeTime = 0,
Prefix = "string",
Rdnss = "string",
ValidLifeTime = 0,
},
},
Ip6PrefixMode = "string",
Ip6ReachableTime = 0,
Ip6RetransTime = 0,
Ip6SendAdv = "string",
Ip6Subnet = "string",
Ip6UpstreamInterface = "string",
NdCert = "string",
NdCgaModifier = "string",
NdMode = "string",
NdSecurityLevel = 0,
NdTimestampDelta = 0,
NdTimestampFuzz = 0,
RaSendMtu = "string",
UniqueAutoconfAddr = "string",
Vrip6LinkLocal = "string",
Vrrp6s = new[]
{
new Fortios.System.Inputs.InterfaceIpv6Vrrp6Args
{
AcceptMode = "string",
AdvInterval = 0,
IgnoreDefaultRoute = "string",
Preempt = "string",
Priority = 0,
StartTime = 0,
Status = "string",
Vrdst6 = "string",
Vrgrp = 0,
Vrid = 0,
Vrip6 = "string",
},
},
VrrpVirtualMac6 = "string",
},
L2forward = "string",
LacpHaSecondary = "string",
LacpHaSlave = "string",
LacpMode = "string",
LacpSpeed = "string",
LcpEchoInterval = 0,
LcpMaxEchoFails = 0,
LinkUpDelay = 0,
LldpNetworkPolicy = "string",
LldpReception = "string",
LldpTransmission = "string",
Macaddr = "string",
ManagedDevices = new[]
{
new Fortios.System.Inputs.InterfaceManagedDeviceArgs
{
Name = "string",
},
},
ManagedSubnetworkSize = "string",
ManagementIp = "string",
MeasuredDownstreamBandwidth = 0,
MeasuredUpstreamBandwidth = 0,
Mediatype = "string",
Members = new[]
{
new Fortios.System.Inputs.InterfaceMemberArgs
{
InterfaceName = "string",
},
},
MinLinks = 0,
MinLinksDown = "string",
Mode = "string",
MonitorBandwidth = "string",
Mtu = 0,
MtuOverride = "string",
Name = "string",
Ndiscforward = "string",
NetbiosForward = "string",
NetflowSampler = "string",
Outbandwidth = 0,
PadtRetryTimeout = 0,
Password = "string",
PingServStatus = 0,
PollingInterval = 0,
PppoeUnnumberedNegotiate = "string",
PptpAuthType = "string",
PptpClient = "string",
PptpPassword = "string",
PptpServerIp = "string",
PptpTimeout = 0,
PptpUser = "string",
PreserveSessionRoute = "string",
Priority = 0,
PriorityOverride = "string",
ProxyCaptivePortal = "string",
ReachableTime = 0,
RedundantInterface = "string",
RemoteIp = "string",
ReplacemsgOverrideGroup = "string",
RingRx = 0,
RingTx = 0,
Role = "string",
SampleDirection = "string",
SampleRate = 0,
ScanBotnetConnections = "string",
SecondaryIp = "string",
Secondaryips = new[]
{
new Fortios.System.Inputs.InterfaceSecondaryipArgs
{
Allowaccess = "string",
Detectprotocol = "string",
Detectserver = "string",
Gwdetect = "string",
HaPriority = 0,
Id = 0,
Ip = "string",
PingServStatus = 0,
SecipRelayIp = "string",
},
},
SecurityExemptList = "string",
SecurityExternalLogout = "string",
SecurityExternalWeb = "string",
SecurityGroups = new[]
{
new Fortios.System.Inputs.InterfaceSecurityGroupArgs
{
Name = "string",
},
},
SecurityMacAuthBypass = "string",
SecurityMode = "string",
SecurityRedirectUrl = "string",
ServiceName = "string",
SflowSampler = "string",
SnmpIndex = 0,
Speed = "string",
SpilloverThreshold = 0,
SrcCheck = "string",
Status = "string",
Stp = "string",
StpHaSecondary = "string",
Stpforward = "string",
StpforwardMode = "string",
Subst = "string",
SubstituteDstMac = "string",
SwcFirstCreate = 0,
SwcVlan = 0,
Switch = "string",
SwitchControllerAccessVlan = "string",
SwitchControllerArpInspection = "string",
SwitchControllerDhcpSnooping = "string",
SwitchControllerDhcpSnoopingOption82 = "string",
SwitchControllerDhcpSnoopingVerifyMac = "string",
SwitchControllerDynamic = "string",
SwitchControllerFeature = "string",
SwitchControllerIgmpSnooping = "string",
SwitchControllerIgmpSnoopingFastLeave = "string",
SwitchControllerIgmpSnoopingProxy = "string",
SwitchControllerIotScanning = "string",
SwitchControllerLearningLimit = 0,
SwitchControllerMgmtVlan = 0,
SwitchControllerNac = "string",
SwitchControllerNetflowCollect = "string",
SwitchControllerOffload = "string",
SwitchControllerOffloadGw = "string",
SwitchControllerOffloadIp = "string",
SwitchControllerRspanMode = "string",
SwitchControllerSourceIp = "string",
SwitchControllerTrafficPolicy = "string",
SystemId = "string",
SystemIdType = "string",
Taggings = new[]
{
new Fortios.System.Inputs.InterfaceTaggingArgs
{
Category = "string",
Name = "string",
Tags = new[]
{
new Fortios.System.Inputs.InterfaceTaggingTagArgs
{
Name = "string",
},
},
},
},
TcpMss = 0,
Trunk = "string",
TrustIp1 = "string",
TrustIp2 = "string",
TrustIp3 = "string",
TrustIp61 = "string",
TrustIp62 = "string",
TrustIp63 = "string",
Type = "string",
Username = "string",
Vdomparam = "string",
Vindex = 0,
VlanProtocol = "string",
Vlanforward = "string",
Vlanid = 0,
Vrf = 0,
VrrpVirtualMac = "string",
Vrrps = new[]
{
new Fortios.System.Inputs.InterfaceVrrpArgs
{
AcceptMode = "string",
AdvInterval = 0,
IgnoreDefaultRoute = "string",
Preempt = "string",
Priority = 0,
ProxyArps = new[]
{
new Fortios.System.Inputs.InterfaceVrrpProxyArpArgs
{
Id = 0,
Ip = "string",
},
},
StartTime = 0,
Status = "string",
Version = "string",
Vrdst = "string",
VrdstPriority = 0,
Vrgrp = 0,
Vrid = 0,
Vrip = "string",
},
},
Wccp = "string",
Weight = 0,
WinsIp = "string",
});
example, err := system.NewInterface(ctx, "interfaceResource", &system.InterfaceArgs{
Vdom: pulumi.String("string"),
AcName: pulumi.String("string"),
Aggregate: pulumi.String("string"),
AggregateType: pulumi.String("string"),
Algorithm: pulumi.String("string"),
Alias: pulumi.String("string"),
Allowaccess: pulumi.String("string"),
ApDiscover: pulumi.String("string"),
Arpforward: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthPortalAddr: pulumi.String("string"),
AuthType: pulumi.String("string"),
AutoAuthExtensionDevice: pulumi.String("string"),
Autogenerated: pulumi.String("string"),
BandwidthMeasureTime: pulumi.Int(0),
Bfd: pulumi.String("string"),
BfdDesiredMinTx: pulumi.Int(0),
BfdDetectMult: pulumi.Int(0),
BfdRequiredMinRx: pulumi.Int(0),
BroadcastForticlientDiscovery: pulumi.String("string"),
BroadcastForward: pulumi.String("string"),
CaptivePortal: pulumi.Int(0),
CliConnStatus: pulumi.Int(0),
ClientOptions: system.InterfaceClientOptionArray{
&system.InterfaceClientOptionArgs{
Code: pulumi.Int(0),
Id: pulumi.Int(0),
Ip: pulumi.String("string"),
Type: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Color: pulumi.Int(0),
DedicatedTo: pulumi.String("string"),
DefaultPurdueLevel: pulumi.String("string"),
Defaultgw: pulumi.String("string"),
Description: pulumi.String("string"),
DetectedPeerMtu: pulumi.Int(0),
Detectprotocol: pulumi.String("string"),
Detectserver: pulumi.String("string"),
DeviceAccessList: pulumi.String("string"),
DeviceIdentification: pulumi.String("string"),
DeviceIdentificationActiveScan: pulumi.String("string"),
DeviceNetscan: pulumi.String("string"),
DeviceUserIdentification: pulumi.String("string"),
Devindex: pulumi.Int(0),
DhcpBroadcastFlag: pulumi.String("string"),
DhcpClasslessRouteAddition: pulumi.String("string"),
DhcpClientIdentifier: pulumi.String("string"),
DhcpRelayAgentOption: pulumi.String("string"),
DhcpRelayAllowNoEndOption: pulumi.String("string"),
DhcpRelayCircuitId: pulumi.String("string"),
DhcpRelayInterface: pulumi.String("string"),
DhcpRelayInterfaceSelectMethod: pulumi.String("string"),
DhcpRelayIp: pulumi.String("string"),
DhcpRelayLinkSelection: pulumi.String("string"),
DhcpRelayRequestAllServer: pulumi.String("string"),
DhcpRelayService: pulumi.String("string"),
DhcpRelaySourceIp: pulumi.String("string"),
DhcpRelayType: pulumi.String("string"),
DhcpRenewTime: pulumi.Int(0),
DhcpSmartRelay: pulumi.String("string"),
DhcpSnoopingServerLists: system.InterfaceDhcpSnoopingServerListArray{
&system.InterfaceDhcpSnoopingServerListArgs{
Name: pulumi.String("string"),
ServerIp: pulumi.String("string"),
},
},
DiscRetryTimeout: pulumi.Int(0),
DisconnectThreshold: pulumi.Int(0),
Distance: pulumi.Int(0),
DnsServerOverride: pulumi.String("string"),
DnsServerProtocol: pulumi.String("string"),
DropFragment: pulumi.String("string"),
DropOverlappedFragment: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EapCaCert: pulumi.String("string"),
EapIdentity: pulumi.String("string"),
EapMethod: pulumi.String("string"),
EapPassword: pulumi.String("string"),
EapSupplicant: pulumi.String("string"),
EapUserCert: pulumi.String("string"),
EgressShapingProfile: pulumi.String("string"),
EndpointCompliance: pulumi.String("string"),
EstimatedDownstreamBandwidth: pulumi.Int(0),
EstimatedUpstreamBandwidth: pulumi.Int(0),
ExplicitFtpProxy: pulumi.String("string"),
ExplicitWebProxy: pulumi.String("string"),
External: pulumi.String("string"),
FailActionOnExtender: pulumi.String("string"),
FailAlertInterfaces: system.InterfaceFailAlertInterfaceArray{
&system.InterfaceFailAlertInterfaceArgs{
Name: pulumi.String("string"),
},
},
FailAlertMethod: pulumi.String("string"),
FailDetect: pulumi.String("string"),
FailDetectOption: pulumi.String("string"),
Fortiheartbeat: pulumi.String("string"),
Fortilink: pulumi.String("string"),
FortilinkBackupLink: pulumi.Int(0),
FortilinkNeighborDetect: pulumi.String("string"),
FortilinkSplitInterface: pulumi.String("string"),
FortilinkStacking: pulumi.String("string"),
ForwardDomain: pulumi.Int(0),
ForwardErrorCorrection: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
Gwdetect: pulumi.String("string"),
HaPriority: pulumi.Int(0),
IcmpAcceptRedirect: pulumi.String("string"),
IcmpSendRedirect: pulumi.String("string"),
IdentAccept: pulumi.String("string"),
IdleTimeout: pulumi.Int(0),
IkeSamlServer: pulumi.String("string"),
Inbandwidth: pulumi.Int(0),
IngressShapingProfile: pulumi.String("string"),
IngressSpilloverThreshold: pulumi.Int(0),
Interface: pulumi.String("string"),
Internal: pulumi.Int(0),
Ip: pulumi.String("string"),
IpManagedByFortiipam: pulumi.String("string"),
Ipmac: pulumi.String("string"),
IpsSnifferMode: pulumi.String("string"),
Ipunnumbered: pulumi.String("string"),
Ipv6: &system.InterfaceIpv6Args{
Autoconf: pulumi.String("string"),
CliConn6Status: pulumi.Int(0),
Dhcp6ClientOptions: pulumi.String("string"),
Dhcp6IapdLists: system.InterfaceIpv6Dhcp6IapdListArray{
&system.InterfaceIpv6Dhcp6IapdListArgs{
Iaid: pulumi.Int(0),
PrefixHint: pulumi.String("string"),
PrefixHintPlt: pulumi.Int(0),
PrefixHintVlt: pulumi.Int(0),
},
},
Dhcp6InformationRequest: pulumi.String("string"),
Dhcp6PrefixDelegation: pulumi.String("string"),
Dhcp6PrefixHint: pulumi.String("string"),
Dhcp6PrefixHintPlt: pulumi.Int(0),
Dhcp6PrefixHintVlt: pulumi.Int(0),
Dhcp6RelayInterfaceId: pulumi.String("string"),
Dhcp6RelayIp: pulumi.String("string"),
Dhcp6RelayService: pulumi.String("string"),
Dhcp6RelaySourceInterface: pulumi.String("string"),
Dhcp6RelaySourceIp: pulumi.String("string"),
Dhcp6RelayType: pulumi.String("string"),
Icmp6SendRedirect: pulumi.String("string"),
InterfaceIdentifier: pulumi.String("string"),
Ip6Address: pulumi.String("string"),
Ip6Allowaccess: pulumi.String("string"),
Ip6DefaultLife: pulumi.Int(0),
Ip6DelegatedPrefixIaid: pulumi.Int(0),
Ip6DelegatedPrefixLists: system.InterfaceIpv6Ip6DelegatedPrefixListArray{
&system.InterfaceIpv6Ip6DelegatedPrefixListArgs{
AutonomousFlag: pulumi.String("string"),
DelegatedPrefixIaid: pulumi.Int(0),
OnlinkFlag: pulumi.String("string"),
PrefixId: pulumi.Int(0),
Rdnss: pulumi.String("string"),
RdnssService: pulumi.String("string"),
Subnet: pulumi.String("string"),
UpstreamInterface: pulumi.String("string"),
},
},
Ip6DnsServerOverride: pulumi.String("string"),
Ip6ExtraAddrs: system.InterfaceIpv6Ip6ExtraAddrArray{
&system.InterfaceIpv6Ip6ExtraAddrArgs{
Prefix: pulumi.String("string"),
},
},
Ip6HopLimit: pulumi.Int(0),
Ip6LinkMtu: pulumi.Int(0),
Ip6ManageFlag: pulumi.String("string"),
Ip6MaxInterval: pulumi.Int(0),
Ip6MinInterval: pulumi.Int(0),
Ip6Mode: pulumi.String("string"),
Ip6OtherFlag: pulumi.String("string"),
Ip6PrefixLists: system.InterfaceIpv6Ip6PrefixListArray{
&system.InterfaceIpv6Ip6PrefixListArgs{
AutonomousFlag: pulumi.String("string"),
Dnssls: system.InterfaceIpv6Ip6PrefixListDnsslArray{
&system.InterfaceIpv6Ip6PrefixListDnsslArgs{
Domain: pulumi.String("string"),
},
},
OnlinkFlag: pulumi.String("string"),
PreferredLifeTime: pulumi.Int(0),
Prefix: pulumi.String("string"),
Rdnss: pulumi.String("string"),
ValidLifeTime: pulumi.Int(0),
},
},
Ip6PrefixMode: pulumi.String("string"),
Ip6ReachableTime: pulumi.Int(0),
Ip6RetransTime: pulumi.Int(0),
Ip6SendAdv: pulumi.String("string"),
Ip6Subnet: pulumi.String("string"),
Ip6UpstreamInterface: pulumi.String("string"),
NdCert: pulumi.String("string"),
NdCgaModifier: pulumi.String("string"),
NdMode: pulumi.String("string"),
NdSecurityLevel: pulumi.Int(0),
NdTimestampDelta: pulumi.Int(0),
NdTimestampFuzz: pulumi.Int(0),
RaSendMtu: pulumi.String("string"),
UniqueAutoconfAddr: pulumi.String("string"),
Vrip6LinkLocal: pulumi.String("string"),
Vrrp6s: system.InterfaceIpv6Vrrp6Array{
&system.InterfaceIpv6Vrrp6Args{
AcceptMode: pulumi.String("string"),
AdvInterval: pulumi.Int(0),
IgnoreDefaultRoute: pulumi.String("string"),
Preempt: pulumi.String("string"),
Priority: pulumi.Int(0),
StartTime: pulumi.Int(0),
Status: pulumi.String("string"),
Vrdst6: pulumi.String("string"),
Vrgrp: pulumi.Int(0),
Vrid: pulumi.Int(0),
Vrip6: pulumi.String("string"),
},
},
VrrpVirtualMac6: pulumi.String("string"),
},
L2forward: pulumi.String("string"),
LacpHaSecondary: pulumi.String("string"),
LacpHaSlave: pulumi.String("string"),
LacpMode: pulumi.String("string"),
LacpSpeed: pulumi.String("string"),
LcpEchoInterval: pulumi.Int(0),
LcpMaxEchoFails: pulumi.Int(0),
LinkUpDelay: pulumi.Int(0),
LldpNetworkPolicy: pulumi.String("string"),
LldpReception: pulumi.String("string"),
LldpTransmission: pulumi.String("string"),
Macaddr: pulumi.String("string"),
ManagedDevices: system.InterfaceManagedDeviceArray{
&system.InterfaceManagedDeviceArgs{
Name: pulumi.String("string"),
},
},
ManagedSubnetworkSize: pulumi.String("string"),
ManagementIp: pulumi.String("string"),
MeasuredDownstreamBandwidth: pulumi.Int(0),
MeasuredUpstreamBandwidth: pulumi.Int(0),
Mediatype: pulumi.String("string"),
Members: system.InterfaceMemberArray{
&system.InterfaceMemberArgs{
InterfaceName: pulumi.String("string"),
},
},
MinLinks: pulumi.Int(0),
MinLinksDown: pulumi.String("string"),
Mode: pulumi.String("string"),
MonitorBandwidth: pulumi.String("string"),
Mtu: pulumi.Int(0),
MtuOverride: pulumi.String("string"),
Name: pulumi.String("string"),
Ndiscforward: pulumi.String("string"),
NetbiosForward: pulumi.String("string"),
NetflowSampler: pulumi.String("string"),
Outbandwidth: pulumi.Int(0),
PadtRetryTimeout: pulumi.Int(0),
Password: pulumi.String("string"),
PingServStatus: pulumi.Int(0),
PollingInterval: pulumi.Int(0),
PppoeUnnumberedNegotiate: pulumi.String("string"),
PptpAuthType: pulumi.String("string"),
PptpClient: pulumi.String("string"),
PptpPassword: pulumi.String("string"),
PptpServerIp: pulumi.String("string"),
PptpTimeout: pulumi.Int(0),
PptpUser: pulumi.String("string"),
PreserveSessionRoute: pulumi.String("string"),
Priority: pulumi.Int(0),
PriorityOverride: pulumi.String("string"),
ProxyCaptivePortal: pulumi.String("string"),
ReachableTime: pulumi.Int(0),
RedundantInterface: pulumi.String("string"),
RemoteIp: pulumi.String("string"),
ReplacemsgOverrideGroup: pulumi.String("string"),
RingRx: pulumi.Int(0),
RingTx: pulumi.Int(0),
Role: pulumi.String("string"),
SampleDirection: pulumi.String("string"),
SampleRate: pulumi.Int(0),
ScanBotnetConnections: pulumi.String("string"),
SecondaryIp: pulumi.String("string"),
Secondaryips: system.InterfaceSecondaryipArray{
&system.InterfaceSecondaryipArgs{
Allowaccess: pulumi.String("string"),
Detectprotocol: pulumi.String("string"),
Detectserver: pulumi.String("string"),
Gwdetect: pulumi.String("string"),
HaPriority: pulumi.Int(0),
Id: pulumi.Int(0),
Ip: pulumi.String("string"),
PingServStatus: pulumi.Int(0),
SecipRelayIp: pulumi.String("string"),
},
},
SecurityExemptList: pulumi.String("string"),
SecurityExternalLogout: pulumi.String("string"),
SecurityExternalWeb: pulumi.String("string"),
SecurityGroups: system.InterfaceSecurityGroupArray{
&system.InterfaceSecurityGroupArgs{
Name: pulumi.String("string"),
},
},
SecurityMacAuthBypass: pulumi.String("string"),
SecurityMode: pulumi.String("string"),
SecurityRedirectUrl: pulumi.String("string"),
ServiceName: pulumi.String("string"),
SflowSampler: pulumi.String("string"),
SnmpIndex: pulumi.Int(0),
Speed: pulumi.String("string"),
SpilloverThreshold: pulumi.Int(0),
SrcCheck: pulumi.String("string"),
Status: pulumi.String("string"),
Stp: pulumi.String("string"),
StpHaSecondary: pulumi.String("string"),
Stpforward: pulumi.String("string"),
StpforwardMode: pulumi.String("string"),
Subst: pulumi.String("string"),
SubstituteDstMac: pulumi.String("string"),
SwcFirstCreate: pulumi.Int(0),
SwcVlan: pulumi.Int(0),
Switch: pulumi.String("string"),
SwitchControllerAccessVlan: pulumi.String("string"),
SwitchControllerArpInspection: pulumi.String("string"),
SwitchControllerDhcpSnooping: pulumi.String("string"),
SwitchControllerDhcpSnoopingOption82: pulumi.String("string"),
SwitchControllerDhcpSnoopingVerifyMac: pulumi.String("string"),
SwitchControllerDynamic: pulumi.String("string"),
SwitchControllerFeature: pulumi.String("string"),
SwitchControllerIgmpSnooping: pulumi.String("string"),
SwitchControllerIgmpSnoopingFastLeave: pulumi.String("string"),
SwitchControllerIgmpSnoopingProxy: pulumi.String("string"),
SwitchControllerIotScanning: pulumi.String("string"),
SwitchControllerLearningLimit: pulumi.Int(0),
SwitchControllerMgmtVlan: pulumi.Int(0),
SwitchControllerNac: pulumi.String("string"),
SwitchControllerNetflowCollect: pulumi.String("string"),
SwitchControllerOffload: pulumi.String("string"),
SwitchControllerOffloadGw: pulumi.String("string"),
SwitchControllerOffloadIp: pulumi.String("string"),
SwitchControllerRspanMode: pulumi.String("string"),
SwitchControllerSourceIp: pulumi.String("string"),
SwitchControllerTrafficPolicy: pulumi.String("string"),
SystemId: pulumi.String("string"),
SystemIdType: pulumi.String("string"),
Taggings: system.InterfaceTaggingArray{
&system.InterfaceTaggingArgs{
Category: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: system.InterfaceTaggingTagArray{
&system.InterfaceTaggingTagArgs{
Name: pulumi.String("string"),
},
},
},
},
TcpMss: pulumi.Int(0),
Trunk: pulumi.String("string"),
TrustIp1: pulumi.String("string"),
TrustIp2: pulumi.String("string"),
TrustIp3: pulumi.String("string"),
TrustIp61: pulumi.String("string"),
TrustIp62: pulumi.String("string"),
TrustIp63: pulumi.String("string"),
Type: pulumi.String("string"),
Username: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
Vindex: pulumi.Int(0),
VlanProtocol: pulumi.String("string"),
Vlanforward: pulumi.String("string"),
Vlanid: pulumi.Int(0),
Vrf: pulumi.Int(0),
VrrpVirtualMac: pulumi.String("string"),
Vrrps: system.InterfaceVrrpArray{
&system.InterfaceVrrpArgs{
AcceptMode: pulumi.String("string"),
AdvInterval: pulumi.Int(0),
IgnoreDefaultRoute: pulumi.String("string"),
Preempt: pulumi.String("string"),
Priority: pulumi.Int(0),
ProxyArps: system.InterfaceVrrpProxyArpArray{
&system.InterfaceVrrpProxyArpArgs{
Id: pulumi.Int(0),
Ip: pulumi.String("string"),
},
},
StartTime: pulumi.Int(0),
Status: pulumi.String("string"),
Version: pulumi.String("string"),
Vrdst: pulumi.String("string"),
VrdstPriority: pulumi.Int(0),
Vrgrp: pulumi.Int(0),
Vrid: pulumi.Int(0),
Vrip: pulumi.String("string"),
},
},
Wccp: pulumi.String("string"),
Weight: pulumi.Int(0),
WinsIp: pulumi.String("string"),
})
var interfaceResource = new Interface("interfaceResource", InterfaceArgs.builder()
.vdom("string")
.acName("string")
.aggregate("string")
.aggregateType("string")
.algorithm("string")
.alias("string")
.allowaccess("string")
.apDiscover("string")
.arpforward("string")
.authCert("string")
.authPortalAddr("string")
.authType("string")
.autoAuthExtensionDevice("string")
.autogenerated("string")
.bandwidthMeasureTime(0)
.bfd("string")
.bfdDesiredMinTx(0)
.bfdDetectMult(0)
.bfdRequiredMinRx(0)
.broadcastForticlientDiscovery("string")
.broadcastForward("string")
.captivePortal(0)
.cliConnStatus(0)
.clientOptions(InterfaceClientOptionArgs.builder()
.code(0)
.id(0)
.ip("string")
.type("string")
.value("string")
.build())
.color(0)
.dedicatedTo("string")
.defaultPurdueLevel("string")
.defaultgw("string")
.description("string")
.detectedPeerMtu(0)
.detectprotocol("string")
.detectserver("string")
.deviceAccessList("string")
.deviceIdentification("string")
.deviceIdentificationActiveScan("string")
.deviceNetscan("string")
.deviceUserIdentification("string")
.devindex(0)
.dhcpBroadcastFlag("string")
.dhcpClasslessRouteAddition("string")
.dhcpClientIdentifier("string")
.dhcpRelayAgentOption("string")
.dhcpRelayAllowNoEndOption("string")
.dhcpRelayCircuitId("string")
.dhcpRelayInterface("string")
.dhcpRelayInterfaceSelectMethod("string")
.dhcpRelayIp("string")
.dhcpRelayLinkSelection("string")
.dhcpRelayRequestAllServer("string")
.dhcpRelayService("string")
.dhcpRelaySourceIp("string")
.dhcpRelayType("string")
.dhcpRenewTime(0)
.dhcpSmartRelay("string")
.dhcpSnoopingServerLists(InterfaceDhcpSnoopingServerListArgs.builder()
.name("string")
.serverIp("string")
.build())
.discRetryTimeout(0)
.disconnectThreshold(0)
.distance(0)
.dnsServerOverride("string")
.dnsServerProtocol("string")
.dropFragment("string")
.dropOverlappedFragment("string")
.dynamicSortSubtable("string")
.eapCaCert("string")
.eapIdentity("string")
.eapMethod("string")
.eapPassword("string")
.eapSupplicant("string")
.eapUserCert("string")
.egressShapingProfile("string")
.endpointCompliance("string")
.estimatedDownstreamBandwidth(0)
.estimatedUpstreamBandwidth(0)
.explicitFtpProxy("string")
.explicitWebProxy("string")
.external("string")
.failActionOnExtender("string")
.failAlertInterfaces(InterfaceFailAlertInterfaceArgs.builder()
.name("string")
.build())
.failAlertMethod("string")
.failDetect("string")
.failDetectOption("string")
.fortiheartbeat("string")
.fortilink("string")
.fortilinkBackupLink(0)
.fortilinkNeighborDetect("string")
.fortilinkSplitInterface("string")
.fortilinkStacking("string")
.forwardDomain(0)
.forwardErrorCorrection("string")
.getAllTables("string")
.gwdetect("string")
.haPriority(0)
.icmpAcceptRedirect("string")
.icmpSendRedirect("string")
.identAccept("string")
.idleTimeout(0)
.ikeSamlServer("string")
.inbandwidth(0)
.ingressShapingProfile("string")
.ingressSpilloverThreshold(0)
.interface_("string")
.internal(0)
.ip("string")
.ipManagedByFortiipam("string")
.ipmac("string")
.ipsSnifferMode("string")
.ipunnumbered("string")
.ipv6(InterfaceIpv6Args.builder()
.autoconf("string")
.cliConn6Status(0)
.dhcp6ClientOptions("string")
.dhcp6IapdLists(InterfaceIpv6Dhcp6IapdListArgs.builder()
.iaid(0)
.prefixHint("string")
.prefixHintPlt(0)
.prefixHintVlt(0)
.build())
.dhcp6InformationRequest("string")
.dhcp6PrefixDelegation("string")
.dhcp6PrefixHint("string")
.dhcp6PrefixHintPlt(0)
.dhcp6PrefixHintVlt(0)
.dhcp6RelayInterfaceId("string")
.dhcp6RelayIp("string")
.dhcp6RelayService("string")
.dhcp6RelaySourceInterface("string")
.dhcp6RelaySourceIp("string")
.dhcp6RelayType("string")
.icmp6SendRedirect("string")
.interfaceIdentifier("string")
.ip6Address("string")
.ip6Allowaccess("string")
.ip6DefaultLife(0)
.ip6DelegatedPrefixIaid(0)
.ip6DelegatedPrefixLists(InterfaceIpv6Ip6DelegatedPrefixListArgs.builder()
.autonomousFlag("string")
.delegatedPrefixIaid(0)
.onlinkFlag("string")
.prefixId(0)
.rdnss("string")
.rdnssService("string")
.subnet("string")
.upstreamInterface("string")
.build())
.ip6DnsServerOverride("string")
.ip6ExtraAddrs(InterfaceIpv6Ip6ExtraAddrArgs.builder()
.prefix("string")
.build())
.ip6HopLimit(0)
.ip6LinkMtu(0)
.ip6ManageFlag("string")
.ip6MaxInterval(0)
.ip6MinInterval(0)
.ip6Mode("string")
.ip6OtherFlag("string")
.ip6PrefixLists(InterfaceIpv6Ip6PrefixListArgs.builder()
.autonomousFlag("string")
.dnssls(InterfaceIpv6Ip6PrefixListDnsslArgs.builder()
.domain("string")
.build())
.onlinkFlag("string")
.preferredLifeTime(0)
.prefix("string")
.rdnss("string")
.validLifeTime(0)
.build())
.ip6PrefixMode("string")
.ip6ReachableTime(0)
.ip6RetransTime(0)
.ip6SendAdv("string")
.ip6Subnet("string")
.ip6UpstreamInterface("string")
.ndCert("string")
.ndCgaModifier("string")
.ndMode("string")
.ndSecurityLevel(0)
.ndTimestampDelta(0)
.ndTimestampFuzz(0)
.raSendMtu("string")
.uniqueAutoconfAddr("string")
.vrip6LinkLocal("string")
.vrrp6s(InterfaceIpv6Vrrp6Args.builder()
.acceptMode("string")
.advInterval(0)
.ignoreDefaultRoute("string")
.preempt("string")
.priority(0)
.startTime(0)
.status("string")
.vrdst6("string")
.vrgrp(0)
.vrid(0)
.vrip6("string")
.build())
.vrrpVirtualMac6("string")
.build())
.l2forward("string")
.lacpHaSecondary("string")
.lacpHaSlave("string")
.lacpMode("string")
.lacpSpeed("string")
.lcpEchoInterval(0)
.lcpMaxEchoFails(0)
.linkUpDelay(0)
.lldpNetworkPolicy("string")
.lldpReception("string")
.lldpTransmission("string")
.macaddr("string")
.managedDevices(InterfaceManagedDeviceArgs.builder()
.name("string")
.build())
.managedSubnetworkSize("string")
.managementIp("string")
.measuredDownstreamBandwidth(0)
.measuredUpstreamBandwidth(0)
.mediatype("string")
.members(InterfaceMemberArgs.builder()
.interfaceName("string")
.build())
.minLinks(0)
.minLinksDown("string")
.mode("string")
.monitorBandwidth("string")
.mtu(0)
.mtuOverride("string")
.name("string")
.ndiscforward("string")
.netbiosForward("string")
.netflowSampler("string")
.outbandwidth(0)
.padtRetryTimeout(0)
.password("string")
.pingServStatus(0)
.pollingInterval(0)
.pppoeUnnumberedNegotiate("string")
.pptpAuthType("string")
.pptpClient("string")
.pptpPassword("string")
.pptpServerIp("string")
.pptpTimeout(0)
.pptpUser("string")
.preserveSessionRoute("string")
.priority(0)
.priorityOverride("string")
.proxyCaptivePortal("string")
.reachableTime(0)
.redundantInterface("string")
.remoteIp("string")
.replacemsgOverrideGroup("string")
.ringRx(0)
.ringTx(0)
.role("string")
.sampleDirection("string")
.sampleRate(0)
.scanBotnetConnections("string")
.secondaryIp("string")
.secondaryips(InterfaceSecondaryipArgs.builder()
.allowaccess("string")
.detectprotocol("string")
.detectserver("string")
.gwdetect("string")
.haPriority(0)
.id(0)
.ip("string")
.pingServStatus(0)
.secipRelayIp("string")
.build())
.securityExemptList("string")
.securityExternalLogout("string")
.securityExternalWeb("string")
.securityGroups(InterfaceSecurityGroupArgs.builder()
.name("string")
.build())
.securityMacAuthBypass("string")
.securityMode("string")
.securityRedirectUrl("string")
.serviceName("string")
.sflowSampler("string")
.snmpIndex(0)
.speed("string")
.spilloverThreshold(0)
.srcCheck("string")
.status("string")
.stp("string")
.stpHaSecondary("string")
.stpforward("string")
.stpforwardMode("string")
.subst("string")
.substituteDstMac("string")
.swcFirstCreate(0)
.swcVlan(0)
.switch_("string")
.switchControllerAccessVlan("string")
.switchControllerArpInspection("string")
.switchControllerDhcpSnooping("string")
.switchControllerDhcpSnoopingOption82("string")
.switchControllerDhcpSnoopingVerifyMac("string")
.switchControllerDynamic("string")
.switchControllerFeature("string")
.switchControllerIgmpSnooping("string")
.switchControllerIgmpSnoopingFastLeave("string")
.switchControllerIgmpSnoopingProxy("string")
.switchControllerIotScanning("string")
.switchControllerLearningLimit(0)
.switchControllerMgmtVlan(0)
.switchControllerNac("string")
.switchControllerNetflowCollect("string")
.switchControllerOffload("string")
.switchControllerOffloadGw("string")
.switchControllerOffloadIp("string")
.switchControllerRspanMode("string")
.switchControllerSourceIp("string")
.switchControllerTrafficPolicy("string")
.systemId("string")
.systemIdType("string")
.taggings(InterfaceTaggingArgs.builder()
.category("string")
.name("string")
.tags(InterfaceTaggingTagArgs.builder()
.name("string")
.build())
.build())
.tcpMss(0)
.trunk("string")
.trustIp1("string")
.trustIp2("string")
.trustIp3("string")
.trustIp61("string")
.trustIp62("string")
.trustIp63("string")
.type("string")
.username("string")
.vdomparam("string")
.vindex(0)
.vlanProtocol("string")
.vlanforward("string")
.vlanid(0)
.vrf(0)
.vrrpVirtualMac("string")
.vrrps(InterfaceVrrpArgs.builder()
.acceptMode("string")
.advInterval(0)
.ignoreDefaultRoute("string")
.preempt("string")
.priority(0)
.proxyArps(InterfaceVrrpProxyArpArgs.builder()
.id(0)
.ip("string")
.build())
.startTime(0)
.status("string")
.version("string")
.vrdst("string")
.vrdstPriority(0)
.vrgrp(0)
.vrid(0)
.vrip("string")
.build())
.wccp("string")
.weight(0)
.winsIp("string")
.build());
interface_resource = fortios.system.Interface("interfaceResource",
vdom="string",
ac_name="string",
aggregate="string",
aggregate_type="string",
algorithm="string",
alias="string",
allowaccess="string",
ap_discover="string",
arpforward="string",
auth_cert="string",
auth_portal_addr="string",
auth_type="string",
auto_auth_extension_device="string",
autogenerated="string",
bandwidth_measure_time=0,
bfd="string",
bfd_desired_min_tx=0,
bfd_detect_mult=0,
bfd_required_min_rx=0,
broadcast_forticlient_discovery="string",
broadcast_forward="string",
captive_portal=0,
cli_conn_status=0,
client_options=[{
"code": 0,
"id": 0,
"ip": "string",
"type": "string",
"value": "string",
}],
color=0,
dedicated_to="string",
default_purdue_level="string",
defaultgw="string",
description="string",
detected_peer_mtu=0,
detectprotocol="string",
detectserver="string",
device_access_list="string",
device_identification="string",
device_identification_active_scan="string",
device_netscan="string",
device_user_identification="string",
devindex=0,
dhcp_broadcast_flag="string",
dhcp_classless_route_addition="string",
dhcp_client_identifier="string",
dhcp_relay_agent_option="string",
dhcp_relay_allow_no_end_option="string",
dhcp_relay_circuit_id="string",
dhcp_relay_interface="string",
dhcp_relay_interface_select_method="string",
dhcp_relay_ip="string",
dhcp_relay_link_selection="string",
dhcp_relay_request_all_server="string",
dhcp_relay_service="string",
dhcp_relay_source_ip="string",
dhcp_relay_type="string",
dhcp_renew_time=0,
dhcp_smart_relay="string",
dhcp_snooping_server_lists=[{
"name": "string",
"server_ip": "string",
}],
disc_retry_timeout=0,
disconnect_threshold=0,
distance=0,
dns_server_override="string",
dns_server_protocol="string",
drop_fragment="string",
drop_overlapped_fragment="string",
dynamic_sort_subtable="string",
eap_ca_cert="string",
eap_identity="string",
eap_method="string",
eap_password="string",
eap_supplicant="string",
eap_user_cert="string",
egress_shaping_profile="string",
endpoint_compliance="string",
estimated_downstream_bandwidth=0,
estimated_upstream_bandwidth=0,
explicit_ftp_proxy="string",
explicit_web_proxy="string",
external="string",
fail_action_on_extender="string",
fail_alert_interfaces=[{
"name": "string",
}],
fail_alert_method="string",
fail_detect="string",
fail_detect_option="string",
fortiheartbeat="string",
fortilink="string",
fortilink_backup_link=0,
fortilink_neighbor_detect="string",
fortilink_split_interface="string",
fortilink_stacking="string",
forward_domain=0,
forward_error_correction="string",
get_all_tables="string",
gwdetect="string",
ha_priority=0,
icmp_accept_redirect="string",
icmp_send_redirect="string",
ident_accept="string",
idle_timeout=0,
ike_saml_server="string",
inbandwidth=0,
ingress_shaping_profile="string",
ingress_spillover_threshold=0,
interface="string",
internal=0,
ip="string",
ip_managed_by_fortiipam="string",
ipmac="string",
ips_sniffer_mode="string",
ipunnumbered="string",
ipv6={
"autoconf": "string",
"cli_conn6_status": 0,
"dhcp6_client_options": "string",
"dhcp6_iapd_lists": [{
"iaid": 0,
"prefix_hint": "string",
"prefix_hint_plt": 0,
"prefix_hint_vlt": 0,
}],
"dhcp6_information_request": "string",
"dhcp6_prefix_delegation": "string",
"dhcp6_prefix_hint": "string",
"dhcp6_prefix_hint_plt": 0,
"dhcp6_prefix_hint_vlt": 0,
"dhcp6_relay_interface_id": "string",
"dhcp6_relay_ip": "string",
"dhcp6_relay_service": "string",
"dhcp6_relay_source_interface": "string",
"dhcp6_relay_source_ip": "string",
"dhcp6_relay_type": "string",
"icmp6_send_redirect": "string",
"interface_identifier": "string",
"ip6_address": "string",
"ip6_allowaccess": "string",
"ip6_default_life": 0,
"ip6_delegated_prefix_iaid": 0,
"ip6_delegated_prefix_lists": [{
"autonomous_flag": "string",
"delegated_prefix_iaid": 0,
"onlink_flag": "string",
"prefix_id": 0,
"rdnss": "string",
"rdnss_service": "string",
"subnet": "string",
"upstream_interface": "string",
}],
"ip6_dns_server_override": "string",
"ip6_extra_addrs": [{
"prefix": "string",
}],
"ip6_hop_limit": 0,
"ip6_link_mtu": 0,
"ip6_manage_flag": "string",
"ip6_max_interval": 0,
"ip6_min_interval": 0,
"ip6_mode": "string",
"ip6_other_flag": "string",
"ip6_prefix_lists": [{
"autonomous_flag": "string",
"dnssls": [{
"domain": "string",
}],
"onlink_flag": "string",
"preferred_life_time": 0,
"prefix": "string",
"rdnss": "string",
"valid_life_time": 0,
}],
"ip6_prefix_mode": "string",
"ip6_reachable_time": 0,
"ip6_retrans_time": 0,
"ip6_send_adv": "string",
"ip6_subnet": "string",
"ip6_upstream_interface": "string",
"nd_cert": "string",
"nd_cga_modifier": "string",
"nd_mode": "string",
"nd_security_level": 0,
"nd_timestamp_delta": 0,
"nd_timestamp_fuzz": 0,
"ra_send_mtu": "string",
"unique_autoconf_addr": "string",
"vrip6_link_local": "string",
"vrrp6s": [{
"accept_mode": "string",
"adv_interval": 0,
"ignore_default_route": "string",
"preempt": "string",
"priority": 0,
"start_time": 0,
"status": "string",
"vrdst6": "string",
"vrgrp": 0,
"vrid": 0,
"vrip6": "string",
}],
"vrrp_virtual_mac6": "string",
},
l2forward="string",
lacp_ha_secondary="string",
lacp_ha_slave="string",
lacp_mode="string",
lacp_speed="string",
lcp_echo_interval=0,
lcp_max_echo_fails=0,
link_up_delay=0,
lldp_network_policy="string",
lldp_reception="string",
lldp_transmission="string",
macaddr="string",
managed_devices=[{
"name": "string",
}],
managed_subnetwork_size="string",
management_ip="string",
measured_downstream_bandwidth=0,
measured_upstream_bandwidth=0,
mediatype="string",
members=[{
"interface_name": "string",
}],
min_links=0,
min_links_down="string",
mode="string",
monitor_bandwidth="string",
mtu=0,
mtu_override="string",
name="string",
ndiscforward="string",
netbios_forward="string",
netflow_sampler="string",
outbandwidth=0,
padt_retry_timeout=0,
password="string",
ping_serv_status=0,
polling_interval=0,
pppoe_unnumbered_negotiate="string",
pptp_auth_type="string",
pptp_client="string",
pptp_password="string",
pptp_server_ip="string",
pptp_timeout=0,
pptp_user="string",
preserve_session_route="string",
priority=0,
priority_override="string",
proxy_captive_portal="string",
reachable_time=0,
redundant_interface="string",
remote_ip="string",
replacemsg_override_group="string",
ring_rx=0,
ring_tx=0,
role="string",
sample_direction="string",
sample_rate=0,
scan_botnet_connections="string",
secondary_ip="string",
secondaryips=[{
"allowaccess": "string",
"detectprotocol": "string",
"detectserver": "string",
"gwdetect": "string",
"ha_priority": 0,
"id": 0,
"ip": "string",
"ping_serv_status": 0,
"secip_relay_ip": "string",
}],
security_exempt_list="string",
security_external_logout="string",
security_external_web="string",
security_groups=[{
"name": "string",
}],
security_mac_auth_bypass="string",
security_mode="string",
security_redirect_url="string",
service_name="string",
sflow_sampler="string",
snmp_index=0,
speed="string",
spillover_threshold=0,
src_check="string",
status="string",
stp="string",
stp_ha_secondary="string",
stpforward="string",
stpforward_mode="string",
subst="string",
substitute_dst_mac="string",
swc_first_create=0,
swc_vlan=0,
switch="string",
switch_controller_access_vlan="string",
switch_controller_arp_inspection="string",
switch_controller_dhcp_snooping="string",
switch_controller_dhcp_snooping_option82="string",
switch_controller_dhcp_snooping_verify_mac="string",
switch_controller_dynamic="string",
switch_controller_feature="string",
switch_controller_igmp_snooping="string",
switch_controller_igmp_snooping_fast_leave="string",
switch_controller_igmp_snooping_proxy="string",
switch_controller_iot_scanning="string",
switch_controller_learning_limit=0,
switch_controller_mgmt_vlan=0,
switch_controller_nac="string",
switch_controller_netflow_collect="string",
switch_controller_offload="string",
switch_controller_offload_gw="string",
switch_controller_offload_ip="string",
switch_controller_rspan_mode="string",
switch_controller_source_ip="string",
switch_controller_traffic_policy="string",
system_id="string",
system_id_type="string",
taggings=[{
"category": "string",
"name": "string",
"tags": [{
"name": "string",
}],
}],
tcp_mss=0,
trunk="string",
trust_ip1="string",
trust_ip2="string",
trust_ip3="string",
trust_ip61="string",
trust_ip62="string",
trust_ip63="string",
type="string",
username="string",
vdomparam="string",
vindex=0,
vlan_protocol="string",
vlanforward="string",
vlanid=0,
vrf=0,
vrrp_virtual_mac="string",
vrrps=[{
"accept_mode": "string",
"adv_interval": 0,
"ignore_default_route": "string",
"preempt": "string",
"priority": 0,
"proxy_arps": [{
"id": 0,
"ip": "string",
}],
"start_time": 0,
"status": "string",
"version": "string",
"vrdst": "string",
"vrdst_priority": 0,
"vrgrp": 0,
"vrid": 0,
"vrip": "string",
}],
wccp="string",
weight=0,
wins_ip="string")
const interfaceResource = new fortios.system.Interface("interfaceResource", {
vdom: "string",
acName: "string",
aggregate: "string",
aggregateType: "string",
algorithm: "string",
alias: "string",
allowaccess: "string",
apDiscover: "string",
arpforward: "string",
authCert: "string",
authPortalAddr: "string",
authType: "string",
autoAuthExtensionDevice: "string",
autogenerated: "string",
bandwidthMeasureTime: 0,
bfd: "string",
bfdDesiredMinTx: 0,
bfdDetectMult: 0,
bfdRequiredMinRx: 0,
broadcastForticlientDiscovery: "string",
broadcastForward: "string",
captivePortal: 0,
cliConnStatus: 0,
clientOptions: [{
code: 0,
id: 0,
ip: "string",
type: "string",
value: "string",
}],
color: 0,
dedicatedTo: "string",
defaultPurdueLevel: "string",
defaultgw: "string",
description: "string",
detectedPeerMtu: 0,
detectprotocol: "string",
detectserver: "string",
deviceAccessList: "string",
deviceIdentification: "string",
deviceIdentificationActiveScan: "string",
deviceNetscan: "string",
deviceUserIdentification: "string",
devindex: 0,
dhcpBroadcastFlag: "string",
dhcpClasslessRouteAddition: "string",
dhcpClientIdentifier: "string",
dhcpRelayAgentOption: "string",
dhcpRelayAllowNoEndOption: "string",
dhcpRelayCircuitId: "string",
dhcpRelayInterface: "string",
dhcpRelayInterfaceSelectMethod: "string",
dhcpRelayIp: "string",
dhcpRelayLinkSelection: "string",
dhcpRelayRequestAllServer: "string",
dhcpRelayService: "string",
dhcpRelaySourceIp: "string",
dhcpRelayType: "string",
dhcpRenewTime: 0,
dhcpSmartRelay: "string",
dhcpSnoopingServerLists: [{
name: "string",
serverIp: "string",
}],
discRetryTimeout: 0,
disconnectThreshold: 0,
distance: 0,
dnsServerOverride: "string",
dnsServerProtocol: "string",
dropFragment: "string",
dropOverlappedFragment: "string",
dynamicSortSubtable: "string",
eapCaCert: "string",
eapIdentity: "string",
eapMethod: "string",
eapPassword: "string",
eapSupplicant: "string",
eapUserCert: "string",
egressShapingProfile: "string",
endpointCompliance: "string",
estimatedDownstreamBandwidth: 0,
estimatedUpstreamBandwidth: 0,
explicitFtpProxy: "string",
explicitWebProxy: "string",
external: "string",
failActionOnExtender: "string",
failAlertInterfaces: [{
name: "string",
}],
failAlertMethod: "string",
failDetect: "string",
failDetectOption: "string",
fortiheartbeat: "string",
fortilink: "string",
fortilinkBackupLink: 0,
fortilinkNeighborDetect: "string",
fortilinkSplitInterface: "string",
fortilinkStacking: "string",
forwardDomain: 0,
forwardErrorCorrection: "string",
getAllTables: "string",
gwdetect: "string",
haPriority: 0,
icmpAcceptRedirect: "string",
icmpSendRedirect: "string",
identAccept: "string",
idleTimeout: 0,
ikeSamlServer: "string",
inbandwidth: 0,
ingressShapingProfile: "string",
ingressSpilloverThreshold: 0,
"interface": "string",
internal: 0,
ip: "string",
ipManagedByFortiipam: "string",
ipmac: "string",
ipsSnifferMode: "string",
ipunnumbered: "string",
ipv6: {
autoconf: "string",
cliConn6Status: 0,
dhcp6ClientOptions: "string",
dhcp6IapdLists: [{
iaid: 0,
prefixHint: "string",
prefixHintPlt: 0,
prefixHintVlt: 0,
}],
dhcp6InformationRequest: "string",
dhcp6PrefixDelegation: "string",
dhcp6PrefixHint: "string",
dhcp6PrefixHintPlt: 0,
dhcp6PrefixHintVlt: 0,
dhcp6RelayInterfaceId: "string",
dhcp6RelayIp: "string",
dhcp6RelayService: "string",
dhcp6RelaySourceInterface: "string",
dhcp6RelaySourceIp: "string",
dhcp6RelayType: "string",
icmp6SendRedirect: "string",
interfaceIdentifier: "string",
ip6Address: "string",
ip6Allowaccess: "string",
ip6DefaultLife: 0,
ip6DelegatedPrefixIaid: 0,
ip6DelegatedPrefixLists: [{
autonomousFlag: "string",
delegatedPrefixIaid: 0,
onlinkFlag: "string",
prefixId: 0,
rdnss: "string",
rdnssService: "string",
subnet: "string",
upstreamInterface: "string",
}],
ip6DnsServerOverride: "string",
ip6ExtraAddrs: [{
prefix: "string",
}],
ip6HopLimit: 0,
ip6LinkMtu: 0,
ip6ManageFlag: "string",
ip6MaxInterval: 0,
ip6MinInterval: 0,
ip6Mode: "string",
ip6OtherFlag: "string",
ip6PrefixLists: [{
autonomousFlag: "string",
dnssls: [{
domain: "string",
}],
onlinkFlag: "string",
preferredLifeTime: 0,
prefix: "string",
rdnss: "string",
validLifeTime: 0,
}],
ip6PrefixMode: "string",
ip6ReachableTime: 0,
ip6RetransTime: 0,
ip6SendAdv: "string",
ip6Subnet: "string",
ip6UpstreamInterface: "string",
ndCert: "string",
ndCgaModifier: "string",
ndMode: "string",
ndSecurityLevel: 0,
ndTimestampDelta: 0,
ndTimestampFuzz: 0,
raSendMtu: "string",
uniqueAutoconfAddr: "string",
vrip6LinkLocal: "string",
vrrp6s: [{
acceptMode: "string",
advInterval: 0,
ignoreDefaultRoute: "string",
preempt: "string",
priority: 0,
startTime: 0,
status: "string",
vrdst6: "string",
vrgrp: 0,
vrid: 0,
vrip6: "string",
}],
vrrpVirtualMac6: "string",
},
l2forward: "string",
lacpHaSecondary: "string",
lacpHaSlave: "string",
lacpMode: "string",
lacpSpeed: "string",
lcpEchoInterval: 0,
lcpMaxEchoFails: 0,
linkUpDelay: 0,
lldpNetworkPolicy: "string",
lldpReception: "string",
lldpTransmission: "string",
macaddr: "string",
managedDevices: [{
name: "string",
}],
managedSubnetworkSize: "string",
managementIp: "string",
measuredDownstreamBandwidth: 0,
measuredUpstreamBandwidth: 0,
mediatype: "string",
members: [{
interfaceName: "string",
}],
minLinks: 0,
minLinksDown: "string",
mode: "string",
monitorBandwidth: "string",
mtu: 0,
mtuOverride: "string",
name: "string",
ndiscforward: "string",
netbiosForward: "string",
netflowSampler: "string",
outbandwidth: 0,
padtRetryTimeout: 0,
password: "string",
pingServStatus: 0,
pollingInterval: 0,
pppoeUnnumberedNegotiate: "string",
pptpAuthType: "string",
pptpClient: "string",
pptpPassword: "string",
pptpServerIp: "string",
pptpTimeout: 0,
pptpUser: "string",
preserveSessionRoute: "string",
priority: 0,
priorityOverride: "string",
proxyCaptivePortal: "string",
reachableTime: 0,
redundantInterface: "string",
remoteIp: "string",
replacemsgOverrideGroup: "string",
ringRx: 0,
ringTx: 0,
role: "string",
sampleDirection: "string",
sampleRate: 0,
scanBotnetConnections: "string",
secondaryIp: "string",
secondaryips: [{
allowaccess: "string",
detectprotocol: "string",
detectserver: "string",
gwdetect: "string",
haPriority: 0,
id: 0,
ip: "string",
pingServStatus: 0,
secipRelayIp: "string",
}],
securityExemptList: "string",
securityExternalLogout: "string",
securityExternalWeb: "string",
securityGroups: [{
name: "string",
}],
securityMacAuthBypass: "string",
securityMode: "string",
securityRedirectUrl: "string",
serviceName: "string",
sflowSampler: "string",
snmpIndex: 0,
speed: "string",
spilloverThreshold: 0,
srcCheck: "string",
status: "string",
stp: "string",
stpHaSecondary: "string",
stpforward: "string",
stpforwardMode: "string",
subst: "string",
substituteDstMac: "string",
swcFirstCreate: 0,
swcVlan: 0,
"switch": "string",
switchControllerAccessVlan: "string",
switchControllerArpInspection: "string",
switchControllerDhcpSnooping: "string",
switchControllerDhcpSnoopingOption82: "string",
switchControllerDhcpSnoopingVerifyMac: "string",
switchControllerDynamic: "string",
switchControllerFeature: "string",
switchControllerIgmpSnooping: "string",
switchControllerIgmpSnoopingFastLeave: "string",
switchControllerIgmpSnoopingProxy: "string",
switchControllerIotScanning: "string",
switchControllerLearningLimit: 0,
switchControllerMgmtVlan: 0,
switchControllerNac: "string",
switchControllerNetflowCollect: "string",
switchControllerOffload: "string",
switchControllerOffloadGw: "string",
switchControllerOffloadIp: "string",
switchControllerRspanMode: "string",
switchControllerSourceIp: "string",
switchControllerTrafficPolicy: "string",
systemId: "string",
systemIdType: "string",
taggings: [{
category: "string",
name: "string",
tags: [{
name: "string",
}],
}],
tcpMss: 0,
trunk: "string",
trustIp1: "string",
trustIp2: "string",
trustIp3: "string",
trustIp61: "string",
trustIp62: "string",
trustIp63: "string",
type: "string",
username: "string",
vdomparam: "string",
vindex: 0,
vlanProtocol: "string",
vlanforward: "string",
vlanid: 0,
vrf: 0,
vrrpVirtualMac: "string",
vrrps: [{
acceptMode: "string",
advInterval: 0,
ignoreDefaultRoute: "string",
preempt: "string",
priority: 0,
proxyArps: [{
id: 0,
ip: "string",
}],
startTime: 0,
status: "string",
version: "string",
vrdst: "string",
vrdstPriority: 0,
vrgrp: 0,
vrid: 0,
vrip: "string",
}],
wccp: "string",
weight: 0,
winsIp: "string",
});
type: fortios:system:Interface
properties:
acName: string
aggregate: string
aggregateType: string
algorithm: string
alias: string
allowaccess: string
apDiscover: string
arpforward: string
authCert: string
authPortalAddr: string
authType: string
autoAuthExtensionDevice: string
autogenerated: string
bandwidthMeasureTime: 0
bfd: string
bfdDesiredMinTx: 0
bfdDetectMult: 0
bfdRequiredMinRx: 0
broadcastForticlientDiscovery: string
broadcastForward: string
captivePortal: 0
cliConnStatus: 0
clientOptions:
- code: 0
id: 0
ip: string
type: string
value: string
color: 0
dedicatedTo: string
defaultPurdueLevel: string
defaultgw: string
description: string
detectedPeerMtu: 0
detectprotocol: string
detectserver: string
deviceAccessList: string
deviceIdentification: string
deviceIdentificationActiveScan: string
deviceNetscan: string
deviceUserIdentification: string
devindex: 0
dhcpBroadcastFlag: string
dhcpClasslessRouteAddition: string
dhcpClientIdentifier: string
dhcpRelayAgentOption: string
dhcpRelayAllowNoEndOption: string
dhcpRelayCircuitId: string
dhcpRelayInterface: string
dhcpRelayInterfaceSelectMethod: string
dhcpRelayIp: string
dhcpRelayLinkSelection: string
dhcpRelayRequestAllServer: string
dhcpRelayService: string
dhcpRelaySourceIp: string
dhcpRelayType: string
dhcpRenewTime: 0
dhcpSmartRelay: string
dhcpSnoopingServerLists:
- name: string
serverIp: string
discRetryTimeout: 0
disconnectThreshold: 0
distance: 0
dnsServerOverride: string
dnsServerProtocol: string
dropFragment: string
dropOverlappedFragment: string
dynamicSortSubtable: string
eapCaCert: string
eapIdentity: string
eapMethod: string
eapPassword: string
eapSupplicant: string
eapUserCert: string
egressShapingProfile: string
endpointCompliance: string
estimatedDownstreamBandwidth: 0
estimatedUpstreamBandwidth: 0
explicitFtpProxy: string
explicitWebProxy: string
external: string
failActionOnExtender: string
failAlertInterfaces:
- name: string
failAlertMethod: string
failDetect: string
failDetectOption: string
fortiheartbeat: string
fortilink: string
fortilinkBackupLink: 0
fortilinkNeighborDetect: string
fortilinkSplitInterface: string
fortilinkStacking: string
forwardDomain: 0
forwardErrorCorrection: string
getAllTables: string
gwdetect: string
haPriority: 0
icmpAcceptRedirect: string
icmpSendRedirect: string
identAccept: string
idleTimeout: 0
ikeSamlServer: string
inbandwidth: 0
ingressShapingProfile: string
ingressSpilloverThreshold: 0
interface: string
internal: 0
ip: string
ipManagedByFortiipam: string
ipmac: string
ipsSnifferMode: string
ipunnumbered: string
ipv6:
autoconf: string
cliConn6Status: 0
dhcp6ClientOptions: string
dhcp6IapdLists:
- iaid: 0
prefixHint: string
prefixHintPlt: 0
prefixHintVlt: 0
dhcp6InformationRequest: string
dhcp6PrefixDelegation: string
dhcp6PrefixHint: string
dhcp6PrefixHintPlt: 0
dhcp6PrefixHintVlt: 0
dhcp6RelayInterfaceId: string
dhcp6RelayIp: string
dhcp6RelayService: string
dhcp6RelaySourceInterface: string
dhcp6RelaySourceIp: string
dhcp6RelayType: string
icmp6SendRedirect: string
interfaceIdentifier: string
ip6Address: string
ip6Allowaccess: string
ip6DefaultLife: 0
ip6DelegatedPrefixIaid: 0
ip6DelegatedPrefixLists:
- autonomousFlag: string
delegatedPrefixIaid: 0
onlinkFlag: string
prefixId: 0
rdnss: string
rdnssService: string
subnet: string
upstreamInterface: string
ip6DnsServerOverride: string
ip6ExtraAddrs:
- prefix: string
ip6HopLimit: 0
ip6LinkMtu: 0
ip6ManageFlag: string
ip6MaxInterval: 0
ip6MinInterval: 0
ip6Mode: string
ip6OtherFlag: string
ip6PrefixLists:
- autonomousFlag: string
dnssls:
- domain: string
onlinkFlag: string
preferredLifeTime: 0
prefix: string
rdnss: string
validLifeTime: 0
ip6PrefixMode: string
ip6ReachableTime: 0
ip6RetransTime: 0
ip6SendAdv: string
ip6Subnet: string
ip6UpstreamInterface: string
ndCert: string
ndCgaModifier: string
ndMode: string
ndSecurityLevel: 0
ndTimestampDelta: 0
ndTimestampFuzz: 0
raSendMtu: string
uniqueAutoconfAddr: string
vrip6LinkLocal: string
vrrp6s:
- acceptMode: string
advInterval: 0
ignoreDefaultRoute: string
preempt: string
priority: 0
startTime: 0
status: string
vrdst6: string
vrgrp: 0
vrid: 0
vrip6: string
vrrpVirtualMac6: string
l2forward: string
lacpHaSecondary: string
lacpHaSlave: string
lacpMode: string
lacpSpeed: string
lcpEchoInterval: 0
lcpMaxEchoFails: 0
linkUpDelay: 0
lldpNetworkPolicy: string
lldpReception: string
lldpTransmission: string
macaddr: string
managedDevices:
- name: string
managedSubnetworkSize: string
managementIp: string
measuredDownstreamBandwidth: 0
measuredUpstreamBandwidth: 0
mediatype: string
members:
- interfaceName: string
minLinks: 0
minLinksDown: string
mode: string
monitorBandwidth: string
mtu: 0
mtuOverride: string
name: string
ndiscforward: string
netbiosForward: string
netflowSampler: string
outbandwidth: 0
padtRetryTimeout: 0
password: string
pingServStatus: 0
pollingInterval: 0
pppoeUnnumberedNegotiate: string
pptpAuthType: string
pptpClient: string
pptpPassword: string
pptpServerIp: string
pptpTimeout: 0
pptpUser: string
preserveSessionRoute: string
priority: 0
priorityOverride: string
proxyCaptivePortal: string
reachableTime: 0
redundantInterface: string
remoteIp: string
replacemsgOverrideGroup: string
ringRx: 0
ringTx: 0
role: string
sampleDirection: string
sampleRate: 0
scanBotnetConnections: string
secondaryIp: string
secondaryips:
- allowaccess: string
detectprotocol: string
detectserver: string
gwdetect: string
haPriority: 0
id: 0
ip: string
pingServStatus: 0
secipRelayIp: string
securityExemptList: string
securityExternalLogout: string
securityExternalWeb: string
securityGroups:
- name: string
securityMacAuthBypass: string
securityMode: string
securityRedirectUrl: string
serviceName: string
sflowSampler: string
snmpIndex: 0
speed: string
spilloverThreshold: 0
srcCheck: string
status: string
stp: string
stpHaSecondary: string
stpforward: string
stpforwardMode: string
subst: string
substituteDstMac: string
swcFirstCreate: 0
swcVlan: 0
switch: string
switchControllerAccessVlan: string
switchControllerArpInspection: string
switchControllerDhcpSnooping: string
switchControllerDhcpSnoopingOption82: string
switchControllerDhcpSnoopingVerifyMac: string
switchControllerDynamic: string
switchControllerFeature: string
switchControllerIgmpSnooping: string
switchControllerIgmpSnoopingFastLeave: string
switchControllerIgmpSnoopingProxy: string
switchControllerIotScanning: string
switchControllerLearningLimit: 0
switchControllerMgmtVlan: 0
switchControllerNac: string
switchControllerNetflowCollect: string
switchControllerOffload: string
switchControllerOffloadGw: string
switchControllerOffloadIp: string
switchControllerRspanMode: string
switchControllerSourceIp: string
switchControllerTrafficPolicy: string
systemId: string
systemIdType: string
taggings:
- category: string
name: string
tags:
- name: string
tcpMss: 0
trunk: string
trustIp1: string
trustIp2: string
trustIp3: string
trustIp61: string
trustIp62: string
trustIp63: string
type: string
username: string
vdom: string
vdomparam: string
vindex: 0
vlanProtocol: string
vlanforward: string
vlanid: 0
vrf: 0
vrrpVirtualMac: string
vrrps:
- acceptMode: string
advInterval: 0
ignoreDefaultRoute: string
preempt: string
priority: 0
proxyArps:
- id: 0
ip: string
startTime: 0
status: string
version: string
vrdst: string
vrdstPriority: 0
vrgrp: 0
vrid: 0
vrip: string
wccp: string
weight: 0
winsIp: string
Interface Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Interface resource accepts the following input properties:
- Vdom string
- Interface is in this virtual domain (VDOM).
- Ac
Name string - PPPoE server name.
- Aggregate string
- Aggregate interface.
- Aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - Algorithm string
- Frame distribution algorithm.
- Alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- Allowaccess string
- Permitted types of management access to this interface.
- Ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - Arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - Autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- Bandwidth
Measure intTime - Bandwidth measure time
- Bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval.
- Bfd
Detect intMult - BFD detection multiplier.
- Bfd
Required intMin Rx - BFD required minimal receive interval.
- Broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - Broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - Captive
Portal int - Enable/disable captive portal.
- Cli
Conn intStatus - CLI connection status.
- Client
Options List<Pulumiverse.Fortios. System. Inputs. Interface Client Option> - DHCP client options. The structure of
client_options
block is documented below. - Color int
- Color of icon on the GUI.
- Data string
- Interface name.
- Dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - Default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - Defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - Description string
- Description.
- Detected
Peer intMtu - MTU of detected peer (0 - 4294967295).
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Device
Access stringList - Device access list.
- Device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - Device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - Devindex int
- Device Index.
- Dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - Dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - Dhcp
Client stringIdentifier - DHCP client identifier.
- Dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - Dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - Dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- Dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- Dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Relay stringIp - DHCP relay IP address.
- Dhcp
Relay stringLink Selection - DHCP relay link selection.
- Dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - Dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - Dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- Dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - Dhcp
Renew intTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- Dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - Dhcp
Snooping List<Pulumiverse.Server Lists Fortios. System. Inputs. Interface Dhcp Snooping Server List> - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - Disc
Retry intTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- Disconnect
Threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- Distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- Dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - Dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - Drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - Drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Eap
Ca stringCert - EAP CA certificate name.
- Eap
Identity string - EAP identity.
- Eap
Method string - EAP method. Valid values:
tls
,peap
. - Eap
Password string - EAP password.
- Eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - Eap
User stringCert - EAP user certificate name.
- Egress
Shaping stringProfile - Outgoing traffic shaping profile.
- Endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - Estimated
Downstream intBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- Estimated
Upstream intBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- Explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - Explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - External string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - Fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - Fail
Alert List<Pulumiverse.Interfaces Fortios. System. Inputs. Interface Fail Alert Interface> - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - Fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - Fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - Fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - Fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - Fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - Fortilink
Backup intLink - fortilink split interface backup link.
- Fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - Fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - Fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - Forward
Domain int - Transparent mode forward domain.
- Forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - Icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - Ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - Idle
Timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- Ike
Saml stringServer - Configure IKE authentication SAML server.
- Inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Ingress
Shaping stringProfile - Incoming traffic shaping profile.
- Ingress
Spillover intThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Internal int
- Implicitly created.
- Ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- Ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- Ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - Ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - Ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- Ipv6
Pulumiverse.
Fortios. System. Inputs. Interface Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - L2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - Lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - Lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - Lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - Lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - Lcp
Echo intInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- Lcp
Max intEcho Fails - Maximum missed LCP echo messages before disconnect.
- Link
Up intDelay - Number of milliseconds to wait before considering a link is up.
- Lldp
Network stringPolicy - LLDP-MED network policy profile.
- Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - Macaddr string
- Change the interface's MAC address.
- Managed
Devices List<Pulumiverse.Fortios. System. Inputs. Interface Managed Device> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - Managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- Management
Ip string - High Availability in-band management IP address of this interface.
- Measured
Downstream intBandwidth - Measured downstream bandwidth (kbps).
- Measured
Upstream intBandwidth - Measured upstream bandwidth (kbps).
- Mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - Members
List<Pulumiverse.
Fortios. System. Inputs. Interface Member> - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - Min
Links int - Minimum number of aggregated ports that must be up.
- Min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - Mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - Monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - Mtu int
- MTU value for this interface.
- Mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - Name string
- Name.
- Ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - Netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - Netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - Outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Padt
Retry intTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- Password string
- PPPoE account's password.
- Ping
Serv intStatus - PING server status.
- Polling
Interval int - sFlow polling interval in seconds (1 - 255).
- Pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - Pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - Pptp
Password string - PPTP password.
- Pptp
Server stringIp - PPTP server IP address.
- Pptp
Timeout int - Idle timer in minutes (0 for disabled).
- Pptp
User string - PPTP user name.
- Preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - Priority int
- Priority of learned routes.
- Priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - Proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - Reachable
Time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- Redundant
Interface string - Redundant interface.
- Remote
Ip string - Remote IP address of tunnel.
- Replacemsg
Override stringGroup - Replacement message override group.
- Ring
Rx int - RX ring size.
- Ring
Tx int - TX ring size.
- Role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - Sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - Sample
Rate int - sFlow sample rate (10 - 99999).
- Scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - Secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - Secondaryips
List<Pulumiverse.
Fortios. System. Inputs. Interface Secondaryip> - Second IP address of interface. The structure of
secondaryip
block is documented below. - Security
Exempt stringList - Name of security-exempt-list.
- Security
External stringLogout - URL of external authentication logout server.
- Security
External stringWeb - URL of external authentication web server.
- Security
Groups List<Pulumiverse.Fortios. System. Inputs. Interface Security Group> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - Security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - Security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - Security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- Service
Name string - PPPoE service name.
- Sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - Snmp
Index int - Permanent SNMP Index of the interface.
- Speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- Spillover
Threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Stp string
- Enable/disable STP. Valid values:
disable
,enable
. - Stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - Stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - Stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - Subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - Substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- Swc
First intCreate - Initial create for switch-controller VLANs.
- Swc
Vlan int - Creation status for switch-controller VLANs.
- Switch string
- Contained in switch.
- Switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - Switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- Switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - Switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- Switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- Switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - Switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - Switch
Controller intLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- Switch
Controller intMgmt Vlan - VLAN to use for FortiLink management purposes.
- Switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- Switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - Switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - Switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - Switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- Switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - Switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - Switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- System
Id string - Define a system ID for the aggregate interface.
- System
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - Taggings
List<Pulumiverse.
Fortios. System. Inputs. Interface Tagging> - Config object tagging. The structure of
tagging
block is documented below. - Tcp
Mss int - TCP maximum segment size. 0 means do not change segment size.
- Trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - Trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Type string
- Interface type.
- Username string
- Username of the PPPoE account, provided by your ISP.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vindex int
- Switch control interface VLAN ID.
- Vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - Vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - Vlanid int
- VLAN ID (1 - 4094).
- Vrf int
- Virtual Routing Forwarding ID.
- Vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - Vrrps
List<Pulumiverse.
Fortios. System. Inputs. Interface Vrrp> - VRRP configuration. The structure of
vrrp
block is documented below. - Wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - Weight int
- Default weight for static routes (if route has no weight configured).
- Wins
Ip string - WINS server IP.
- Vdom string
- Interface is in this virtual domain (VDOM).
- Ac
Name string - PPPoE server name.
- Aggregate string
- Aggregate interface.
- Aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - Algorithm string
- Frame distribution algorithm.
- Alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- Allowaccess string
- Permitted types of management access to this interface.
- Ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - Arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - Autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- Bandwidth
Measure intTime - Bandwidth measure time
- Bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval.
- Bfd
Detect intMult - BFD detection multiplier.
- Bfd
Required intMin Rx - BFD required minimal receive interval.
- Broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - Broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - Captive
Portal int - Enable/disable captive portal.
- Cli
Conn intStatus - CLI connection status.
- Client
Options []InterfaceClient Option Args - DHCP client options. The structure of
client_options
block is documented below. - Color int
- Color of icon on the GUI.
- Dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - Default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - Defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - Description string
- Description.
- Detected
Peer intMtu - MTU of detected peer (0 - 4294967295).
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Device
Access stringList - Device access list.
- Device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - Device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - Devindex int
- Device Index.
- Dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - Dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - Dhcp
Client stringIdentifier - DHCP client identifier.
- Dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - Dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - Dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- Dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- Dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Relay stringIp - DHCP relay IP address.
- Dhcp
Relay stringLink Selection - DHCP relay link selection.
- Dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - Dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - Dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- Dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - Dhcp
Renew intTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- Dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - Dhcp
Snooping []InterfaceServer Lists Dhcp Snooping Server List Args - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - Disc
Retry intTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- Disconnect
Threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- Distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- Dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - Dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - Drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - Drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Eap
Ca stringCert - EAP CA certificate name.
- Eap
Identity string - EAP identity.
- Eap
Method string - EAP method. Valid values:
tls
,peap
. - Eap
Password string - EAP password.
- Eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - Eap
User stringCert - EAP user certificate name.
- Egress
Shaping stringProfile - Outgoing traffic shaping profile.
- Endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - Estimated
Downstream intBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- Estimated
Upstream intBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- Explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - Explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - External string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - Fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - Fail
Alert []InterfaceInterfaces Fail Alert Interface Args - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - Fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - Fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - Fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - Fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - Fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - Fortilink
Backup intLink - fortilink split interface backup link.
- Fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - Fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - Fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - Forward
Domain int - Transparent mode forward domain.
- Forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - Icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - Ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - Idle
Timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- Ike
Saml stringServer - Configure IKE authentication SAML server.
- Inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Ingress
Shaping stringProfile - Incoming traffic shaping profile.
- Ingress
Spillover intThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Interface string
- Interface name.
- Internal int
- Implicitly created.
- Ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- Ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- Ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - Ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - Ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- Ipv6
Interface
Ipv6Args - IPv6 of interface. The structure of
ipv6
block is documented below. - L2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - Lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - Lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - Lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - Lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - Lcp
Echo intInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- Lcp
Max intEcho Fails - Maximum missed LCP echo messages before disconnect.
- Link
Up intDelay - Number of milliseconds to wait before considering a link is up.
- Lldp
Network stringPolicy - LLDP-MED network policy profile.
- Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - Macaddr string
- Change the interface's MAC address.
- Managed
Devices []InterfaceManaged Device Args - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - Managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- Management
Ip string - High Availability in-band management IP address of this interface.
- Measured
Downstream intBandwidth - Measured downstream bandwidth (kbps).
- Measured
Upstream intBandwidth - Measured upstream bandwidth (kbps).
- Mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - Members
[]Interface
Member Args - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - Min
Links int - Minimum number of aggregated ports that must be up.
- Min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - Mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - Monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - Mtu int
- MTU value for this interface.
- Mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - Name string
- Name.
- Ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - Netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - Netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - Outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Padt
Retry intTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- Password string
- PPPoE account's password.
- Ping
Serv intStatus - PING server status.
- Polling
Interval int - sFlow polling interval in seconds (1 - 255).
- Pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - Pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - Pptp
Password string - PPTP password.
- Pptp
Server stringIp - PPTP server IP address.
- Pptp
Timeout int - Idle timer in minutes (0 for disabled).
- Pptp
User string - PPTP user name.
- Preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - Priority int
- Priority of learned routes.
- Priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - Proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - Reachable
Time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- Redundant
Interface string - Redundant interface.
- Remote
Ip string - Remote IP address of tunnel.
- Replacemsg
Override stringGroup - Replacement message override group.
- Ring
Rx int - RX ring size.
- Ring
Tx int - TX ring size.
- Role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - Sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - Sample
Rate int - sFlow sample rate (10 - 99999).
- Scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - Secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - Secondaryips
[]Interface
Secondaryip Args - Second IP address of interface. The structure of
secondaryip
block is documented below. - Security
Exempt stringList - Name of security-exempt-list.
- Security
External stringLogout - URL of external authentication logout server.
- Security
External stringWeb - URL of external authentication web server.
- Security
Groups []InterfaceSecurity Group Args - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - Security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - Security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - Security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- Service
Name string - PPPoE service name.
- Sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - Snmp
Index int - Permanent SNMP Index of the interface.
- Speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- Spillover
Threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Stp string
- Enable/disable STP. Valid values:
disable
,enable
. - Stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - Stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - Stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - Subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - Substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- Swc
First intCreate - Initial create for switch-controller VLANs.
- Swc
Vlan int - Creation status for switch-controller VLANs.
- Switch string
- Contained in switch.
- Switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - Switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- Switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - Switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- Switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- Switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - Switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - Switch
Controller intLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- Switch
Controller intMgmt Vlan - VLAN to use for FortiLink management purposes.
- Switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- Switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - Switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - Switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - Switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- Switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - Switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - Switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- System
Id string - Define a system ID for the aggregate interface.
- System
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - Taggings
[]Interface
Tagging Args - Config object tagging. The structure of
tagging
block is documented below. - Tcp
Mss int - TCP maximum segment size. 0 means do not change segment size.
- Trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - Trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Type string
- Interface type.
- Username string
- Username of the PPPoE account, provided by your ISP.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vindex int
- Switch control interface VLAN ID.
- Vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - Vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - Vlanid int
- VLAN ID (1 - 4094).
- Vrf int
- Virtual Routing Forwarding ID.
- Vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - Vrrps
[]Interface
Vrrp Args - VRRP configuration. The structure of
vrrp
block is documented below. - Wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - Weight int
- Default weight for static routes (if route has no weight configured).
- Wins
Ip string - WINS server IP.
- vdom String
- Interface is in this virtual domain (VDOM).
- ac
Name String - PPPoE server name.
- aggregate String
- Aggregate interface.
- aggregate
Type String - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm String
- Frame distribution algorithm.
- alias String
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess String
- Permitted types of management access to this interface.
- ap
Discover String - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward String
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- auth
Type String - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth StringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated String
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure IntegerTime - Bandwidth measure time
- bfd String
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired IntegerMin Tx - BFD desired minimal transmit interval.
- bfd
Detect IntegerMult - BFD detection multiplier.
- bfd
Required IntegerMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient StringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward String - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal Integer - Enable/disable captive portal.
- cli
Conn IntegerStatus - CLI connection status.
- client
Options List<InterfaceClient Option> - DHCP client options. The structure of
client_options
block is documented below. - color Integer
- Color of icon on the GUI.
- dedicated
To String - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue StringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw String
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description String
- Description.
- detected
Peer IntegerMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- device
Access StringList - Device access list.
- device
Identification String - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification StringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan String - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User StringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex Integer
- Device Index.
- dhcp
Broadcast StringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless StringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client StringIdentifier - DHCP client identifier.
- dhcp
Relay StringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay StringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay StringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay StringInterface - Specify outgoing interface to reach server.
- dhcp
Relay StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay StringIp - DHCP relay IP address.
- dhcp
Relay StringLink Selection - DHCP relay link selection.
- dhcp
Relay StringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay StringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay StringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay StringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew IntegerTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart StringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping List<InterfaceServer Lists Dhcp Snooping Server List> - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry IntegerTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold Integer - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance Integer
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server StringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server StringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment String - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped StringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca StringCert - EAP CA certificate name.
- eap
Identity String - EAP identity.
- eap
Method String - EAP method. Valid values:
tls
,peap
. - eap
Password String - EAP password.
- eap
Supplicant String - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User StringCert - EAP user certificate name.
- egress
Shaping StringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance String - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream IntegerBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream IntegerBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp StringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web StringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external String
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action StringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert List<InterfaceInterfaces Fail Alert Interface> - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert StringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect String - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect StringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat String
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink String
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup IntegerLink - fortilink split interface backup link.
- fortilink
Neighbor StringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split StringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking String - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain Integer - Transparent mode forward domain.
- forward
Error StringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Integer - HA election priority for the PING server.
- icmp
Accept StringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send StringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept String - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout Integer - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml StringServer - Configure IKE authentication SAML server.
- inbandwidth Integer
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping StringProfile - Incoming traffic shaping profile.
- ingress
Spillover IntegerThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface_ String
- Interface name.
- internal Integer
- Implicitly created.
- ip String
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed StringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac String
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer StringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered String
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward String
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha StringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha StringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode String - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed String - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo IntegerInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max IntegerEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up IntegerDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network StringPolicy - LLDP-MED network policy profile.
- lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr String
- Change the interface's MAC address.
- managed
Devices List<InterfaceManaged Device> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork StringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip String - High Availability in-band management IP address of this interface.
- measured
Downstream IntegerBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream IntegerBandwidth - Measured upstream bandwidth (kbps).
- mediatype String
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
List<Interface
Member> - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links Integer - Minimum number of aggregated ports that must be up.
- min
Links StringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode String
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth String - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu Integer
- MTU value for this interface.
- mtu
Override String - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name String
- Name.
- ndiscforward String
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward String - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler String - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth Integer
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry IntegerTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password String
- PPPoE account's password.
- ping
Serv IntegerStatus - PING server status.
- polling
Interval Integer - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered StringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth StringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client String - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password String - PPTP password.
- pptp
Server StringIp - PPTP server IP address.
- pptp
Timeout Integer - Idle timer in minutes (0 for disabled).
- pptp
User String - PPTP user name.
- preserve
Session StringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority Integer
- Priority of learned routes.
- priority
Override String - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive StringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time Integer - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface String - Redundant interface.
- remote
Ip String - Remote IP address of tunnel.
- replacemsg
Override StringGroup - Replacement message override group.
- ring
Rx Integer - RX ring size.
- ring
Tx Integer - TX ring size.
- role String
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction String - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate Integer - sFlow sample rate (10 - 99999).
- scan
Botnet StringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip String - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
List<Interface
Secondaryip> - Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt StringList - Name of security-exempt-list.
- security
External StringLogout - URL of external authentication logout server.
- security
External StringWeb - URL of external authentication web server.
- security
Groups List<InterfaceSecurity Group> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac StringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode String - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect StringUrl - URL redirection after disclaimer/authentication.
- service
Name String - PPPoE service name.
- sflow
Sampler String - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index Integer - Permanent SNMP Index of the interface.
- speed String
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold Integer - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check String - Enable/disable source IP check. Valid values:
enable
,disable
. - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp String
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha StringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward String
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode String - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst String
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst StringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First IntegerCreate - Initial create for switch-controller VLANs.
- swc
Vlan Integer - Creation status for switch-controller VLANs.
- switch
Controller StringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller StringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller StringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller StringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller StringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller StringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller StringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller IntegerLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller IntegerMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller StringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller StringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller StringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller StringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller StringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller StringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller StringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller StringTraffic Policy - Switch controller traffic policy for the VLAN.
- switch_ String
- Contained in switch.
- system
Id String - Define a system ID for the aggregate interface.
- system
Id StringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
List<Interface
Tagging> - Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss Integer - TCP maximum segment size. 0 means do not change segment size.
- trunk String
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type String
- Interface type.
- username String
- Username of the PPPoE account, provided by your ISP.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex Integer
- Switch control interface VLAN ID.
- vlan
Protocol String - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward String
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid Integer
- VLAN ID (1 - 4094).
- vrf Integer
- Virtual Routing Forwarding ID.
- vrrp
Virtual StringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
List<Interface
Vrrp> - VRRP configuration. The structure of
vrrp
block is documented below. - wccp String
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight Integer
- Default weight for static routes (if route has no weight configured).
- wins
Ip String - WINS server IP.
- vdom string
- Interface is in this virtual domain (VDOM).
- ac
Name string - PPPoE server name.
- aggregate string
- Aggregate interface.
- aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm string
- Frame distribution algorithm.
- alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess string
- Permitted types of management access to this interface.
- ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure numberTime - Bandwidth measure time
- bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired numberMin Tx - BFD desired minimal transmit interval.
- bfd
Detect numberMult - BFD detection multiplier.
- bfd
Required numberMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal number - Enable/disable captive portal.
- cli
Conn numberStatus - CLI connection status.
- client
Options InterfaceClient Option[] - DHCP client options. The structure of
client_options
block is documented below. - color number
- Color of icon on the GUI.
- dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description string
- Description.
- detected
Peer numberMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver string
- Gateway's ping server for this IP.
- device
Access stringList - Device access list.
- device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex number
- Device Index.
- dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client stringIdentifier - DHCP client identifier.
- dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay stringIp - DHCP relay IP address.
- dhcp
Relay stringLink Selection - DHCP relay link selection.
- dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew numberTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping InterfaceServer Lists Dhcp Snooping Server List[] - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry numberTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold number - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance number
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca stringCert - EAP CA certificate name.
- eap
Identity string - EAP identity.
- eap
Method string - EAP method. Valid values:
tls
,peap
. - eap
Password string - EAP password.
- eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User stringCert - EAP user certificate name.
- egress
Shaping stringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream numberBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream numberBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert InterfaceInterfaces Fail Alert Interface[] - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup numberLink - fortilink split interface backup link.
- fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain number - Transparent mode forward domain.
- forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority number - HA election priority for the PING server.
- icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout number - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml stringServer - Configure IKE authentication SAML server.
- inbandwidth number
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping stringProfile - Incoming traffic shaping profile.
- ingress
Spillover numberThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface string
- Interface name.
- internal number
- Implicitly created.
- ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo numberInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max numberEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up numberDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network stringPolicy - LLDP-MED network policy profile.
- lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr string
- Change the interface's MAC address.
- managed
Devices InterfaceManaged Device[] - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip string - High Availability in-band management IP address of this interface.
- measured
Downstream numberBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream numberBandwidth - Measured upstream bandwidth (kbps).
- mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
Interface
Member[] - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links number - Minimum number of aggregated ports that must be up.
- min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu number
- MTU value for this interface.
- mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name string
- Name.
- ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth number
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry numberTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password string
- PPPoE account's password.
- ping
Serv numberStatus - PING server status.
- polling
Interval number - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password string - PPTP password.
- pptp
Server stringIp - PPTP server IP address.
- pptp
Timeout number - Idle timer in minutes (0 for disabled).
- pptp
User string - PPTP user name.
- preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority number
- Priority of learned routes.
- priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time number - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface string - Redundant interface.
- remote
Ip string - Remote IP address of tunnel.
- replacemsg
Override stringGroup - Replacement message override group.
- ring
Rx number - RX ring size.
- ring
Tx number - TX ring size.
- role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate number - sFlow sample rate (10 - 99999).
- scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
Interface
Secondaryip[] - Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt stringList - Name of security-exempt-list.
- security
External stringLogout - URL of external authentication logout server.
- security
External stringWeb - URL of external authentication web server.
- security
Groups InterfaceSecurity Group[] - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- service
Name string - PPPoE service name.
- sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index number - Permanent SNMP Index of the interface.
- speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold number - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp string
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First numberCreate - Initial create for switch-controller VLANs.
- swc
Vlan number - Creation status for switch-controller VLANs.
- switch string
- Contained in switch.
- switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller numberLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller numberMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- system
Id string - Define a system ID for the aggregate interface.
- system
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
Interface
Tagging[] - Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss number - TCP maximum segment size. 0 means do not change segment size.
- trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type string
- Interface type.
- username string
- Username of the PPPoE account, provided by your ISP.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex number
- Switch control interface VLAN ID.
- vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid number
- VLAN ID (1 - 4094).
- vrf number
- Virtual Routing Forwarding ID.
- vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
Interface
Vrrp[] - VRRP configuration. The structure of
vrrp
block is documented below. - wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight number
- Default weight for static routes (if route has no weight configured).
- wins
Ip string - WINS server IP.
- vdom str
- Interface is in this virtual domain (VDOM).
- ac_
name str - PPPoE server name.
- aggregate str
- Aggregate interface.
- aggregate_
type str - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm str
- Frame distribution algorithm.
- alias str
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess str
- Permitted types of management access to this interface.
- ap_
discover str - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward str
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- auth_
type str - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto_
auth_ strextension_ device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated str
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth_
measure_ inttime - Bandwidth measure time
- bfd str
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd_
desired_ intmin_ tx - BFD desired minimal transmit interval.
- bfd_
detect_ intmult - BFD detection multiplier.
- bfd_
required_ intmin_ rx - BFD required minimal receive interval.
- broadcast_
forticlient_ strdiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast_
forward str - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive_
portal int - Enable/disable captive portal.
- cli_
conn_ intstatus - CLI connection status.
- client_
options Sequence[InterfaceClient Option Args] - DHCP client options. The structure of
client_options
block is documented below. - color int
- Color of icon on the GUI.
- dedicated_
to str - Configure interface for single purpose. Valid values:
none
,management
. - default_
purdue_ strlevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw str
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description str
- Description.
- detected_
peer_ intmtu - MTU of detected peer (0 - 4294967295).
- detectprotocol str
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver str
- Gateway's ping server for this IP.
- device_
access_ strlist - Device access list.
- device_
identification str - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device_
identification_ stractive_ scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device_
netscan str - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device_
user_ stridentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex int
- Device Index.
- dhcp_
broadcast_ strflag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp_
classless_ strroute_ addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp_
client_ stridentifier - DHCP client identifier.
- dhcp_
relay_ stragent_ option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp_
relay_ strallow_ no_ end_ option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp_
relay_ strcircuit_ id - DHCP relay circuit ID.
- dhcp_
relay_ strinterface - Specify outgoing interface to reach server.
- dhcp_
relay_ strinterface_ select_ method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp_
relay_ strip - DHCP relay IP address.
- dhcp_
relay_ strlink_ selection - DHCP relay link selection.
- dhcp_
relay_ strrequest_ all_ server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp_
relay_ strservice - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp_
relay_ strsource_ ip - IP address used by the DHCP relay as its source IP.
- dhcp_
relay_ strtype - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp_
renew_ inttime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp_
smart_ strrelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp_
snooping_ Sequence[Interfaceserver_ lists Dhcp Snooping Server List Args] - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc_
retry_ inttimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect_
threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns_
server_ stroverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns_
server_ strprotocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop_
fragment str - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop_
overlapped_ strfragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap_
ca_ strcert - EAP CA certificate name.
- eap_
identity str - EAP identity.
- eap_
method str - EAP method. Valid values:
tls
,peap
. - eap_
password str - EAP password.
- eap_
supplicant str - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap_
user_ strcert - EAP user certificate name.
- egress_
shaping_ strprofile - Outgoing traffic shaping profile.
- endpoint_
compliance str - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated_
downstream_ intbandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated_
upstream_ intbandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit_
ftp_ strproxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit_
web_ strproxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external str
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail_
action_ stron_ extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail_
alert_ Sequence[Interfaceinterfaces Fail Alert Interface Args] - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail_
alert_ strmethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail_
detect str - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail_
detect_ stroption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat str
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink str
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink_
backup_ intlink - fortilink split interface backup link.
- fortilink_
neighbor_ strdetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink_
split_ strinterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink_
stacking str - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward_
domain int - Transparent mode forward domain.
- forward_
error_ strcorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect str
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha_
priority int - HA election priority for the PING server.
- icmp_
accept_ strredirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp_
send_ strredirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident_
accept str - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle_
timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike_
saml_ strserver - Configure IKE authentication SAML server.
- inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress_
shaping_ strprofile - Incoming traffic shaping profile.
- ingress_
spillover_ intthreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface str
- Interface name.
- internal int
- Implicitly created.
- ip str
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip_
managed_ strby_ fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac str
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips_
sniffer_ strmode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered str
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6Args - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward str
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp_
ha_ strsecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp_
ha_ strslave - LACP HA slave. Valid values:
enable
,disable
. - lacp_
mode str - LACP mode. Valid values:
static
,passive
,active
. - lacp_
speed str - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp_
echo_ intinterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp_
max_ intecho_ fails - Maximum missed LCP echo messages before disconnect.
- link_
up_ intdelay - Number of milliseconds to wait before considering a link is up.
- lldp_
network_ strpolicy - LLDP-MED network policy profile.
- lldp_
reception str - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp_
transmission str - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr str
- Change the interface's MAC address.
- managed_
devices Sequence[InterfaceManaged Device Args] - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed_
subnetwork_ strsize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management_
ip str - High Availability in-band management IP address of this interface.
- measured_
downstream_ intbandwidth - Measured downstream bandwidth (kbps).
- measured_
upstream_ intbandwidth - Measured upstream bandwidth (kbps).
- mediatype str
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
Sequence[Interface
Member Args] - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min_
links int - Minimum number of aggregated ports that must be up.
- min_
links_ strdown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode str
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor_
bandwidth str - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu int
- MTU value for this interface.
- mtu_
override str - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name str
- Name.
- ndiscforward str
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios_
forward str - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow_
sampler str - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt_
retry_ inttimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password str
- PPPoE account's password.
- ping_
serv_ intstatus - PING server status.
- polling_
interval int - sFlow polling interval in seconds (1 - 255).
- pppoe_
unnumbered_ strnegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp_
auth_ strtype - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp_
client str - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp_
password str - PPTP password.
- pptp_
server_ strip - PPTP server IP address.
- pptp_
timeout int - Idle timer in minutes (0 for disabled).
- pptp_
user str - PPTP user name.
- preserve_
session_ strroute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority int
- Priority of learned routes.
- priority_
override str - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy_
captive_ strportal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable_
time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant_
interface str - Redundant interface.
- remote_
ip str - Remote IP address of tunnel.
- replacemsg_
override_ strgroup - Replacement message override group.
- ring_
rx int - RX ring size.
- ring_
tx int - TX ring size.
- role str
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample_
direction str - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample_
rate int - sFlow sample rate (10 - 99999).
- scan_
botnet_ strconnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary_
ip str - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
Sequence[Interface
Secondaryip Args] - Second IP address of interface. The structure of
secondaryip
block is documented below. - security_
exempt_ strlist - Name of security-exempt-list.
- security_
external_ strlogout - URL of external authentication logout server.
- security_
external_ strweb - URL of external authentication web server.
- security_
groups Sequence[InterfaceSecurity Group Args] - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security_
mac_ strauth_ bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security_
mode str - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security_
redirect_ strurl - URL redirection after disclaimer/authentication.
- service_
name str - PPPoE service name.
- sflow_
sampler str - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp_
index int - Permanent SNMP Index of the interface.
- speed str
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover_
threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src_
check str - Enable/disable source IP check. Valid values:
enable
,disable
. - status str
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp str
- Enable/disable STP. Valid values:
disable
,enable
. - stp_
ha_ strsecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward str
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward_
mode str - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst str
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute_
dst_ strmac - Destination MAC address that all packets are sent to from this interface.
- swc_
first_ intcreate - Initial create for switch-controller VLANs.
- swc_
vlan int - Creation status for switch-controller VLANs.
- switch str
- Contained in switch.
- switch_
controller_ straccess_ vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch_
controller_ strarp_ inspection - Enable/disable FortiSwitch ARP inspection.
- switch_
controller_ strdhcp_ snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch_
controller_ strdhcp_ snooping_ option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch_
controller_ strdhcp_ snooping_ verify_ mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch_
controller_ strdynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch_
controller_ strfeature - Interface's purpose when assigning traffic (read only).
- switch_
controller_ strigmp_ snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch_
controller_ strigmp_ snooping_ fast_ leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch_
controller_ strigmp_ snooping_ proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch_
controller_ striot_ scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch_
controller_ intlearning_ limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch_
controller_ intmgmt_ vlan - VLAN to use for FortiLink management purposes.
- switch_
controller_ strnac - Integrated NAC settings for managed FortiSwitch.
- switch_
controller_ strnetflow_ collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch_
controller_ stroffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch_
controller_ stroffload_ gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch_
controller_ stroffload_ ip - IP for routing offload on FortiSwitch.
- switch_
controller_ strrspan_ mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch_
controller_ strsource_ ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch_
controller_ strtraffic_ policy - Switch controller traffic policy for the VLAN.
- system_
id str - Define a system ID for the aggregate interface.
- system_
id_ strtype - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
Sequence[Interface
Tagging Args] - Config object tagging. The structure of
tagging
block is documented below. - tcp_
mss int - TCP maximum segment size. 0 means do not change segment size.
- trunk str
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust_
ip1 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip2 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip3 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip61 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust_
ip62 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust_
ip63 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type str
- Interface type.
- username str
- Username of the PPPoE account, provided by your ISP.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex int
- Switch control interface VLAN ID.
- vlan_
protocol str - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward str
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid int
- VLAN ID (1 - 4094).
- vrf int
- Virtual Routing Forwarding ID.
- vrrp_
virtual_ strmac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
Sequence[Interface
Vrrp Args] - VRRP configuration. The structure of
vrrp
block is documented below. - wccp str
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight int
- Default weight for static routes (if route has no weight configured).
- wins_
ip str - WINS server IP.
- vdom String
- Interface is in this virtual domain (VDOM).
- ac
Name String - PPPoE server name.
- aggregate String
- Aggregate interface.
- aggregate
Type String - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm String
- Frame distribution algorithm.
- alias String
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess String
- Permitted types of management access to this interface.
- ap
Discover String - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward String
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- auth
Type String - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth StringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated String
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure NumberTime - Bandwidth measure time
- bfd String
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired NumberMin Tx - BFD desired minimal transmit interval.
- bfd
Detect NumberMult - BFD detection multiplier.
- bfd
Required NumberMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient StringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward String - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal Number - Enable/disable captive portal.
- cli
Conn NumberStatus - CLI connection status.
- client
Options List<Property Map> - DHCP client options. The structure of
client_options
block is documented below. - color Number
- Color of icon on the GUI.
- dedicated
To String - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue StringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw String
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description String
- Description.
- detected
Peer NumberMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- device
Access StringList - Device access list.
- device
Identification String - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification StringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan String - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User StringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex Number
- Device Index.
- dhcp
Broadcast StringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless StringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client StringIdentifier - DHCP client identifier.
- dhcp
Relay StringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay StringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay StringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay StringInterface - Specify outgoing interface to reach server.
- dhcp
Relay StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay StringIp - DHCP relay IP address.
- dhcp
Relay StringLink Selection - DHCP relay link selection.
- dhcp
Relay StringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay StringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay StringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay StringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew NumberTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart StringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping List<Property Map>Server Lists - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry NumberTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold Number - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance Number
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server StringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server StringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment String - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped StringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca StringCert - EAP CA certificate name.
- eap
Identity String - EAP identity.
- eap
Method String - EAP method. Valid values:
tls
,peap
. - eap
Password String - EAP password.
- eap
Supplicant String - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User StringCert - EAP user certificate name.
- egress
Shaping StringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance String - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream NumberBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream NumberBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp StringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web StringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external String
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action StringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert List<Property Map>Interfaces - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert StringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect String - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect StringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat String
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink String
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup NumberLink - fortilink split interface backup link.
- fortilink
Neighbor StringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split StringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking String - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain Number - Transparent mode forward domain.
- forward
Error StringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Number - HA election priority for the PING server.
- icmp
Accept StringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send StringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept String - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout Number - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml StringServer - Configure IKE authentication SAML server.
- inbandwidth Number
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping StringProfile - Incoming traffic shaping profile.
- ingress
Spillover NumberThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface String
- Interface name.
- internal Number
- Implicitly created.
- ip String
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed StringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac String
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer StringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered String
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6 Property Map
- IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward String
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha StringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha StringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode String - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed String - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo NumberInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max NumberEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up NumberDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network StringPolicy - LLDP-MED network policy profile.
- lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr String
- Change the interface's MAC address.
- managed
Devices List<Property Map> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork StringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip String - High Availability in-band management IP address of this interface.
- measured
Downstream NumberBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream NumberBandwidth - Measured upstream bandwidth (kbps).
- mediatype String
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members List<Property Map>
- Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links Number - Minimum number of aggregated ports that must be up.
- min
Links StringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode String
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth String - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu Number
- MTU value for this interface.
- mtu
Override String - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name String
- Name.
- ndiscforward String
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward String - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler String - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth Number
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry NumberTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password String
- PPPoE account's password.
- ping
Serv NumberStatus - PING server status.
- polling
Interval Number - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered StringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth StringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client String - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password String - PPTP password.
- pptp
Server StringIp - PPTP server IP address.
- pptp
Timeout Number - Idle timer in minutes (0 for disabled).
- pptp
User String - PPTP user name.
- preserve
Session StringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority Number
- Priority of learned routes.
- priority
Override String - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive StringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time Number - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface String - Redundant interface.
- remote
Ip String - Remote IP address of tunnel.
- replacemsg
Override StringGroup - Replacement message override group.
- ring
Rx Number - RX ring size.
- ring
Tx Number - TX ring size.
- role String
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction String - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate Number - sFlow sample rate (10 - 99999).
- scan
Botnet StringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip String - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips List<Property Map>
- Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt StringList - Name of security-exempt-list.
- security
External StringLogout - URL of external authentication logout server.
- security
External StringWeb - URL of external authentication web server.
- security
Groups List<Property Map> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac StringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode String - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect StringUrl - URL redirection after disclaimer/authentication.
- service
Name String - PPPoE service name.
- sflow
Sampler String - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index Number - Permanent SNMP Index of the interface.
- speed String
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold Number - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check String - Enable/disable source IP check. Valid values:
enable
,disable
. - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp String
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha StringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward String
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode String - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst String
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst StringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First NumberCreate - Initial create for switch-controller VLANs.
- swc
Vlan Number - Creation status for switch-controller VLANs.
- switch String
- Contained in switch.
- switch
Controller StringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller StringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller StringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller StringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller StringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller StringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller StringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller NumberLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller NumberMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller StringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller StringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller StringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller StringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller StringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller StringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller StringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller StringTraffic Policy - Switch controller traffic policy for the VLAN.
- system
Id String - Define a system ID for the aggregate interface.
- system
Id StringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings List<Property Map>
- Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss Number - TCP maximum segment size. 0 means do not change segment size.
- trunk String
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type String
- Interface type.
- username String
- Username of the PPPoE account, provided by your ISP.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex Number
- Switch control interface VLAN ID.
- vlan
Protocol String - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward String
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid Number
- VLAN ID (1 - 4094).
- vrf Number
- Virtual Routing Forwarding ID.
- vrrp
Virtual StringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps List<Property Map>
- VRRP configuration. The structure of
vrrp
block is documented below. - wccp String
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight Number
- Default weight for static routes (if route has no weight configured).
- wins
Ip String - WINS server IP.
Outputs
All input properties are implicitly available as output properties. Additionally, the Interface resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Interface Resource
Get an existing Interface resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: InterfaceState, opts?: CustomResourceOptions): Interface
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
ac_name: Optional[str] = None,
aggregate: Optional[str] = None,
aggregate_type: Optional[str] = None,
algorithm: Optional[str] = None,
alias: Optional[str] = None,
allowaccess: Optional[str] = None,
ap_discover: Optional[str] = None,
arpforward: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
auth_type: Optional[str] = None,
auto_auth_extension_device: Optional[str] = None,
autogenerated: Optional[str] = None,
bandwidth_measure_time: Optional[int] = None,
bfd: Optional[str] = None,
bfd_desired_min_tx: Optional[int] = None,
bfd_detect_mult: Optional[int] = None,
bfd_required_min_rx: Optional[int] = None,
broadcast_forticlient_discovery: Optional[str] = None,
broadcast_forward: Optional[str] = None,
captive_portal: Optional[int] = None,
cli_conn_status: Optional[int] = None,
client_options: Optional[Sequence[InterfaceClientOptionArgs]] = None,
color: Optional[int] = None,
dedicated_to: Optional[str] = None,
default_purdue_level: Optional[str] = None,
defaultgw: Optional[str] = None,
description: Optional[str] = None,
detected_peer_mtu: Optional[int] = None,
detectprotocol: Optional[str] = None,
detectserver: Optional[str] = None,
device_access_list: Optional[str] = None,
device_identification: Optional[str] = None,
device_identification_active_scan: Optional[str] = None,
device_netscan: Optional[str] = None,
device_user_identification: Optional[str] = None,
devindex: Optional[int] = None,
dhcp_broadcast_flag: Optional[str] = None,
dhcp_classless_route_addition: Optional[str] = None,
dhcp_client_identifier: Optional[str] = None,
dhcp_relay_agent_option: Optional[str] = None,
dhcp_relay_allow_no_end_option: Optional[str] = None,
dhcp_relay_circuit_id: Optional[str] = None,
dhcp_relay_interface: Optional[str] = None,
dhcp_relay_interface_select_method: Optional[str] = None,
dhcp_relay_ip: Optional[str] = None,
dhcp_relay_link_selection: Optional[str] = None,
dhcp_relay_request_all_server: Optional[str] = None,
dhcp_relay_service: Optional[str] = None,
dhcp_relay_source_ip: Optional[str] = None,
dhcp_relay_type: Optional[str] = None,
dhcp_renew_time: Optional[int] = None,
dhcp_smart_relay: Optional[str] = None,
dhcp_snooping_server_lists: Optional[Sequence[InterfaceDhcpSnoopingServerListArgs]] = None,
disc_retry_timeout: Optional[int] = None,
disconnect_threshold: Optional[int] = None,
distance: Optional[int] = None,
dns_server_override: Optional[str] = None,
dns_server_protocol: Optional[str] = None,
drop_fragment: Optional[str] = None,
drop_overlapped_fragment: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
eap_ca_cert: Optional[str] = None,
eap_identity: Optional[str] = None,
eap_method: Optional[str] = None,
eap_password: Optional[str] = None,
eap_supplicant: Optional[str] = None,
eap_user_cert: Optional[str] = None,
egress_shaping_profile: Optional[str] = None,
endpoint_compliance: Optional[str] = None,
estimated_downstream_bandwidth: Optional[int] = None,
estimated_upstream_bandwidth: Optional[int] = None,
explicit_ftp_proxy: Optional[str] = None,
explicit_web_proxy: Optional[str] = None,
external: Optional[str] = None,
fail_action_on_extender: Optional[str] = None,
fail_alert_interfaces: Optional[Sequence[InterfaceFailAlertInterfaceArgs]] = None,
fail_alert_method: Optional[str] = None,
fail_detect: Optional[str] = None,
fail_detect_option: Optional[str] = None,
fortiheartbeat: Optional[str] = None,
fortilink: Optional[str] = None,
fortilink_backup_link: Optional[int] = None,
fortilink_neighbor_detect: Optional[str] = None,
fortilink_split_interface: Optional[str] = None,
fortilink_stacking: Optional[str] = None,
forward_domain: Optional[int] = None,
forward_error_correction: Optional[str] = None,
get_all_tables: Optional[str] = None,
gwdetect: Optional[str] = None,
ha_priority: Optional[int] = None,
icmp_accept_redirect: Optional[str] = None,
icmp_send_redirect: Optional[str] = None,
ident_accept: Optional[str] = None,
idle_timeout: Optional[int] = None,
ike_saml_server: Optional[str] = None,
inbandwidth: Optional[int] = None,
ingress_shaping_profile: Optional[str] = None,
ingress_spillover_threshold: Optional[int] = None,
interface: Optional[str] = None,
internal: Optional[int] = None,
ip: Optional[str] = None,
ip_managed_by_fortiipam: Optional[str] = None,
ipmac: Optional[str] = None,
ips_sniffer_mode: Optional[str] = None,
ipunnumbered: Optional[str] = None,
ipv6: Optional[InterfaceIpv6Args] = None,
l2forward: Optional[str] = None,
lacp_ha_secondary: Optional[str] = None,
lacp_ha_slave: Optional[str] = None,
lacp_mode: Optional[str] = None,
lacp_speed: Optional[str] = None,
lcp_echo_interval: Optional[int] = None,
lcp_max_echo_fails: Optional[int] = None,
link_up_delay: Optional[int] = None,
lldp_network_policy: Optional[str] = None,
lldp_reception: Optional[str] = None,
lldp_transmission: Optional[str] = None,
macaddr: Optional[str] = None,
managed_devices: Optional[Sequence[InterfaceManagedDeviceArgs]] = None,
managed_subnetwork_size: Optional[str] = None,
management_ip: Optional[str] = None,
measured_downstream_bandwidth: Optional[int] = None,
measured_upstream_bandwidth: Optional[int] = None,
mediatype: Optional[str] = None,
members: Optional[Sequence[InterfaceMemberArgs]] = None,
min_links: Optional[int] = None,
min_links_down: Optional[str] = None,
mode: Optional[str] = None,
monitor_bandwidth: Optional[str] = None,
mtu: Optional[int] = None,
mtu_override: Optional[str] = None,
name: Optional[str] = None,
ndiscforward: Optional[str] = None,
netbios_forward: Optional[str] = None,
netflow_sampler: Optional[str] = None,
outbandwidth: Optional[int] = None,
padt_retry_timeout: Optional[int] = None,
password: Optional[str] = None,
ping_serv_status: Optional[int] = None,
polling_interval: Optional[int] = None,
pppoe_unnumbered_negotiate: Optional[str] = None,
pptp_auth_type: Optional[str] = None,
pptp_client: Optional[str] = None,
pptp_password: Optional[str] = None,
pptp_server_ip: Optional[str] = None,
pptp_timeout: Optional[int] = None,
pptp_user: Optional[str] = None,
preserve_session_route: Optional[str] = None,
priority: Optional[int] = None,
priority_override: Optional[str] = None,
proxy_captive_portal: Optional[str] = None,
reachable_time: Optional[int] = None,
redundant_interface: Optional[str] = None,
remote_ip: Optional[str] = None,
replacemsg_override_group: Optional[str] = None,
ring_rx: Optional[int] = None,
ring_tx: Optional[int] = None,
role: Optional[str] = None,
sample_direction: Optional[str] = None,
sample_rate: Optional[int] = None,
scan_botnet_connections: Optional[str] = None,
secondary_ip: Optional[str] = None,
secondaryips: Optional[Sequence[InterfaceSecondaryipArgs]] = None,
security_exempt_list: Optional[str] = None,
security_external_logout: Optional[str] = None,
security_external_web: Optional[str] = None,
security_groups: Optional[Sequence[InterfaceSecurityGroupArgs]] = None,
security_mac_auth_bypass: Optional[str] = None,
security_mode: Optional[str] = None,
security_redirect_url: Optional[str] = None,
service_name: Optional[str] = None,
sflow_sampler: Optional[str] = None,
snmp_index: Optional[int] = None,
speed: Optional[str] = None,
spillover_threshold: Optional[int] = None,
src_check: Optional[str] = None,
status: Optional[str] = None,
stp: Optional[str] = None,
stp_ha_secondary: Optional[str] = None,
stpforward: Optional[str] = None,
stpforward_mode: Optional[str] = None,
subst: Optional[str] = None,
substitute_dst_mac: Optional[str] = None,
swc_first_create: Optional[int] = None,
swc_vlan: Optional[int] = None,
switch: Optional[str] = None,
switch_controller_access_vlan: Optional[str] = None,
switch_controller_arp_inspection: Optional[str] = None,
switch_controller_dhcp_snooping: Optional[str] = None,
switch_controller_dhcp_snooping_option82: Optional[str] = None,
switch_controller_dhcp_snooping_verify_mac: Optional[str] = None,
switch_controller_dynamic: Optional[str] = None,
switch_controller_feature: Optional[str] = None,
switch_controller_igmp_snooping: Optional[str] = None,
switch_controller_igmp_snooping_fast_leave: Optional[str] = None,
switch_controller_igmp_snooping_proxy: Optional[str] = None,
switch_controller_iot_scanning: Optional[str] = None,
switch_controller_learning_limit: Optional[int] = None,
switch_controller_mgmt_vlan: Optional[int] = None,
switch_controller_nac: Optional[str] = None,
switch_controller_netflow_collect: Optional[str] = None,
switch_controller_offload: Optional[str] = None,
switch_controller_offload_gw: Optional[str] = None,
switch_controller_offload_ip: Optional[str] = None,
switch_controller_rspan_mode: Optional[str] = None,
switch_controller_source_ip: Optional[str] = None,
switch_controller_traffic_policy: Optional[str] = None,
system_id: Optional[str] = None,
system_id_type: Optional[str] = None,
taggings: Optional[Sequence[InterfaceTaggingArgs]] = None,
tcp_mss: Optional[int] = None,
trunk: Optional[str] = None,
trust_ip1: Optional[str] = None,
trust_ip2: Optional[str] = None,
trust_ip3: Optional[str] = None,
trust_ip61: Optional[str] = None,
trust_ip62: Optional[str] = None,
trust_ip63: Optional[str] = None,
type: Optional[str] = None,
username: Optional[str] = None,
vdom: Optional[str] = None,
vdomparam: Optional[str] = None,
vindex: Optional[int] = None,
vlan_protocol: Optional[str] = None,
vlanforward: Optional[str] = None,
vlanid: Optional[int] = None,
vrf: Optional[int] = None,
vrrp_virtual_mac: Optional[str] = None,
vrrps: Optional[Sequence[InterfaceVrrpArgs]] = None,
wccp: Optional[str] = None,
weight: Optional[int] = None,
wins_ip: Optional[str] = None) -> Interface
func GetInterface(ctx *Context, name string, id IDInput, state *InterfaceState, opts ...ResourceOption) (*Interface, error)
public static Interface Get(string name, Input<string> id, InterfaceState? state, CustomResourceOptions? opts = null)
public static Interface get(String name, Output<String> id, InterfaceState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Ac
Name string - PPPoE server name.
- Aggregate string
- Aggregate interface.
- Aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - Algorithm string
- Frame distribution algorithm.
- Alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- Allowaccess string
- Permitted types of management access to this interface.
- Ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - Arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - Autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- Bandwidth
Measure intTime - Bandwidth measure time
- Bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval.
- Bfd
Detect intMult - BFD detection multiplier.
- Bfd
Required intMin Rx - BFD required minimal receive interval.
- Broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - Broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - Captive
Portal int - Enable/disable captive portal.
- Cli
Conn intStatus - CLI connection status.
- Client
Options List<Pulumiverse.Fortios. System. Inputs. Interface Client Option> - DHCP client options. The structure of
client_options
block is documented below. - Color int
- Color of icon on the GUI.
- Data string
- Interface name.
- Dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - Default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - Defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - Description string
- Description.
- Detected
Peer intMtu - MTU of detected peer (0 - 4294967295).
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Device
Access stringList - Device access list.
- Device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - Device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - Devindex int
- Device Index.
- Dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - Dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - Dhcp
Client stringIdentifier - DHCP client identifier.
- Dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - Dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - Dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- Dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- Dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Relay stringIp - DHCP relay IP address.
- Dhcp
Relay stringLink Selection - DHCP relay link selection.
- Dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - Dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - Dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- Dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - Dhcp
Renew intTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- Dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - Dhcp
Snooping List<Pulumiverse.Server Lists Fortios. System. Inputs. Interface Dhcp Snooping Server List> - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - Disc
Retry intTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- Disconnect
Threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- Distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- Dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - Dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - Drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - Drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Eap
Ca stringCert - EAP CA certificate name.
- Eap
Identity string - EAP identity.
- Eap
Method string - EAP method. Valid values:
tls
,peap
. - Eap
Password string - EAP password.
- Eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - Eap
User stringCert - EAP user certificate name.
- Egress
Shaping stringProfile - Outgoing traffic shaping profile.
- Endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - Estimated
Downstream intBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- Estimated
Upstream intBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- Explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - Explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - External string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - Fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - Fail
Alert List<Pulumiverse.Interfaces Fortios. System. Inputs. Interface Fail Alert Interface> - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - Fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - Fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - Fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - Fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - Fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - Fortilink
Backup intLink - fortilink split interface backup link.
- Fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - Fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - Fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - Forward
Domain int - Transparent mode forward domain.
- Forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - Icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - Ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - Idle
Timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- Ike
Saml stringServer - Configure IKE authentication SAML server.
- Inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Ingress
Shaping stringProfile - Incoming traffic shaping profile.
- Ingress
Spillover intThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Internal int
- Implicitly created.
- Ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- Ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- Ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - Ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - Ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- Ipv6
Pulumiverse.
Fortios. System. Inputs. Interface Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - L2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - Lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - Lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - Lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - Lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - Lcp
Echo intInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- Lcp
Max intEcho Fails - Maximum missed LCP echo messages before disconnect.
- Link
Up intDelay - Number of milliseconds to wait before considering a link is up.
- Lldp
Network stringPolicy - LLDP-MED network policy profile.
- Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - Macaddr string
- Change the interface's MAC address.
- Managed
Devices List<Pulumiverse.Fortios. System. Inputs. Interface Managed Device> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - Managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- Management
Ip string - High Availability in-band management IP address of this interface.
- Measured
Downstream intBandwidth - Measured downstream bandwidth (kbps).
- Measured
Upstream intBandwidth - Measured upstream bandwidth (kbps).
- Mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - Members
List<Pulumiverse.
Fortios. System. Inputs. Interface Member> - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - Min
Links int - Minimum number of aggregated ports that must be up.
- Min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - Mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - Monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - Mtu int
- MTU value for this interface.
- Mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - Name string
- Name.
- Ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - Netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - Netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - Outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Padt
Retry intTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- Password string
- PPPoE account's password.
- Ping
Serv intStatus - PING server status.
- Polling
Interval int - sFlow polling interval in seconds (1 - 255).
- Pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - Pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - Pptp
Password string - PPTP password.
- Pptp
Server stringIp - PPTP server IP address.
- Pptp
Timeout int - Idle timer in minutes (0 for disabled).
- Pptp
User string - PPTP user name.
- Preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - Priority int
- Priority of learned routes.
- Priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - Proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - Reachable
Time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- Redundant
Interface string - Redundant interface.
- Remote
Ip string - Remote IP address of tunnel.
- Replacemsg
Override stringGroup - Replacement message override group.
- Ring
Rx int - RX ring size.
- Ring
Tx int - TX ring size.
- Role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - Sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - Sample
Rate int - sFlow sample rate (10 - 99999).
- Scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - Secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - Secondaryips
List<Pulumiverse.
Fortios. System. Inputs. Interface Secondaryip> - Second IP address of interface. The structure of
secondaryip
block is documented below. - Security
Exempt stringList - Name of security-exempt-list.
- Security
External stringLogout - URL of external authentication logout server.
- Security
External stringWeb - URL of external authentication web server.
- Security
Groups List<Pulumiverse.Fortios. System. Inputs. Interface Security Group> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - Security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - Security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - Security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- Service
Name string - PPPoE service name.
- Sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - Snmp
Index int - Permanent SNMP Index of the interface.
- Speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- Spillover
Threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Stp string
- Enable/disable STP. Valid values:
disable
,enable
. - Stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - Stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - Stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - Subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - Substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- Swc
First intCreate - Initial create for switch-controller VLANs.
- Swc
Vlan int - Creation status for switch-controller VLANs.
- Switch string
- Contained in switch.
- Switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - Switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- Switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - Switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- Switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- Switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - Switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - Switch
Controller intLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- Switch
Controller intMgmt Vlan - VLAN to use for FortiLink management purposes.
- Switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- Switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - Switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - Switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - Switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- Switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - Switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - Switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- System
Id string - Define a system ID for the aggregate interface.
- System
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - Taggings
List<Pulumiverse.
Fortios. System. Inputs. Interface Tagging> - Config object tagging. The structure of
tagging
block is documented below. - Tcp
Mss int - TCP maximum segment size. 0 means do not change segment size.
- Trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - Trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Type string
- Interface type.
- Username string
- Username of the PPPoE account, provided by your ISP.
- Vdom string
- Interface is in this virtual domain (VDOM).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vindex int
- Switch control interface VLAN ID.
- Vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - Vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - Vlanid int
- VLAN ID (1 - 4094).
- Vrf int
- Virtual Routing Forwarding ID.
- Vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - Vrrps
List<Pulumiverse.
Fortios. System. Inputs. Interface Vrrp> - VRRP configuration. The structure of
vrrp
block is documented below. - Wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - Weight int
- Default weight for static routes (if route has no weight configured).
- Wins
Ip string - WINS server IP.
- Ac
Name string - PPPoE server name.
- Aggregate string
- Aggregate interface.
- Aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - Algorithm string
- Frame distribution algorithm.
- Alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- Allowaccess string
- Permitted types of management access to this interface.
- Ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - Arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - Autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- Bandwidth
Measure intTime - Bandwidth measure time
- Bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval.
- Bfd
Detect intMult - BFD detection multiplier.
- Bfd
Required intMin Rx - BFD required minimal receive interval.
- Broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - Broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - Captive
Portal int - Enable/disable captive portal.
- Cli
Conn intStatus - CLI connection status.
- Client
Options []InterfaceClient Option Args - DHCP client options. The structure of
client_options
block is documented below. - Color int
- Color of icon on the GUI.
- Dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - Default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - Defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - Description string
- Description.
- Detected
Peer intMtu - MTU of detected peer (0 - 4294967295).
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Device
Access stringList - Device access list.
- Device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - Device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - Device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - Devindex int
- Device Index.
- Dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - Dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - Dhcp
Client stringIdentifier - DHCP client identifier.
- Dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - Dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - Dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- Dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- Dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Relay stringIp - DHCP relay IP address.
- Dhcp
Relay stringLink Selection - DHCP relay link selection.
- Dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - Dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - Dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- Dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - Dhcp
Renew intTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- Dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - Dhcp
Snooping []InterfaceServer Lists Dhcp Snooping Server List Args - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - Disc
Retry intTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- Disconnect
Threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- Distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- Dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - Dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - Drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - Drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Eap
Ca stringCert - EAP CA certificate name.
- Eap
Identity string - EAP identity.
- Eap
Method string - EAP method. Valid values:
tls
,peap
. - Eap
Password string - EAP password.
- Eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - Eap
User stringCert - EAP user certificate name.
- Egress
Shaping stringProfile - Outgoing traffic shaping profile.
- Endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - Estimated
Downstream intBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- Estimated
Upstream intBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- Explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - Explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - External string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - Fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - Fail
Alert []InterfaceInterfaces Fail Alert Interface Args - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - Fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - Fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - Fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - Fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - Fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - Fortilink
Backup intLink - fortilink split interface backup link.
- Fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - Fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - Fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - Forward
Domain int - Transparent mode forward domain.
- Forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - Icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - Ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - Idle
Timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- Ike
Saml stringServer - Configure IKE authentication SAML server.
- Inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Ingress
Shaping stringProfile - Incoming traffic shaping profile.
- Ingress
Spillover intThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Interface string
- Interface name.
- Internal int
- Implicitly created.
- Ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- Ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- Ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - Ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - Ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- Ipv6
Interface
Ipv6Args - IPv6 of interface. The structure of
ipv6
block is documented below. - L2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - Lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - Lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - Lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - Lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - Lcp
Echo intInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- Lcp
Max intEcho Fails - Maximum missed LCP echo messages before disconnect.
- Link
Up intDelay - Number of milliseconds to wait before considering a link is up.
- Lldp
Network stringPolicy - LLDP-MED network policy profile.
- Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - Macaddr string
- Change the interface's MAC address.
- Managed
Devices []InterfaceManaged Device Args - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - Managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- Management
Ip string - High Availability in-band management IP address of this interface.
- Measured
Downstream intBandwidth - Measured downstream bandwidth (kbps).
- Measured
Upstream intBandwidth - Measured upstream bandwidth (kbps).
- Mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - Members
[]Interface
Member Args - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - Min
Links int - Minimum number of aggregated ports that must be up.
- Min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - Mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - Monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - Mtu int
- MTU value for this interface.
- Mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - Name string
- Name.
- Ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - Netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - Netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - Outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- Padt
Retry intTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- Password string
- PPPoE account's password.
- Ping
Serv intStatus - PING server status.
- Polling
Interval int - sFlow polling interval in seconds (1 - 255).
- Pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - Pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - Pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - Pptp
Password string - PPTP password.
- Pptp
Server stringIp - PPTP server IP address.
- Pptp
Timeout int - Idle timer in minutes (0 for disabled).
- Pptp
User string - PPTP user name.
- Preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - Priority int
- Priority of learned routes.
- Priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - Proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - Reachable
Time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- Redundant
Interface string - Redundant interface.
- Remote
Ip string - Remote IP address of tunnel.
- Replacemsg
Override stringGroup - Replacement message override group.
- Ring
Rx int - RX ring size.
- Ring
Tx int - TX ring size.
- Role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - Sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - Sample
Rate int - sFlow sample rate (10 - 99999).
- Scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - Secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - Secondaryips
[]Interface
Secondaryip Args - Second IP address of interface. The structure of
secondaryip
block is documented below. - Security
Exempt stringList - Name of security-exempt-list.
- Security
External stringLogout - URL of external authentication logout server.
- Security
External stringWeb - URL of external authentication web server.
- Security
Groups []InterfaceSecurity Group Args - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - Security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - Security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - Security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- Service
Name string - PPPoE service name.
- Sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - Snmp
Index int - Permanent SNMP Index of the interface.
- Speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- Spillover
Threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- Src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Stp string
- Enable/disable STP. Valid values:
disable
,enable
. - Stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - Stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - Stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - Subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - Substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- Swc
First intCreate - Initial create for switch-controller VLANs.
- Swc
Vlan int - Creation status for switch-controller VLANs.
- Switch string
- Contained in switch.
- Switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - Switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- Switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - Switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - Switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- Switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- Switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - Switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - Switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - Switch
Controller intLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- Switch
Controller intMgmt Vlan - VLAN to use for FortiLink management purposes.
- Switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- Switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - Switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - Switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - Switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- Switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - Switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - Switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- System
Id string - Define a system ID for the aggregate interface.
- System
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - Taggings
[]Interface
Tagging Args - Config object tagging. The structure of
tagging
block is documented below. - Tcp
Mss int - TCP maximum segment size. 0 means do not change segment size.
- Trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - Trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- Trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- Type string
- Interface type.
- Username string
- Username of the PPPoE account, provided by your ISP.
- Vdom string
- Interface is in this virtual domain (VDOM).
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vindex int
- Switch control interface VLAN ID.
- Vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - Vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - Vlanid int
- VLAN ID (1 - 4094).
- Vrf int
- Virtual Routing Forwarding ID.
- Vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - Vrrps
[]Interface
Vrrp Args - VRRP configuration. The structure of
vrrp
block is documented below. - Wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - Weight int
- Default weight for static routes (if route has no weight configured).
- Wins
Ip string - WINS server IP.
- ac
Name String - PPPoE server name.
- aggregate String
- Aggregate interface.
- aggregate
Type String - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm String
- Frame distribution algorithm.
- alias String
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess String
- Permitted types of management access to this interface.
- ap
Discover String - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward String
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- auth
Type String - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth StringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated String
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure IntegerTime - Bandwidth measure time
- bfd String
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired IntegerMin Tx - BFD desired minimal transmit interval.
- bfd
Detect IntegerMult - BFD detection multiplier.
- bfd
Required IntegerMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient StringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward String - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal Integer - Enable/disable captive portal.
- cli
Conn IntegerStatus - CLI connection status.
- client
Options List<InterfaceClient Option> - DHCP client options. The structure of
client_options
block is documented below. - color Integer
- Color of icon on the GUI.
- dedicated
To String - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue StringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw String
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description String
- Description.
- detected
Peer IntegerMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- device
Access StringList - Device access list.
- device
Identification String - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification StringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan String - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User StringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex Integer
- Device Index.
- dhcp
Broadcast StringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless StringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client StringIdentifier - DHCP client identifier.
- dhcp
Relay StringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay StringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay StringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay StringInterface - Specify outgoing interface to reach server.
- dhcp
Relay StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay StringIp - DHCP relay IP address.
- dhcp
Relay StringLink Selection - DHCP relay link selection.
- dhcp
Relay StringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay StringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay StringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay StringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew IntegerTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart StringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping List<InterfaceServer Lists Dhcp Snooping Server List> - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry IntegerTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold Integer - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance Integer
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server StringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server StringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment String - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped StringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca StringCert - EAP CA certificate name.
- eap
Identity String - EAP identity.
- eap
Method String - EAP method. Valid values:
tls
,peap
. - eap
Password String - EAP password.
- eap
Supplicant String - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User StringCert - EAP user certificate name.
- egress
Shaping StringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance String - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream IntegerBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream IntegerBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp StringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web StringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external String
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action StringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert List<InterfaceInterfaces Fail Alert Interface> - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert StringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect String - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect StringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat String
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink String
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup IntegerLink - fortilink split interface backup link.
- fortilink
Neighbor StringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split StringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking String - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain Integer - Transparent mode forward domain.
- forward
Error StringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Integer - HA election priority for the PING server.
- icmp
Accept StringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send StringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept String - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout Integer - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml StringServer - Configure IKE authentication SAML server.
- inbandwidth Integer
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping StringProfile - Incoming traffic shaping profile.
- ingress
Spillover IntegerThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface_ String
- Interface name.
- internal Integer
- Implicitly created.
- ip String
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed StringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac String
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer StringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered String
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward String
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha StringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha StringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode String - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed String - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo IntegerInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max IntegerEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up IntegerDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network StringPolicy - LLDP-MED network policy profile.
- lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr String
- Change the interface's MAC address.
- managed
Devices List<InterfaceManaged Device> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork StringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip String - High Availability in-band management IP address of this interface.
- measured
Downstream IntegerBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream IntegerBandwidth - Measured upstream bandwidth (kbps).
- mediatype String
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
List<Interface
Member> - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links Integer - Minimum number of aggregated ports that must be up.
- min
Links StringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode String
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth String - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu Integer
- MTU value for this interface.
- mtu
Override String - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name String
- Name.
- ndiscforward String
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward String - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler String - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth Integer
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry IntegerTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password String
- PPPoE account's password.
- ping
Serv IntegerStatus - PING server status.
- polling
Interval Integer - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered StringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth StringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client String - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password String - PPTP password.
- pptp
Server StringIp - PPTP server IP address.
- pptp
Timeout Integer - Idle timer in minutes (0 for disabled).
- pptp
User String - PPTP user name.
- preserve
Session StringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority Integer
- Priority of learned routes.
- priority
Override String - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive StringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time Integer - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface String - Redundant interface.
- remote
Ip String - Remote IP address of tunnel.
- replacemsg
Override StringGroup - Replacement message override group.
- ring
Rx Integer - RX ring size.
- ring
Tx Integer - TX ring size.
- role String
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction String - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate Integer - sFlow sample rate (10 - 99999).
- scan
Botnet StringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip String - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
List<Interface
Secondaryip> - Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt StringList - Name of security-exempt-list.
- security
External StringLogout - URL of external authentication logout server.
- security
External StringWeb - URL of external authentication web server.
- security
Groups List<InterfaceSecurity Group> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac StringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode String - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect StringUrl - URL redirection after disclaimer/authentication.
- service
Name String - PPPoE service name.
- sflow
Sampler String - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index Integer - Permanent SNMP Index of the interface.
- speed String
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold Integer - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check String - Enable/disable source IP check. Valid values:
enable
,disable
. - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp String
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha StringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward String
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode String - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst String
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst StringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First IntegerCreate - Initial create for switch-controller VLANs.
- swc
Vlan Integer - Creation status for switch-controller VLANs.
- switch
Controller StringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller StringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller StringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller StringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller StringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller StringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller StringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller IntegerLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller IntegerMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller StringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller StringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller StringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller StringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller StringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller StringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller StringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller StringTraffic Policy - Switch controller traffic policy for the VLAN.
- switch_ String
- Contained in switch.
- system
Id String - Define a system ID for the aggregate interface.
- system
Id StringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
List<Interface
Tagging> - Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss Integer - TCP maximum segment size. 0 means do not change segment size.
- trunk String
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type String
- Interface type.
- username String
- Username of the PPPoE account, provided by your ISP.
- vdom String
- Interface is in this virtual domain (VDOM).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex Integer
- Switch control interface VLAN ID.
- vlan
Protocol String - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward String
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid Integer
- VLAN ID (1 - 4094).
- vrf Integer
- Virtual Routing Forwarding ID.
- vrrp
Virtual StringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
List<Interface
Vrrp> - VRRP configuration. The structure of
vrrp
block is documented below. - wccp String
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight Integer
- Default weight for static routes (if route has no weight configured).
- wins
Ip String - WINS server IP.
- ac
Name string - PPPoE server name.
- aggregate string
- Aggregate interface.
- aggregate
Type string - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm string
- Frame distribution algorithm.
- alias string
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess string
- Permitted types of management access to this interface.
- ap
Discover string - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward string
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- auth
Type string - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth stringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated string
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure numberTime - Bandwidth measure time
- bfd string
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired numberMin Tx - BFD desired minimal transmit interval.
- bfd
Detect numberMult - BFD detection multiplier.
- bfd
Required numberMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient stringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward string - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal number - Enable/disable captive portal.
- cli
Conn numberStatus - CLI connection status.
- client
Options InterfaceClient Option[] - DHCP client options. The structure of
client_options
block is documented below. - color number
- Color of icon on the GUI.
- dedicated
To string - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue stringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw string
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description string
- Description.
- detected
Peer numberMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver string
- Gateway's ping server for this IP.
- device
Access stringList - Device access list.
- device
Identification string - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification stringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan string - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User stringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex number
- Device Index.
- dhcp
Broadcast stringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless stringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client stringIdentifier - DHCP client identifier.
- dhcp
Relay stringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay stringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay stringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay stringInterface - Specify outgoing interface to reach server.
- dhcp
Relay stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay stringIp - DHCP relay IP address.
- dhcp
Relay stringLink Selection - DHCP relay link selection.
- dhcp
Relay stringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay stringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay stringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay stringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew numberTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart stringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping InterfaceServer Lists Dhcp Snooping Server List[] - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry numberTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold number - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance number
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server stringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server stringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment string - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped stringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca stringCert - EAP CA certificate name.
- eap
Identity string - EAP identity.
- eap
Method string - EAP method. Valid values:
tls
,peap
. - eap
Password string - EAP password.
- eap
Supplicant string - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User stringCert - EAP user certificate name.
- egress
Shaping stringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance string - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream numberBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream numberBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp stringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web stringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external string
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action stringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert InterfaceInterfaces Fail Alert Interface[] - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert stringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect string - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect stringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat string
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink string
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup numberLink - fortilink split interface backup link.
- fortilink
Neighbor stringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split stringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking string - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain number - Transparent mode forward domain.
- forward
Error stringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority number - HA election priority for the PING server.
- icmp
Accept stringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send stringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept string - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout number - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml stringServer - Configure IKE authentication SAML server.
- inbandwidth number
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping stringProfile - Incoming traffic shaping profile.
- ingress
Spillover numberThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface string
- Interface name.
- internal number
- Implicitly created.
- ip string
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed stringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac string
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer stringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered string
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6 - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward string
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha stringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha stringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode string - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed string - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo numberInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max numberEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up numberDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network stringPolicy - LLDP-MED network policy profile.
- lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr string
- Change the interface's MAC address.
- managed
Devices InterfaceManaged Device[] - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork stringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip string - High Availability in-band management IP address of this interface.
- measured
Downstream numberBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream numberBandwidth - Measured upstream bandwidth (kbps).
- mediatype string
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
Interface
Member[] - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links number - Minimum number of aggregated ports that must be up.
- min
Links stringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode string
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth string - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu number
- MTU value for this interface.
- mtu
Override string - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name string
- Name.
- ndiscforward string
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward string - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler string - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth number
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry numberTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password string
- PPPoE account's password.
- ping
Serv numberStatus - PING server status.
- polling
Interval number - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered stringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth stringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client string - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password string - PPTP password.
- pptp
Server stringIp - PPTP server IP address.
- pptp
Timeout number - Idle timer in minutes (0 for disabled).
- pptp
User string - PPTP user name.
- preserve
Session stringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority number
- Priority of learned routes.
- priority
Override string - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive stringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time number - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface string - Redundant interface.
- remote
Ip string - Remote IP address of tunnel.
- replacemsg
Override stringGroup - Replacement message override group.
- ring
Rx number - RX ring size.
- ring
Tx number - TX ring size.
- role string
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction string - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate number - sFlow sample rate (10 - 99999).
- scan
Botnet stringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip string - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
Interface
Secondaryip[] - Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt stringList - Name of security-exempt-list.
- security
External stringLogout - URL of external authentication logout server.
- security
External stringWeb - URL of external authentication web server.
- security
Groups InterfaceSecurity Group[] - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac stringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode string - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect stringUrl - URL redirection after disclaimer/authentication.
- service
Name string - PPPoE service name.
- sflow
Sampler string - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index number - Permanent SNMP Index of the interface.
- speed string
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold number - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check string - Enable/disable source IP check. Valid values:
enable
,disable
. - status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp string
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha stringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward string
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode string - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst string
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst stringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First numberCreate - Initial create for switch-controller VLANs.
- swc
Vlan number - Creation status for switch-controller VLANs.
- switch string
- Contained in switch.
- switch
Controller stringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller stringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller stringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller stringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller stringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller stringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller stringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller stringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller stringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller stringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller stringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller numberLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller numberMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller stringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller stringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller stringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller stringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller stringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller stringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller stringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller stringTraffic Policy - Switch controller traffic policy for the VLAN.
- system
Id string - Define a system ID for the aggregate interface.
- system
Id stringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
Interface
Tagging[] - Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss number - TCP maximum segment size. 0 means do not change segment size.
- trunk string
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 string - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 string - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type string
- Interface type.
- username string
- Username of the PPPoE account, provided by your ISP.
- vdom string
- Interface is in this virtual domain (VDOM).
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex number
- Switch control interface VLAN ID.
- vlan
Protocol string - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward string
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid number
- VLAN ID (1 - 4094).
- vrf number
- Virtual Routing Forwarding ID.
- vrrp
Virtual stringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
Interface
Vrrp[] - VRRP configuration. The structure of
vrrp
block is documented below. - wccp string
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight number
- Default weight for static routes (if route has no weight configured).
- wins
Ip string - WINS server IP.
- ac_
name str - PPPoE server name.
- aggregate str
- Aggregate interface.
- aggregate_
type str - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm str
- Frame distribution algorithm.
- alias str
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess str
- Permitted types of management access to this interface.
- ap_
discover str - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward str
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- auth_
type str - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto_
auth_ strextension_ device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated str
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth_
measure_ inttime - Bandwidth measure time
- bfd str
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd_
desired_ intmin_ tx - BFD desired minimal transmit interval.
- bfd_
detect_ intmult - BFD detection multiplier.
- bfd_
required_ intmin_ rx - BFD required minimal receive interval.
- broadcast_
forticlient_ strdiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast_
forward str - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive_
portal int - Enable/disable captive portal.
- cli_
conn_ intstatus - CLI connection status.
- client_
options Sequence[InterfaceClient Option Args] - DHCP client options. The structure of
client_options
block is documented below. - color int
- Color of icon on the GUI.
- dedicated_
to str - Configure interface for single purpose. Valid values:
none
,management
. - default_
purdue_ strlevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw str
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description str
- Description.
- detected_
peer_ intmtu - MTU of detected peer (0 - 4294967295).
- detectprotocol str
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver str
- Gateway's ping server for this IP.
- device_
access_ strlist - Device access list.
- device_
identification str - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device_
identification_ stractive_ scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device_
netscan str - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device_
user_ stridentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex int
- Device Index.
- dhcp_
broadcast_ strflag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp_
classless_ strroute_ addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp_
client_ stridentifier - DHCP client identifier.
- dhcp_
relay_ stragent_ option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp_
relay_ strallow_ no_ end_ option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp_
relay_ strcircuit_ id - DHCP relay circuit ID.
- dhcp_
relay_ strinterface - Specify outgoing interface to reach server.
- dhcp_
relay_ strinterface_ select_ method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp_
relay_ strip - DHCP relay IP address.
- dhcp_
relay_ strlink_ selection - DHCP relay link selection.
- dhcp_
relay_ strrequest_ all_ server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp_
relay_ strservice - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp_
relay_ strsource_ ip - IP address used by the DHCP relay as its source IP.
- dhcp_
relay_ strtype - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp_
renew_ inttime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp_
smart_ strrelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp_
snooping_ Sequence[Interfaceserver_ lists Dhcp Snooping Server List Args] - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc_
retry_ inttimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect_
threshold int - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance int
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns_
server_ stroverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns_
server_ strprotocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop_
fragment str - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop_
overlapped_ strfragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap_
ca_ strcert - EAP CA certificate name.
- eap_
identity str - EAP identity.
- eap_
method str - EAP method. Valid values:
tls
,peap
. - eap_
password str - EAP password.
- eap_
supplicant str - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap_
user_ strcert - EAP user certificate name.
- egress_
shaping_ strprofile - Outgoing traffic shaping profile.
- endpoint_
compliance str - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated_
downstream_ intbandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated_
upstream_ intbandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit_
ftp_ strproxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit_
web_ strproxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external str
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail_
action_ stron_ extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail_
alert_ Sequence[Interfaceinterfaces Fail Alert Interface Args] - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail_
alert_ strmethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail_
detect str - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail_
detect_ stroption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat str
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink str
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink_
backup_ intlink - fortilink split interface backup link.
- fortilink_
neighbor_ strdetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink_
split_ strinterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink_
stacking str - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward_
domain int - Transparent mode forward domain.
- forward_
error_ strcorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect str
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha_
priority int - HA election priority for the PING server.
- icmp_
accept_ strredirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp_
send_ strredirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident_
accept str - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle_
timeout int - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike_
saml_ strserver - Configure IKE authentication SAML server.
- inbandwidth int
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress_
shaping_ strprofile - Incoming traffic shaping profile.
- ingress_
spillover_ intthreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface str
- Interface name.
- internal int
- Implicitly created.
- ip str
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip_
managed_ strby_ fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac str
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips_
sniffer_ strmode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered str
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6
Interface
Ipv6Args - IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward str
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp_
ha_ strsecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp_
ha_ strslave - LACP HA slave. Valid values:
enable
,disable
. - lacp_
mode str - LACP mode. Valid values:
static
,passive
,active
. - lacp_
speed str - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp_
echo_ intinterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp_
max_ intecho_ fails - Maximum missed LCP echo messages before disconnect.
- link_
up_ intdelay - Number of milliseconds to wait before considering a link is up.
- lldp_
network_ strpolicy - LLDP-MED network policy profile.
- lldp_
reception str - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp_
transmission str - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr str
- Change the interface's MAC address.
- managed_
devices Sequence[InterfaceManaged Device Args] - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed_
subnetwork_ strsize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management_
ip str - High Availability in-band management IP address of this interface.
- measured_
downstream_ intbandwidth - Measured downstream bandwidth (kbps).
- measured_
upstream_ intbandwidth - Measured upstream bandwidth (kbps).
- mediatype str
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members
Sequence[Interface
Member Args] - Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min_
links int - Minimum number of aggregated ports that must be up.
- min_
links_ strdown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode str
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor_
bandwidth str - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu int
- MTU value for this interface.
- mtu_
override str - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name str
- Name.
- ndiscforward str
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios_
forward str - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow_
sampler str - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth int
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt_
retry_ inttimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password str
- PPPoE account's password.
- ping_
serv_ intstatus - PING server status.
- polling_
interval int - sFlow polling interval in seconds (1 - 255).
- pppoe_
unnumbered_ strnegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp_
auth_ strtype - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp_
client str - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp_
password str - PPTP password.
- pptp_
server_ strip - PPTP server IP address.
- pptp_
timeout int - Idle timer in minutes (0 for disabled).
- pptp_
user str - PPTP user name.
- preserve_
session_ strroute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority int
- Priority of learned routes.
- priority_
override str - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy_
captive_ strportal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable_
time int - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant_
interface str - Redundant interface.
- remote_
ip str - Remote IP address of tunnel.
- replacemsg_
override_ strgroup - Replacement message override group.
- ring_
rx int - RX ring size.
- ring_
tx int - TX ring size.
- role str
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample_
direction str - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample_
rate int - sFlow sample rate (10 - 99999).
- scan_
botnet_ strconnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary_
ip str - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips
Sequence[Interface
Secondaryip Args] - Second IP address of interface. The structure of
secondaryip
block is documented below. - security_
exempt_ strlist - Name of security-exempt-list.
- security_
external_ strlogout - URL of external authentication logout server.
- security_
external_ strweb - URL of external authentication web server.
- security_
groups Sequence[InterfaceSecurity Group Args] - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security_
mac_ strauth_ bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security_
mode str - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security_
redirect_ strurl - URL redirection after disclaimer/authentication.
- service_
name str - PPPoE service name.
- sflow_
sampler str - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp_
index int - Permanent SNMP Index of the interface.
- speed str
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover_
threshold int - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src_
check str - Enable/disable source IP check. Valid values:
enable
,disable
. - status str
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp str
- Enable/disable STP. Valid values:
disable
,enable
. - stp_
ha_ strsecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward str
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward_
mode str - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst str
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute_
dst_ strmac - Destination MAC address that all packets are sent to from this interface.
- swc_
first_ intcreate - Initial create for switch-controller VLANs.
- swc_
vlan int - Creation status for switch-controller VLANs.
- switch str
- Contained in switch.
- switch_
controller_ straccess_ vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch_
controller_ strarp_ inspection - Enable/disable FortiSwitch ARP inspection.
- switch_
controller_ strdhcp_ snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch_
controller_ strdhcp_ snooping_ option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch_
controller_ strdhcp_ snooping_ verify_ mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch_
controller_ strdynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch_
controller_ strfeature - Interface's purpose when assigning traffic (read only).
- switch_
controller_ strigmp_ snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch_
controller_ strigmp_ snooping_ fast_ leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch_
controller_ strigmp_ snooping_ proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch_
controller_ striot_ scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch_
controller_ intlearning_ limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch_
controller_ intmgmt_ vlan - VLAN to use for FortiLink management purposes.
- switch_
controller_ strnac - Integrated NAC settings for managed FortiSwitch.
- switch_
controller_ strnetflow_ collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch_
controller_ stroffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch_
controller_ stroffload_ gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch_
controller_ stroffload_ ip - IP for routing offload on FortiSwitch.
- switch_
controller_ strrspan_ mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch_
controller_ strsource_ ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch_
controller_ strtraffic_ policy - Switch controller traffic policy for the VLAN.
- system_
id str - Define a system ID for the aggregate interface.
- system_
id_ strtype - Method in which system ID is generated. Valid values:
auto
,user
. - taggings
Sequence[Interface
Tagging Args] - Config object tagging. The structure of
tagging
block is documented below. - tcp_
mss int - TCP maximum segment size. 0 means do not change segment size.
- trunk str
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust_
ip1 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip2 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip3 str - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust_
ip61 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust_
ip62 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust_
ip63 str - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type str
- Interface type.
- username str
- Username of the PPPoE account, provided by your ISP.
- vdom str
- Interface is in this virtual domain (VDOM).
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex int
- Switch control interface VLAN ID.
- vlan_
protocol str - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward str
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid int
- VLAN ID (1 - 4094).
- vrf int
- Virtual Routing Forwarding ID.
- vrrp_
virtual_ strmac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps
Sequence[Interface
Vrrp Args] - VRRP configuration. The structure of
vrrp
block is documented below. - wccp str
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight int
- Default weight for static routes (if route has no weight configured).
- wins_
ip str - WINS server IP.
- ac
Name String - PPPoE server name.
- aggregate String
- Aggregate interface.
- aggregate
Type String - Type of aggregation. Valid values:
physical
,vxlan
. - algorithm String
- Frame distribution algorithm.
- alias String
- Alias will be displayed with the interface name to make it easier to distinguish.
- allowaccess String
- Permitted types of management access to this interface.
- ap
Discover String - Enable/disable automatic registration of unknown FortiAP devices. Valid values:
enable
,disable
. - arpforward String
- Enable/disable ARP forwarding. Valid values:
enable
,disable
. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- auth
Type String - PPP authentication type to use. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - auto
Auth StringExtension Device - Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Valid values:
enable
,disable
. - autogenerated String
- Indicates whether the interface is automatically created by FortiGate, for example, created during the VPN creation process. If it is, set it to "auto", else keep it empty.
- bandwidth
Measure NumberTime - Bandwidth measure time
- bfd String
- Bidirectional Forwarding Detection (BFD) settings. Valid values:
global
,enable
,disable
. - bfd
Desired NumberMin Tx - BFD desired minimal transmit interval.
- bfd
Detect NumberMult - BFD detection multiplier.
- bfd
Required NumberMin Rx - BFD required minimal receive interval.
- broadcast
Forticlient StringDiscovery - Enable/disable broadcasting FortiClient discovery messages. Valid values:
enable
,disable
. - broadcast
Forward String - Enable/disable broadcast forwarding. Valid values:
enable
,disable
. - captive
Portal Number - Enable/disable captive portal.
- cli
Conn NumberStatus - CLI connection status.
- client
Options List<Property Map> - DHCP client options. The structure of
client_options
block is documented below. - color Number
- Color of icon on the GUI.
- dedicated
To String - Configure interface for single purpose. Valid values:
none
,management
. - default
Purdue StringLevel - default purdue level of device detected on this interface. Valid values:
1
,1.5
,2
,2.5
,3
,3.5
,4
,5
,5.5
. - defaultgw String
- Enable to get the gateway IP from the DHCP or PPPoE server. Valid values:
enable
,disable
. - description String
- Description.
- detected
Peer NumberMtu - MTU of detected peer (0 - 4294967295).
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- device
Access StringList - Device access list.
- device
Identification String - Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Identification StringActive Scan - Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Valid values:
enable
,disable
. - device
Netscan String - Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Valid values:
disable
,enable
. - device
User StringIdentification - Enable/disable passive gathering of user identity information about users on this interface. Valid values:
enable
,disable
. - devindex Number
- Device Index.
- dhcp
Broadcast StringFlag - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values:
disable
,enable
. - dhcp
Classless StringRoute Addition - Enable/disable addition of classless static routes retrieved from DHCP server. Valid values:
enable
,disable
. - dhcp
Client StringIdentifier - DHCP client identifier.
- dhcp
Relay StringAgent Option - Enable/disable DHCP relay agent option. Valid values:
enable
,disable
. - dhcp
Relay StringAllow No End Option - Enable/disable relaying DHCP messages with no end option. Valid values:
disable
,enable
. - dhcp
Relay StringCircuit Id - DHCP relay circuit ID.
- dhcp
Relay StringInterface - Specify outgoing interface to reach server.
- dhcp
Relay StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Relay StringIp - DHCP relay IP address.
- dhcp
Relay StringLink Selection - DHCP relay link selection.
- dhcp
Relay StringRequest All Server - Enable/disable sending DHCP request to all servers. Valid values:
disable
,enable
. - dhcp
Relay StringService - Enable/disable allowing this interface to act as a DHCP relay. Valid values:
disable
,enable
. - dhcp
Relay StringSource Ip - IP address used by the DHCP relay as its source IP.
- dhcp
Relay StringType - DHCP relay type (regular or IPsec). Valid values:
regular
,ipsec
. - dhcp
Renew NumberTime - DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
- dhcp
Smart StringRelay - Enable/disable DHCP smart relay. Valid values:
disable
,enable
. - dhcp
Snooping List<Property Map>Server Lists - Configure DHCP server access list. The structure of
dhcp_snooping_server_list
block is documented below. - disc
Retry NumberTimeout - Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
- disconnect
Threshold Number - Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
- distance Number
- Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
- dns
Server StringOverride - Enable/disable use DNS acquired by DHCP or PPPoE. Valid values:
enable
,disable
. - dns
Server StringProtocol - DNS transport protocols. Valid values:
cleartext
,dot
,doh
. - drop
Fragment String - Enable/disable drop fragment packets. Valid values:
enable
,disable
. - drop
Overlapped StringFragment - Enable/disable drop overlapped fragment packets. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- eap
Ca StringCert - EAP CA certificate name.
- eap
Identity String - EAP identity.
- eap
Method String - EAP method. Valid values:
tls
,peap
. - eap
Password String - EAP password.
- eap
Supplicant String - Enable/disable EAP-Supplicant. Valid values:
enable
,disable
. - eap
User StringCert - EAP user certificate name.
- egress
Shaping StringProfile - Outgoing traffic shaping profile.
- endpoint
Compliance String - Enable/disable endpoint compliance enforcement. Valid values:
enable
,disable
. - estimated
Downstream NumberBandwidth - Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
- estimated
Upstream NumberBandwidth - Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
- explicit
Ftp StringProxy - Enable/disable the explicit FTP proxy on this interface. Valid values:
enable
,disable
. - explicit
Web StringProxy - Enable/disable the explicit web proxy on this interface. Valid values:
enable
,disable
. - external String
- Enable/disable identifying the interface as an external interface (which usually means it's connected to the Internet). Valid values:
enable
,disable
. - fail
Action StringOn Extender - Action on extender when interface fail . Valid values:
soft-restart
,hard-restart
,reboot
. - fail
Alert List<Property Map>Interfaces - Names of the FortiGate interfaces from which the link failure alert is sent for this interface. The structure of
fail_alert_interfaces
block is documented below. - fail
Alert StringMethod - Select link-failed-signal or link-down method to alert about a failed link. Valid values:
link-failed-signal
,link-down
. - fail
Detect String - Enable/disable fail detection features for this interface. Valid values:
enable
,disable
. - fail
Detect StringOption - Options for detecting that this interface has failed. Valid values:
detectserver
,link-down
. - fortiheartbeat String
- Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Valid values:
enable
,disable
. - fortilink String
- Enable FortiLink to dedicate this interface to manage other Fortinet devices. Valid values:
enable
,disable
. - fortilink
Backup NumberLink - fortilink split interface backup link.
- fortilink
Neighbor StringDetect - Protocol for FortiGate neighbor discovery. Valid values:
lldp
,fortilink
. - fortilink
Split StringInterface - Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Valid values:
enable
,disable
. - fortilink
Stacking String - Enable/disable FortiLink switch-stacking on this interface. Valid values:
enable
,disable
. - forward
Domain Number - Transparent mode forward domain.
- forward
Error StringCorrection - Configure forward error correction (FEC). Valid values:
none
,disable
,cl91-rs-fec
,cl74-fc-fec
. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Number - HA election priority for the PING server.
- icmp
Accept StringRedirect - Enable/disable ICMP accept redirect. Valid values:
enable
,disable
. - icmp
Send StringRedirect - Enable/disable ICMP send redirect. Valid values:
enable
,disable
. - ident
Accept String - Enable/disable authentication for this interface. Valid values:
enable
,disable
. - idle
Timeout Number - PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
- ike
Saml StringServer - Configure IKE authentication SAML server.
- inbandwidth Number
- Bandwidth limit for incoming traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.4.2, 7.0.0-7.0.5, 7.2.0: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- ingress
Shaping StringProfile - Incoming traffic shaping profile.
- ingress
Spillover NumberThreshold - Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- interface String
- Interface name.
- internal Number
- Implicitly created.
- ip String
- Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
- ip
Managed StringBy Fortiipam - Enable/disable automatic IP address assignment of this interface by FortiIPAM.
- ipmac String
- Enable/disable IP/MAC binding. Valid values:
enable
,disable
. - ips
Sniffer StringMode - Enable/disable the use of this interface as a one-armed sniffer. Valid values:
enable
,disable
. - ipunnumbered String
- Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
- ipv6 Property Map
- IPv6 of interface. The structure of
ipv6
block is documented below. - l2forward String
- Enable/disable l2 forwarding. Valid values:
enable
,disable
. - lacp
Ha StringSecondary - LACP HA secondary member. Valid values:
enable
,disable
. - lacp
Ha StringSlave - LACP HA slave. Valid values:
enable
,disable
. - lacp
Mode String - LACP mode. Valid values:
static
,passive
,active
. - lacp
Speed String - How often the interface sends LACP messages. Valid values:
slow
,fast
. - lcp
Echo NumberInterval - Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
- lcp
Max NumberEcho Fails - Maximum missed LCP echo messages before disconnect.
- link
Up NumberDelay - Number of milliseconds to wait before considering a link is up.
- lldp
Network StringPolicy - LLDP-MED network policy profile.
- lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values:
enable
,disable
,vdom
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values:
enable
,disable
,vdom
. - macaddr String
- Change the interface's MAC address.
- managed
Devices List<Property Map> - Available when FortiLink is enabled, used for managed devices through FortiLink interface. The structure of
managed_device
block is documented below. - managed
Subnetwork StringSize - Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit's DHCP server settings.
- management
Ip String - High Availability in-band management IP address of this interface.
- measured
Downstream NumberBandwidth - Measured downstream bandwidth (kbps).
- measured
Upstream NumberBandwidth - Measured upstream bandwidth (kbps).
- mediatype String
- Select SFP media interface type Valid values:
none
,gmii
,sgmii
,sr
,lr
,cr
,sr4
,lr4
,cr4
. - members List<Property Map>
- Physical interfaces that belong to the aggregate or redundant interface. The structure of
member
block is documented below. - min
Links Number - Minimum number of aggregated ports that must be up.
- min
Links StringDown - Action to take when less than the configured minimum number of links are active. Valid values:
operational
,administrative
. - mode String
- Addressing mode (static, DHCP, PPPoE). Valid values:
static
,dhcp
,pppoe
. - monitor
Bandwidth String - Enable monitoring bandwidth on this interface. Valid values:
enable
,disable
. - mtu Number
- MTU value for this interface.
- mtu
Override String - Enable to set a custom MTU for this interface. Valid values:
enable
,disable
. - name String
- Name.
- ndiscforward String
- Enable/disable NDISC forwarding. Valid values:
enable
,disable
. - netbios
Forward String - Enable/disable NETBIOS forwarding. Valid values:
disable
,enable
. - netflow
Sampler String - Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Valid values:
disable
,tx
,rx
,both
. - outbandwidth Number
- Bandwidth limit for outgoing traffic, 0 means unlimited. On FortiOS versions 6.2.0-6.2.6: 0 - 16776000 kbps. On FortiOS versions 6.4.10-6.4.15, 7.0.6-7.0.15, >= 7.2.1: 0 - 80000000 kbps.
- padt
Retry NumberTimeout - PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
- password String
- PPPoE account's password.
- ping
Serv NumberStatus - PING server status.
- polling
Interval Number - sFlow polling interval in seconds (1 - 255).
- pppoe
Unnumbered StringNegotiate - Enable/disable PPPoE unnumbered negotiation. Valid values:
enable
,disable
. - pptp
Auth StringType - PPTP authentication type. Valid values:
auto
,pap
,chap
,mschapv1
,mschapv2
. - pptp
Client String - Enable/disable PPTP client. Valid values:
enable
,disable
. - pptp
Password String - PPTP password.
- pptp
Server StringIp - PPTP server IP address.
- pptp
Timeout Number - Idle timer in minutes (0 for disabled).
- pptp
User String - PPTP user name.
- preserve
Session StringRoute - Enable/disable preservation of session route when dirty. Valid values:
enable
,disable
. - priority Number
- Priority of learned routes.
- priority
Override String - Enable/disable fail back to higher priority port once recovered. Valid values:
enable
,disable
. - proxy
Captive StringPortal - Enable/disable proxy captive portal on this interface. Valid values:
enable
,disable
. - reachable
Time Number - IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).
- redundant
Interface String - Redundant interface.
- remote
Ip String - Remote IP address of tunnel.
- replacemsg
Override StringGroup - Replacement message override group.
- ring
Rx Number - RX ring size.
- ring
Tx Number - TX ring size.
- role String
- Interface role. Valid values:
lan
,wan
,dmz
,undefined
. - sample
Direction String - Data that NetFlow collects (rx, tx, or both). Valid values:
tx
,rx
,both
. - sample
Rate Number - sFlow sample rate (10 - 99999).
- scan
Botnet StringConnections - Enable monitoring or blocking connections to Botnet servers through this interface. Valid values:
disable
,block
,monitor
. - secondary
Ip String - Enable/disable adding a secondary IP to this interface. Valid values:
enable
,disable
. - secondaryips List<Property Map>
- Second IP address of interface. The structure of
secondaryip
block is documented below. - security
Exempt StringList - Name of security-exempt-list.
- security
External StringLogout - URL of external authentication logout server.
- security
External StringWeb - URL of external authentication web server.
- security
Groups List<Property Map> - User groups that can authenticate with the captive portal. The structure of
security_groups
block is documented below. - security
Mac StringAuth Bypass - Enable/disable MAC authentication bypass. Valid values:
mac-auth-only
,enable
,disable
. - security
Mode String - Turn on captive portal authentication for this interface. Valid values:
none
,captive-portal
,802.1X
. - security
Redirect StringUrl - URL redirection after disclaimer/authentication.
- service
Name String - PPPoE service name.
- sflow
Sampler String - Enable/disable sFlow on this interface. Valid values:
enable
,disable
. - snmp
Index Number - Permanent SNMP Index of the interface.
- speed String
- Interface speed. The default setting and the options available depend on the interface hardware.
- spillover
Threshold Number - Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
- src
Check String - Enable/disable source IP check. Valid values:
enable
,disable
. - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - stp String
- Enable/disable STP. Valid values:
disable
,enable
. - stp
Ha StringSecondary - Control STP behaviour on HA secondary. Valid values:
disable
,enable
,priority-adjust
. - stpforward String
- Enable/disable STP forwarding. Valid values:
enable
,disable
. - stpforward
Mode String - Configure STP forwarding mode. Valid values:
rpl-all-ext-id
,rpl-bridge-ext-id
,rpl-nothing
. - subst String
- Enable to always send packets from this interface to a destination MAC address. Valid values:
enable
,disable
. - substitute
Dst StringMac - Destination MAC address that all packets are sent to from this interface.
- swc
First NumberCreate - Initial create for switch-controller VLANs.
- swc
Vlan Number - Creation status for switch-controller VLANs.
- switch String
- Contained in switch.
- switch
Controller StringAccess Vlan - Block FortiSwitch port-to-port traffic. Valid values:
enable
,disable
. - switch
Controller StringArp Inspection - Enable/disable FortiSwitch ARP inspection.
- switch
Controller StringDhcp Snooping - Switch controller DHCP snooping. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Option82 - Switch controller DHCP snooping option82. Valid values:
enable
,disable
. - switch
Controller StringDhcp Snooping Verify Mac - Switch controller DHCP snooping verify MAC. Valid values:
enable
,disable
. - switch
Controller StringDynamic - Integrated FortiLink settings for managed FortiSwitch.
- switch
Controller StringFeature - Interface's purpose when assigning traffic (read only).
- switch
Controller StringIgmp Snooping - Switch controller IGMP snooping. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Fast Leave - Switch controller IGMP snooping fast-leave. Valid values:
enable
,disable
. - switch
Controller StringIgmp Snooping Proxy - Switch controller IGMP snooping proxy. Valid values:
enable
,disable
. - switch
Controller StringIot Scanning - Enable/disable managed FortiSwitch IoT scanning. Valid values:
enable
,disable
. - switch
Controller NumberLearning Limit - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
- switch
Controller NumberMgmt Vlan - VLAN to use for FortiLink management purposes.
- switch
Controller StringNac - Integrated NAC settings for managed FortiSwitch.
- switch
Controller StringNetflow Collect - NetFlow collection and processing. Valid values:
disable
,enable
. - switch
Controller StringOffload - Enable/disable managed FortiSwitch routing offload. Valid values:
enable
,disable
. - switch
Controller StringOffload Gw - Enable/disable managed FortiSwitch routing offload gateway. Valid values:
enable
,disable
. - switch
Controller StringOffload Ip - IP for routing offload on FortiSwitch.
- switch
Controller StringRspan Mode - Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Valid values:
disable
,enable
. - switch
Controller StringSource Ip - Source IP address used in FortiLink over L3 connections. Valid values:
outbound
,fixed
. - switch
Controller StringTraffic Policy - Switch controller traffic policy for the VLAN.
- system
Id String - Define a system ID for the aggregate interface.
- system
Id StringType - Method in which system ID is generated. Valid values:
auto
,user
. - taggings List<Property Map>
- Config object tagging. The structure of
tagging
block is documented below. - tcp
Mss Number - TCP maximum segment size. 0 means do not change segment size.
- trunk String
- Enable/disable VLAN trunk. Valid values:
enable
,disable
. - trust
Ip1 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip2 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip3 String - Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
- trust
Ip61 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip62 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- trust
Ip63 String - Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
- type String
- Interface type.
- username String
- Username of the PPPoE account, provided by your ISP.
- vdom String
- Interface is in this virtual domain (VDOM).
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vindex Number
- Switch control interface VLAN ID.
- vlan
Protocol String - Ethernet protocol of VLAN. Valid values:
8021q
,8021ad
. - vlanforward String
- Enable/disable traffic forwarding between VLANs on this interface. Valid values:
enable
,disable
. - vlanid Number
- VLAN ID (1 - 4094).
- vrf Number
- Virtual Routing Forwarding ID.
- vrrp
Virtual StringMac - Enable/disable use of virtual MAC for VRRP. Valid values:
enable
,disable
. - vrrps List<Property Map>
- VRRP configuration. The structure of
vrrp
block is documented below. - wccp String
- Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Valid values:
enable
,disable
. - weight Number
- Default weight for static routes (if route has no weight configured).
- wins
Ip String - WINS server IP.
Supporting Types
InterfaceClientOption, InterfaceClientOptionArgs
InterfaceDhcpSnoopingServerList, InterfaceDhcpSnoopingServerListArgs
InterfaceFailAlertInterface, InterfaceFailAlertInterfaceArgs
- Name string
- Names of the physical interfaces belonging to the aggregate or redundant interface.
- Name string
- Names of the physical interfaces belonging to the aggregate or redundant interface.
- name String
- Names of the physical interfaces belonging to the aggregate or redundant interface.
- name string
- Names of the physical interfaces belonging to the aggregate or redundant interface.
- name str
- Names of the physical interfaces belonging to the aggregate or redundant interface.
- name String
- Names of the physical interfaces belonging to the aggregate or redundant interface.
InterfaceIpv6, InterfaceIpv6Args
- Autoconf string
- Cli
Conn6Status int - Dhcp6Client
Options string - Dhcp6Iapd
Lists List<Pulumiverse.Fortios. System. Inputs. Interface Ipv6Dhcp6Iapd List> - Dhcp6Information
Request string - Dhcp6Prefix
Delegation string - Dhcp6Prefix
Hint string - Dhcp6Prefix
Hint intPlt - Dhcp6Prefix
Hint intVlt - Dhcp6Relay
Interface stringId - Dhcp6Relay
Ip string - Dhcp6Relay
Service string - Dhcp6Relay
Source stringInterface - Dhcp6Relay
Source stringIp - Dhcp6Relay
Type string - Icmp6Send
Redirect string - Interface
Identifier string - Ip6Address string
- Ip6Allowaccess string
- Ip6Default
Life int - Ip6Delegated
Prefix intIaid - Ip6Delegated
Prefix List<Pulumiverse.Lists Fortios. System. Inputs. Interface Ipv6Ip6Delegated Prefix List> - Ip6Dns
Server stringOverride - Ip6Extra
Addrs List<Pulumiverse.Fortios. System. Inputs. Interface Ipv6Ip6Extra Addr> - Ip6Hop
Limit int - Ip6Link
Mtu int - Ip6Manage
Flag string - Ip6Max
Interval int - Ip6Min
Interval int - Ip6Mode string
- Ip6Other
Flag string - Ip6Prefix
Lists List<Pulumiverse.Fortios. System. Inputs. Interface Ipv6Ip6Prefix List> - Ip6Prefix
Mode string - Ip6Reachable
Time int - Ip6Retrans
Time int - Ip6Send
Adv string - Ip6Subnet string
- Ip6Upstream
Interface string - Nd
Cert string - Nd
Cga stringModifier - Nd
Mode string - Nd
Security intLevel - Nd
Timestamp intDelta - Nd
Timestamp intFuzz - Ra
Send stringMtu - Unique
Autoconf stringAddr - Vrip6Link
Local string - Vrrp6s
List<Pulumiverse.
Fortios. System. Inputs. Interface Ipv6Vrrp6> - Vrrp
Virtual stringMac6
- Autoconf string
- Cli
Conn6Status int - Dhcp6Client
Options string - Dhcp6Iapd
Lists []InterfaceIpv6Dhcp6Iapd List - Dhcp6Information
Request string - Dhcp6Prefix
Delegation string - Dhcp6Prefix
Hint string - Dhcp6Prefix
Hint intPlt - Dhcp6Prefix
Hint intVlt - Dhcp6Relay
Interface stringId - Dhcp6Relay
Ip string - Dhcp6Relay
Service string - Dhcp6Relay
Source stringInterface - Dhcp6Relay
Source stringIp - Dhcp6Relay
Type string - Icmp6Send
Redirect string - Interface
Identifier string - Ip6Address string
- Ip6Allowaccess string
- Ip6Default
Life int - Ip6Delegated
Prefix intIaid - Ip6Delegated
Prefix []InterfaceLists Ipv6Ip6Delegated Prefix List - Ip6Dns
Server stringOverride - Ip6Extra
Addrs []InterfaceIpv6Ip6Extra Addr - Ip6Hop
Limit int - Ip6Link
Mtu int - Ip6Manage
Flag string - Ip6Max
Interval int - Ip6Min
Interval int - Ip6Mode string
- Ip6Other
Flag string - Ip6Prefix
Lists []InterfaceIpv6Ip6Prefix List - Ip6Prefix
Mode string - Ip6Reachable
Time int - Ip6Retrans
Time int - Ip6Send
Adv string - Ip6Subnet string
- Ip6Upstream
Interface string - Nd
Cert string - Nd
Cga stringModifier - Nd
Mode string - Nd
Security intLevel - Nd
Timestamp intDelta - Nd
Timestamp intFuzz - Ra
Send stringMtu - Unique
Autoconf stringAddr - Vrip6Link
Local string - Vrrp6s
[]Interface
Ipv6Vrrp6 - Vrrp
Virtual stringMac6
- autoconf String
- cli
Conn6Status Integer - dhcp6Client
Options String - dhcp6Iapd
Lists List<InterfaceIpv6Dhcp6Iapd List> - dhcp6Information
Request String - dhcp6Prefix
Delegation String - dhcp6Prefix
Hint String - dhcp6Prefix
Hint IntegerPlt - dhcp6Prefix
Hint IntegerVlt - dhcp6Relay
Interface StringId - dhcp6Relay
Ip String - dhcp6Relay
Service String - dhcp6Relay
Source StringInterface - dhcp6Relay
Source StringIp - dhcp6Relay
Type String - icmp6Send
Redirect String - interface
Identifier String - ip6Address String
- ip6Allowaccess String
- ip6Default
Life Integer - ip6Delegated
Prefix IntegerIaid - ip6Delegated
Prefix List<InterfaceLists Ipv6Ip6Delegated Prefix List> - ip6Dns
Server StringOverride - ip6Extra
Addrs List<InterfaceIpv6Ip6Extra Addr> - ip6Hop
Limit Integer - ip6Link
Mtu Integer - ip6Manage
Flag String - ip6Max
Interval Integer - ip6Min
Interval Integer - ip6Mode String
- ip6Other
Flag String - ip6Prefix
Lists List<InterfaceIpv6Ip6Prefix List> - ip6Prefix
Mode String - ip6Reachable
Time Integer - ip6Retrans
Time Integer - ip6Send
Adv String - ip6Subnet String
- ip6Upstream
Interface String - nd
Cert String - nd
Cga StringModifier - nd
Mode String - nd
Security IntegerLevel - nd
Timestamp IntegerDelta - nd
Timestamp IntegerFuzz - ra
Send StringMtu - unique
Autoconf StringAddr - vrip6Link
Local String - vrrp6s
List<Interface
Ipv6Vrrp6> - vrrp
Virtual StringMac6
- autoconf string
- cli
Conn6Status number - dhcp6Client
Options string - dhcp6Iapd
Lists InterfaceIpv6Dhcp6Iapd List[] - dhcp6Information
Request string - dhcp6Prefix
Delegation string - dhcp6Prefix
Hint string - dhcp6Prefix
Hint numberPlt - dhcp6Prefix
Hint numberVlt - dhcp6Relay
Interface stringId - dhcp6Relay
Ip string - dhcp6Relay
Service string - dhcp6Relay
Source stringInterface - dhcp6Relay
Source stringIp - dhcp6Relay
Type string - icmp6Send
Redirect string - interface
Identifier string - ip6Address string
- ip6Allowaccess string
- ip6Default
Life number - ip6Delegated
Prefix numberIaid - ip6Delegated
Prefix InterfaceLists Ipv6Ip6Delegated Prefix List[] - ip6Dns
Server stringOverride - ip6Extra
Addrs InterfaceIpv6Ip6Extra Addr[] - ip6Hop
Limit number - ip6Link
Mtu number - ip6Manage
Flag string - ip6Max
Interval number - ip6Min
Interval number - ip6Mode string
- ip6Other
Flag string - ip6Prefix
Lists InterfaceIpv6Ip6Prefix List[] - ip6Prefix
Mode string - ip6Reachable
Time number - ip6Retrans
Time number - ip6Send
Adv string - ip6Subnet string
- ip6Upstream
Interface string - nd
Cert string - nd
Cga stringModifier - nd
Mode string - nd
Security numberLevel - nd
Timestamp numberDelta - nd
Timestamp numberFuzz - ra
Send stringMtu - unique
Autoconf stringAddr - vrip6Link
Local string - vrrp6s
Interface
Ipv6Vrrp6[] - vrrp
Virtual stringMac6
- autoconf str
- cli_
conn6_ intstatus - dhcp6_
client_ stroptions - dhcp6_
iapd_ Sequence[Interfacelists Ipv6Dhcp6Iapd List] - dhcp6_
information_ strrequest - dhcp6_
prefix_ strdelegation - dhcp6_
prefix_ strhint - dhcp6_
prefix_ inthint_ plt - dhcp6_
prefix_ inthint_ vlt - dhcp6_
relay_ strinterface_ id - dhcp6_
relay_ strip - dhcp6_
relay_ strservice - dhcp6_
relay_ strsource_ interface - dhcp6_
relay_ strsource_ ip - dhcp6_
relay_ strtype - icmp6_
send_ strredirect - interface_
identifier str - ip6_
address str - ip6_
allowaccess str - ip6_
default_ intlife - ip6_
delegated_ intprefix_ iaid - ip6_
delegated_ Sequence[Interfaceprefix_ lists Ipv6Ip6Delegated Prefix List] - ip6_
dns_ strserver_ override - ip6_
extra_ Sequence[Interfaceaddrs Ipv6Ip6Extra Addr] - ip6_
hop_ intlimit - ip6_
link_ intmtu - ip6_
manage_ strflag - ip6_
max_ intinterval - ip6_
min_ intinterval - ip6_
mode str - ip6_
other_ strflag - ip6_
prefix_ Sequence[Interfacelists Ipv6Ip6Prefix List] - ip6_
prefix_ strmode - ip6_
reachable_ inttime - ip6_
retrans_ inttime - ip6_
send_ stradv - ip6_
subnet str - ip6_
upstream_ strinterface - nd_
cert str - nd_
cga_ strmodifier - nd_
mode str - nd_
security_ intlevel - nd_
timestamp_ intdelta - nd_
timestamp_ intfuzz - ra_
send_ strmtu - unique_
autoconf_ straddr - vrip6_
link_ strlocal - vrrp6s
Sequence[Interface
Ipv6Vrrp6] - vrrp_
virtual_ strmac6
- autoconf String
- cli
Conn6Status Number - dhcp6Client
Options String - dhcp6Iapd
Lists List<Property Map> - dhcp6Information
Request String - dhcp6Prefix
Delegation String - dhcp6Prefix
Hint String - dhcp6Prefix
Hint NumberPlt - dhcp6Prefix
Hint NumberVlt - dhcp6Relay
Interface StringId - dhcp6Relay
Ip String - dhcp6Relay
Service String - dhcp6Relay
Source StringInterface - dhcp6Relay
Source StringIp - dhcp6Relay
Type String - icmp6Send
Redirect String - interface
Identifier String - ip6Address String
- ip6Allowaccess String
- ip6Default
Life Number - ip6Delegated
Prefix NumberIaid - ip6Delegated
Prefix List<Property Map>Lists - ip6Dns
Server StringOverride - ip6Extra
Addrs List<Property Map> - ip6Hop
Limit Number - ip6Link
Mtu Number - ip6Manage
Flag String - ip6Max
Interval Number - ip6Min
Interval Number - ip6Mode String
- ip6Other
Flag String - ip6Prefix
Lists List<Property Map> - ip6Prefix
Mode String - ip6Reachable
Time Number - ip6Retrans
Time Number - ip6Send
Adv String - ip6Subnet String
- ip6Upstream
Interface String - nd
Cert String - nd
Cga StringModifier - nd
Mode String - nd
Security NumberLevel - nd
Timestamp NumberDelta - nd
Timestamp NumberFuzz - ra
Send StringMtu - unique
Autoconf StringAddr - vrip6Link
Local String - vrrp6s List<Property Map>
- vrrp
Virtual StringMac6
InterfaceIpv6Dhcp6IapdList, InterfaceIpv6Dhcp6IapdListArgs
- Iaid int
- Prefix
Hint string - Prefix
Hint intPlt - Prefix
Hint intVlt
- Iaid int
- Prefix
Hint string - Prefix
Hint intPlt - Prefix
Hint intVlt
- iaid Integer
- prefix
Hint String - prefix
Hint IntegerPlt - prefix
Hint IntegerVlt
- iaid number
- prefix
Hint string - prefix
Hint numberPlt - prefix
Hint numberVlt
- iaid int
- prefix_
hint str - prefix_
hint_ intplt - prefix_
hint_ intvlt
- iaid Number
- prefix
Hint String - prefix
Hint NumberPlt - prefix
Hint NumberVlt
InterfaceIpv6Ip6DelegatedPrefixList, InterfaceIpv6Ip6DelegatedPrefixListArgs
- Autonomous
Flag string - Delegated
Prefix intIaid - Onlink
Flag string - Prefix
Id int - Rdnss string
- Rdnss
Service string - Subnet string
- Upstream
Interface string
- Autonomous
Flag string - Delegated
Prefix intIaid - Onlink
Flag string - Prefix
Id int - Rdnss string
- Rdnss
Service string - Subnet string
- Upstream
Interface string
- autonomous
Flag String - delegated
Prefix IntegerIaid - onlink
Flag String - prefix
Id Integer - rdnss String
- rdnss
Service String - subnet String
- upstream
Interface String
- autonomous
Flag string - delegated
Prefix numberIaid - onlink
Flag string - prefix
Id number - rdnss string
- rdnss
Service string - subnet string
- upstream
Interface string
- autonomous_
flag str - delegated_
prefix_ intiaid - onlink_
flag str - prefix_
id int - rdnss str
- rdnss_
service str - subnet str
- upstream_
interface str
- autonomous
Flag String - delegated
Prefix NumberIaid - onlink
Flag String - prefix
Id Number - rdnss String
- rdnss
Service String - subnet String
- upstream
Interface String
InterfaceIpv6Ip6ExtraAddr, InterfaceIpv6Ip6ExtraAddrArgs
- Prefix string
- Prefix string
- prefix String
- prefix string
- prefix str
- prefix String
InterfaceIpv6Ip6PrefixList, InterfaceIpv6Ip6PrefixListArgs
- Autonomous
Flag string - Dnssls
List<Pulumiverse.
Fortios. System. Inputs. Interface Ipv6Ip6Prefix List Dnssl> - Onlink
Flag string - Preferred
Life intTime - Prefix string
- Rdnss string
- Valid
Life intTime
- Autonomous
Flag string - Dnssls
[]Interface
Ipv6Ip6Prefix List Dnssl - Onlink
Flag string - Preferred
Life intTime - Prefix string
- Rdnss string
- Valid
Life intTime
- autonomous
Flag String - dnssls
List<Interface
Ipv6Ip6Prefix List Dnssl> - onlink
Flag String - preferred
Life IntegerTime - prefix String
- rdnss String
- valid
Life IntegerTime
- autonomous
Flag string - dnssls
Interface
Ipv6Ip6Prefix List Dnssl[] - onlink
Flag string - preferred
Life numberTime - prefix string
- rdnss string
- valid
Life numberTime
- autonomous
Flag String - dnssls List<Property Map>
- onlink
Flag String - preferred
Life NumberTime - prefix String
- rdnss String
- valid
Life NumberTime
InterfaceIpv6Ip6PrefixListDnssl, InterfaceIpv6Ip6PrefixListDnsslArgs
- Domain string
Domain name.
The
ip6_delegated_prefix_list
block supports:
- Domain string
Domain name.
The
ip6_delegated_prefix_list
block supports:
- domain String
Domain name.
The
ip6_delegated_prefix_list
block supports:
- domain string
Domain name.
The
ip6_delegated_prefix_list
block supports:
- domain str
Domain name.
The
ip6_delegated_prefix_list
block supports:
- domain String
Domain name.
The
ip6_delegated_prefix_list
block supports:
InterfaceIpv6Vrrp6, InterfaceIpv6Vrrp6Args
- Accept
Mode string - Adv
Interval int - Ignore
Default stringRoute - Preempt string
- Priority int
- Priority of learned routes.
- Start
Time int - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Vrdst6 string
- Vrgrp int
- Vrid int
- Vrip6 string
- Accept
Mode string - Adv
Interval int - Ignore
Default stringRoute - Preempt string
- Priority int
- Priority of learned routes.
- Start
Time int - Status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - Vrdst6 string
- Vrgrp int
- Vrid int
- Vrip6 string
- accept
Mode String - adv
Interval Integer - ignore
Default StringRoute - preempt String
- priority Integer
- Priority of learned routes.
- start
Time Integer - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - vrdst6 String
- vrgrp Integer
- vrid Integer
- vrip6 String
- accept
Mode string - adv
Interval number - ignore
Default stringRoute - preempt string
- priority number
- Priority of learned routes.
- start
Time number - status string
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - vrdst6 string
- vrgrp number
- vrid number
- vrip6 string
- accept_
mode str - adv_
interval int - ignore_
default_ strroute - preempt str
- priority int
- Priority of learned routes.
- start_
time int - status str
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - vrdst6 str
- vrgrp int
- vrid int
- vrip6 str
- accept
Mode String - adv
Interval Number - ignore
Default StringRoute - preempt String
- priority Number
- Priority of learned routes.
- start
Time Number - status String
- Bring the interface up or shut the interface down. Valid values:
up
,down
. - vrdst6 String
- vrgrp Number
- vrid Number
- vrip6 String
InterfaceManagedDevice, InterfaceManagedDeviceArgs
- Name string
- Managed dev identifier.
- Name string
- Managed dev identifier.
- name String
- Managed dev identifier.
- name string
- Managed dev identifier.
- name str
- Managed dev identifier.
- name String
- Managed dev identifier.
InterfaceMember, InterfaceMemberArgs
- Interface
Name string - Physical interface name.
- Interface
Name string - Physical interface name.
- interface
Name String - Physical interface name.
- interface
Name string - Physical interface name.
- interface_
name str - Physical interface name.
- interface
Name String - Physical interface name.
InterfaceSecondaryip, InterfaceSecondaryipArgs
- Allowaccess string
- Management access settings for the secondary IP address.
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Id int
- ID.
- Ip string
- Secondary IP address of the interface.
- Ping
Serv intStatus - PING server status.
- Secip
Relay stringIp - DHCP relay IP address.
- Allowaccess string
- Management access settings for the secondary IP address.
- Detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - Detectserver string
- Gateway's ping server for this IP.
- Gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - Ha
Priority int - HA election priority for the PING server.
- Id int
- ID.
- Ip string
- Secondary IP address of the interface.
- Ping
Serv intStatus - PING server status.
- Secip
Relay stringIp - DHCP relay IP address.
- allowaccess String
- Management access settings for the secondary IP address.
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Integer - HA election priority for the PING server.
- id Integer
- ID.
- ip String
- Secondary IP address of the interface.
- ping
Serv IntegerStatus - PING server status.
- secip
Relay StringIp - DHCP relay IP address.
- allowaccess string
- Management access settings for the secondary IP address.
- detectprotocol string
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver string
- Gateway's ping server for this IP.
- gwdetect string
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority number - HA election priority for the PING server.
- id number
- ID.
- ip string
- Secondary IP address of the interface.
- ping
Serv numberStatus - PING server status.
- secip
Relay stringIp - DHCP relay IP address.
- allowaccess str
- Management access settings for the secondary IP address.
- detectprotocol str
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver str
- Gateway's ping server for this IP.
- gwdetect str
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha_
priority int - HA election priority for the PING server.
- id int
- ID.
- ip str
- Secondary IP address of the interface.
- ping_
serv_ intstatus - PING server status.
- secip_
relay_ strip - DHCP relay IP address.
- allowaccess String
- Management access settings for the secondary IP address.
- detectprotocol String
- Protocols used to detect the server. Valid values:
ping
,tcp-echo
,udp-echo
. - detectserver String
- Gateway's ping server for this IP.
- gwdetect String
- Enable/disable detect gateway alive for first. Valid values:
enable
,disable
. - ha
Priority Number - HA election priority for the PING server.
- id Number
- ID.
- ip String
- Secondary IP address of the interface.
- ping
Serv NumberStatus - PING server status.
- secip
Relay StringIp - DHCP relay IP address.
InterfaceSecurityGroup, InterfaceSecurityGroupArgs
- Name string
- Names of user groups that can authenticate with the captive portal.
- Name string
- Names of user groups that can authenticate with the captive portal.
- name String
- Names of user groups that can authenticate with the captive portal.
- name string
- Names of user groups that can authenticate with the captive portal.
- name str
- Names of user groups that can authenticate with the captive portal.
- name String
- Names of user groups that can authenticate with the captive portal.
InterfaceTagging, InterfaceTaggingArgs
- Category string
- Tag category.
- Name string
- Tagging entry name.
- List<Pulumiverse.
Fortios. System. Inputs. Interface Tagging Tag> - Tags. The structure of
tags
block is documented below.
- Category string
- Tag category.
- Name string
- Tagging entry name.
- []Interface
Tagging Tag - Tags. The structure of
tags
block is documented below.
- category String
- Tag category.
- name String
- Tagging entry name.
- List<Interface
Tagging Tag> - Tags. The structure of
tags
block is documented below.
- category string
- Tag category.
- name string
- Tagging entry name.
- Interface
Tagging Tag[] - Tags. The structure of
tags
block is documented below.
- category str
- Tag category.
- name str
- Tagging entry name.
- Sequence[Interface
Tagging Tag] - Tags. The structure of
tags
block is documented below.
- category String
- Tag category.
- name String
- Tagging entry name.
- List<Property Map>
- Tags. The structure of
tags
block is documented below.
InterfaceTaggingTag, InterfaceTaggingTagArgs
- Name string
Tag name.
The
ipv6
block supports:
- Name string
Tag name.
The
ipv6
block supports:
- name String
Tag name.
The
ipv6
block supports:
- name string
Tag name.
The
ipv6
block supports:
- name str
Tag name.
The
ipv6
block supports:
- name String
Tag name.
The
ipv6
block supports:
InterfaceVrrp, InterfaceVrrpArgs
- Accept
Mode string - Enable/disable accept mode. Valid values:
enable
,disable
. - Adv
Interval int - Advertisement interval (1 - 255 seconds).
- Ignore
Default stringRoute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - Preempt string
- Enable/disable preempt mode. Valid values:
enable
,disable
. - Priority int
- Priority of the virtual router (1 - 255).
- Proxy
Arps List<Pulumiverse.Fortios. System. Inputs. Interface Vrrp Proxy Arp> - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - Start
Time int - Startup time (1 - 255 seconds).
- Status string
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - Version string
- VRRP version. Valid values:
2
,3
. - Vrdst string
- Monitor the route to this destination.
- Vrdst
Priority int - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- Vrgrp int
- VRRP group ID (1 - 65535).
- Vrid int
- Virtual router identifier (1 - 255).
- Vrip string
- IP address of the virtual router.
- Accept
Mode string - Enable/disable accept mode. Valid values:
enable
,disable
. - Adv
Interval int - Advertisement interval (1 - 255 seconds).
- Ignore
Default stringRoute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - Preempt string
- Enable/disable preempt mode. Valid values:
enable
,disable
. - Priority int
- Priority of the virtual router (1 - 255).
- Proxy
Arps []InterfaceVrrp Proxy Arp - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - Start
Time int - Startup time (1 - 255 seconds).
- Status string
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - Version string
- VRRP version. Valid values:
2
,3
. - Vrdst string
- Monitor the route to this destination.
- Vrdst
Priority int - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- Vrgrp int
- VRRP group ID (1 - 65535).
- Vrid int
- Virtual router identifier (1 - 255).
- Vrip string
- IP address of the virtual router.
- accept
Mode String - Enable/disable accept mode. Valid values:
enable
,disable
. - adv
Interval Integer - Advertisement interval (1 - 255 seconds).
- ignore
Default StringRoute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - preempt String
- Enable/disable preempt mode. Valid values:
enable
,disable
. - priority Integer
- Priority of the virtual router (1 - 255).
- proxy
Arps List<InterfaceVrrp Proxy Arp> - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - start
Time Integer - Startup time (1 - 255 seconds).
- status String
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - version String
- VRRP version. Valid values:
2
,3
. - vrdst String
- Monitor the route to this destination.
- vrdst
Priority Integer - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- vrgrp Integer
- VRRP group ID (1 - 65535).
- vrid Integer
- Virtual router identifier (1 - 255).
- vrip String
- IP address of the virtual router.
- accept
Mode string - Enable/disable accept mode. Valid values:
enable
,disable
. - adv
Interval number - Advertisement interval (1 - 255 seconds).
- ignore
Default stringRoute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - preempt string
- Enable/disable preempt mode. Valid values:
enable
,disable
. - priority number
- Priority of the virtual router (1 - 255).
- proxy
Arps InterfaceVrrp Proxy Arp[] - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - start
Time number - Startup time (1 - 255 seconds).
- status string
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - version string
- VRRP version. Valid values:
2
,3
. - vrdst string
- Monitor the route to this destination.
- vrdst
Priority number - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- vrgrp number
- VRRP group ID (1 - 65535).
- vrid number
- Virtual router identifier (1 - 255).
- vrip string
- IP address of the virtual router.
- accept_
mode str - Enable/disable accept mode. Valid values:
enable
,disable
. - adv_
interval int - Advertisement interval (1 - 255 seconds).
- ignore_
default_ strroute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - preempt str
- Enable/disable preempt mode. Valid values:
enable
,disable
. - priority int
- Priority of the virtual router (1 - 255).
- proxy_
arps Sequence[InterfaceVrrp Proxy Arp] - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - start_
time int - Startup time (1 - 255 seconds).
- status str
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - version str
- VRRP version. Valid values:
2
,3
. - vrdst str
- Monitor the route to this destination.
- vrdst_
priority int - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- vrgrp int
- VRRP group ID (1 - 65535).
- vrid int
- Virtual router identifier (1 - 255).
- vrip str
- IP address of the virtual router.
- accept
Mode String - Enable/disable accept mode. Valid values:
enable
,disable
. - adv
Interval Number - Advertisement interval (1 - 255 seconds).
- ignore
Default StringRoute - Enable/disable ignoring of default route when checking destination. Valid values:
enable
,disable
. - preempt String
- Enable/disable preempt mode. Valid values:
enable
,disable
. - priority Number
- Priority of the virtual router (1 - 255).
- proxy
Arps List<Property Map> - VRRP Proxy ARP configuration. The structure of
proxy_arp
block is documented below. - start
Time Number - Startup time (1 - 255 seconds).
- status String
- Enable/disable this VRRP configuration. Valid values:
enable
,disable
. - version String
- VRRP version. Valid values:
2
,3
. - vrdst String
- Monitor the route to this destination.
- vrdst
Priority Number - Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
- vrgrp Number
- VRRP group ID (1 - 65535).
- vrid Number
- Virtual router identifier (1 - 255).
- vrip String
- IP address of the virtual router.
InterfaceVrrpProxyArp, InterfaceVrrpProxyArpArgs
Import
System Interface can be imported using any of these accepted formats:
$ pulumi import fortios:system/interface:Interface labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:system/interface:Interface labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.